LimaCharlie has successfully completed its Service Organization and Control (SOC 2) audit. The audit was conducted by the Johanson Group, a leading professional service firm that focuses on SOC 2 & 3 examinations for public and private companies. The Johanson Group counts Cisco, Symantec and Broadcom among their many clients. They have members on the team that are Certified Information System Auditors (CISA) and are Certified Information Systems Security Personnel (CISSP).

Within distributed applications, data moves across many loosely connected endpoints, microservices, and teams, making it difficult to know when services are storing—or inadvertently leaking—sensitive data. This is especially true for governance, risk management, and compliance (GRC) or other security teams working for enterprises in highly regulated industries, such as healthcare, banking, insurance, and financial services.

Every business has a set of rules and regulations that it must uphold. To maintain compliance, businesses must adhere to the regulations and laws specific to their industry. The problem is, these regulations are constantly changing, and failure to stay up-to-date can lead to serious financial strains and damage to company reputation. Let’s explore how effective compliance management can ensure the continuity and security of your organization.

If your company works with the US Department of Defense (DoD) as a contractor or subcontractor, you will need to prepare to meet CMMC requirements in order to successfully bid on and win contracts. This recent development has been a significant adjustment for small organisations who wish to work with or continue working with the DoD.

Last time, I discussed the four basic types of managed service providers (MSPs) with which organizations commonly partner. Those categories help to determine the types of services offered by MSPs. In general, MSPs provide five primary services to customers.

In this guide, we are covering the facts that you need to know in order to prepare your business to tick off the necessary boxes required to meet CMMC compliance.

The proliferation of cyberattacks targeting the financial sector has forced the establishment of several mandatory cybersecurity regulations. Though often considered an unnecessary burden on security teams, regulatory compliance is one of the most effective strategies for keeping financial services accountable for their security posture. Cybersecurity regulations must be malleable to remain relevant in a rapidly evolving threat landscape.

Managing security is not solely about products and technologies. As a security leader in your company, it is important to consider numerous other factors when you decide to set up a Security Operations Center. A few of the things include - an understanding of the business plan and requirement capability. It also includes the skill set of people who will be part of the Security Operations Center (SOC) for planning the individual and team responsibilities, budget, etc.

ISO/IEC 27001, commonly referred to as ISO 27001, is the most widely adopted international standard for managing data security and information security through an information security management system (ISMS). The standard was first published in 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO 27001:2013 is the latest revision to the standard.

In today’s complex regulatory environment, organizations need to maintain compliance with numerous regulations. Two important cybersecurity-related compliance standards in the United States are the Federal Risk and Authorization Management Program (FedRAMP) and the Federal Information Security Management Act (FISMA). Although these two regulations do have similarities, they have several notable differences as well. This post will explore where FedRAMP and FISMA do, and don’t, overlap.