The Federal Risk and Authorization Management Program has been around for nearly 15 years. In that time, it changed and was updated periodically to keep up with the times. While changes are occasionally made to the underlying security frameworks like FedRAMP, CMMC and the NIST documentation that reviews each security control, there is also communication directly from the Department of Defense and other organizations to issue additional guidance.

In an era where data breaches and privacy concerns are increasingly shaping global discourse, India's proactive stance on data protection is noteworthy. Introducing the Digital Personal Data Protection (DPDP) Act 2023 marks a significant milestone in India's legislative landscape. This groundbreaking Act fortifies individual data privacy rights and aligns India with global cybersecurity and data protection standards, setting a new benchmark for regulatory compliance.

The US Government recently announced that state-sponsored Chinese cyber group Volt Typhoon has compromised multiple critical infrastructure organisations’ IT networks in the US and is preparing “disruptive or destructive cyber attacks” against communications, energy, transport, water and waste water systems.

‍ Over the past few decades, cyber attackers have increasingly wreaked havoc on the market, taking advantage of newer, more sophisticated ways to exploit system vulnerabilities. However, in fear of losing competitive advantages, organizations had notoriously downplayed the impact of these attacks, misleading investors and resulting in stock prices that did not accurately represent the risk landscape. ‍

With the rise of cyber threats and the increasing volume of sensitive data being transmitted over networks, organizations must prioritize the use of cryptographic algorithms that meet stringent standards for security and reliability. One such standard is FIPS (Federal Information Processing Standards) compliance, which ensures that cryptographic algorithms adhere to the rigorous criteria set forth by the U.S. government.

I thought it would be a good idea to revisit GDPR, just as a reminder to all of us to take stock and see how ready we are. For the uninitiated, the EU Commission, Parliament, and Commission negotiated and finalized the text of what is called the “General Data Protection Regulation” (GDPR) in December of 2015. This was officially approved as Law in April 2016 and goes into effect on May 25, 2018.

Over the past month, we’ve rolled out several new capabilities, including: ‍ ‍ ‍

Cyber threats against critical infrastructure – such as energy and transportation networks – remain pervasive as ever, with 2023 witnessing an astounding 420 million such attacks in total. That’s the bad news. The good news is that critical infrastructure is set to become more secure, at least in the European Union, thanks to the NIS 2 Directive (also known as E.U. Directive 2022/2055).

Incorporating remote work among companies has been one of the developments in recent years. In fact, a staggering 98% of employees express their desire to have this kind of dynamic in their jobs. The shift is here to stay as more and more organizations are adopting it as part of their work culture because of its many advantages. This integration is essential as employers move forward with their business continuity plans.