Cloud application, platform, and infrastructure vendors (cloud service providers, or CSPs) do a great job of advertising online. They offer seemingly painless ways to sign up for their services through “freemiums” and two-week trials, advertisements that follow you from Google to LinkedIn, and what appear to be straight-forward sales processes.
The Cybersecurity Maturity Model Certification (CMMC) 2.0 is a compliance requirement that all Department of Defense (DoD) Contractors (aka, the Defense Industrial Base) will soon have to meet. See my blog Why is CMMC a Big Deal? for more information about the legal implications of CMMC. The CMMC official mandate is expected to be released from rulemaking in the first quarter of 2024 and be in full implementation in the first quarter of 2026.
What is the culture of cybersecurity, anyway? When most people hear the phrase “Cybersecurity is a Culture,” their minds jump immediately to cybersecurity awareness training videos that help employees avoid phishing scams. Certainly, that is an important part of driving security awareness in your organization, but the true culture of cybersecurity is so much more. To quote our CTO, Jerald Dawkins, Ph.D., “Cybersecurity is a team sport.
If your organization has complied with the PCI DSS (Payment Card Industry Data Security Standard) for any length of time, the most recent release (PCI 4.0) is probably not news to you. In fact, despite the new version PCI compliance may feel like business as usual for you. ASV scanning, penetration testing, and a comprehensive compilation of documentation are probably well under way – and you may even have scheduled your next audit with a QSA. Easy, right?
In our last installment of this series, we were introduced to some dangerous characters one might encounter on darknets. This week, we will finish out that list, looking into both organized groups and individuals. Wrapping my head around why people do what they do, and how they execute operations that end up costing corporations millions, is always fascinating.
You’re in your company’s go-to-market meeting. You’re excited about a new cloud application your team is developing. Your leaders are trying to understand the application’s market and ideal clients. Someone in the room suggests, “We should sell this to government agencies.
Penn State University is in hot water again for legal and compliance violations. This time, the activities in question are related to the university’s claim to be compliant under NIST SP 800-171, as required by Executive Order 13556 (2019). As a contractor and partner of the U.S. Government, Penn State is required to implement a minimum set of security controls around Controlled Unclassified Information (CUI) it collects, creates, or handles as part of its partnership with the government.
