In the world of security, there are many different frameworks that may be relevant or important to your plans. We’ve talked a lot about FedRAMP, the federal government’s security framework, but it’s only one of many options. Others, from HIPAA to FISMA to SOC2, can all have their role. One of the biggest and most direct equivalents to FedRAMP is ISO 27001. What is it, how does it compare to FedRAMP, and which one should you use? Let’s talk about it. Table of Contents 1.

While every business needs technology to grow and succeed, not all businesses have the skills and resources they need to protect their environments, their data and their customers from today’s security threats. Small businesses in particular are at risk as cybercriminals realize both the potential value of the data they have — and how vulnerable they can be to cyberattacks. According to the U.S.

Microsoft 365 has experienced several notable outages recently. In January 2023, a major outage lasted over five hours, affecting various services, including Exchange Online. This incident was attributed to a network configuration issue during a planned update (Practical 365). Another significant outage occurred in June 2023, impacting services like Outlook, Teams, and OneDrive for several hours due to a network issue (WinBuzzer).

In an age of increasingly complex cyber threats, New Zealand has implemented robust cybersecurity standards to secure the online environment for individuals, businesses, and government entities. New Zealand's cybersecurity approach is unique and effective, from the overarching strategies laid out by national cybersecurity policies to specific regulatory requirements that impact sectors like healthcare and finance.

The Australian Signals Directorate (ASD) is a government agency responsible for providing foreign signals intelligence and ensuring information security for Australia’s national interests. The ASD also significantly enhances the nation’s cybersecurity through strategic advice, standards, and protective measures.

A recent Gartner survey shared that, “61% of companies said their governance goals included optimizing data for business processes and productivity but only 42% of that group believed they were on track to achieve it.” Data governance is often viewed as a prohibitive, controlling, and time consuming process designed to slow down work. Traditional approaches to data governance can make it a complicated effort, detouring teams from implementing it, but it doesn’t have to be.

On February 19, 2024, ConnectWise published a security bulletin detailing two critical vulnerabilities within their on-premises ScreenConnect software, stating that the vulnerabilities have the potential to result in remote code execution (RCE). ScreenConnect is a widely utilized Remote Monitoring and Management (RMM) tool that has been leveraged by threat actors in the past, often in connection with ransomware attacks.

In the not-so-distant past, managing user identities and access controls was a relatively straightforward process. Organizations operated within the confines of their on-premises networks where users logged onto a single system to access the resources they needed. This well-defined perimeter enabled IT departments to maintain tight control over who accessed what and from where. However, the advent of cloud computing has disrupted this traditional paradigm.

Digital relationships with third-party vendors increase opportunities for growth, but they also increase opportunities for cyberattacks — a recent study found that 61% of U.S. companies said they have experienced a data breach caused by one of their vendors or third parties (up 12% since 2016). Implementing a vendor risk management strategy aligned with frameworks like the NIST security framework can help mitigate these risks.

This month we dive into CheckPoints CVE-2024-24919 to explain what this vulnerability does and why we have seen it being used in the wild already!