Organizations are tasked with navigating many rules, regulations, and potential risks in an increasingly complex business landscape. As they do so, the importance of a robust Governance, Risk, and Compliance (GRC) strategy becomes apparent. This trifecta acts as a guiding beacon, setting a course for businesses to follow, ensuring they operate within the bounds of… Read More
Updated May 4, 2019 Privacy Policy As set forth in Lazarus Alliance’s Global Code of Conduct: “We respect the confidentiality and privacy of our clients, our people and others with whom we do business”. It is the Privacy Policy of Lazarus Alliance to comply with the requirements of the General Data Protection Regulation (GDPR) and… Read More
General Terms Lazarus Alliance, LLC (“Lazarus Alliance, LLC” or “we”) understands that your privacy is important to you. Lazarus Alliance, LLC is committed to protecting the privacy of your personally-identifiable information as you use this Site. The scope of Lazarus Alliance, LLC’s commitment is described in this Privacy Policy. By submitting information, you agree to… Read More
Most security standards, including government standards, require cryptography. We are generally familiar with implementing a cryptographic algorithm that meets these requirements and calling it a day. However, to ensure security, NIST also publishes standards for validating encryption modules to ensure they serve their purpose under federal standards. Here, we’re discussing the Cryptographic Algorithm Validation Program… Read More
IT security in the federal market is layered and multifaceted. Specific requirements exist for different types of data platforms and technologies. At a more granular level, standards have been developed for individual IT products: NIAP Protection Profiles. This article will cover why these profiles are essential for federal security, how to find them, and what… Read More
While typically not mandatory outside financial sectors, SOC 2 is a reliable security compliance model that any organization can follow. This can be seen in its security assessments, which include a robust list of “Common Criteria,” or broad areas of focus that any secure organization should follow. The recent revision of these criteria in 2023… Read More
The complex relationships between government agencies, third-party vendors, and managed service providers form a challenging web of connections that comprise the DoD digital supply chain. Both NIST 800-171 and CMMC address these at various points, expecting providers to adhere to complex security requirements. These requirements can become so complex that they may turn to Managed… Read More
An emergency vulnerability has emerged in Ivanti products and appliances, and it has sent many service providers, especially those in the federal space, in a rush to close their gaps and respond as best they can. This article covers the incident, the government’s response, and what it means for service providers.
As the recent Ivanti security breaches indicate, the existence of a strong and effective incident response isn’t an option but a necessity. An incident response plan (IRP) is essential to prepare an organization to respond to any security incident effectively and on time. This plan spells out processes that an organization should undergo in case… Read More
New data security regulations include, or foreground, the role of data privacy in compliance. Many of these, like GDPR and CCPA, make data privacy a primary concern and expect businesses to meet stringent requirements about protecting the integrity of consumers’ Personally Identifiable Data (PII). One practice stemming from GDPR requirements is the Data Privacy Impact… Read More
With all the focus on network security, SaaS compliance, and big data protection, it’s sometimes very easy to forget that the most vulnerable parts of any given system are often those tied to the user. These devices (endpoints) are where these users do most of their work and where a lack of security best practices… Read More
Identity, authorization, and authentication are some of the hottest topics in cybersecurity right now, with 80% of attacks involving some form of compromised identity. The proliferation of cloud-based and managed infrastructure and primarily data-driven organizations has made identity and security a top priority for organizations and regulatory bodies. Here, we’ll talk about identity governance–what it… Read More
One of the ongoing challenges of GDPR is its (until recently) fragmented compliance and assessment approach. The requirements of GDPR are relatively open–they focus on standards and expectations, not implementation. Therefore, many assessment tools and frameworks have emerged to address the situation. Recently, Europrivacy has risen as a potential centralization of assessments under a common… Read More
The cybersecurity landscape isn’t getting any easier for any business, large or small. With high-profile cyber attacks making headlines, from ransomware attacks crippling global infrastructure to data breaches compromising millions of users’ personal information, the stakes for major corporations have never been higher. While offering unprecedented opportunities, the digital realm also presents a minefield of… Read More
ISO 9001 is a universally recognized standard that provides a framework for organizations to establish, implement, and refine their quality management systems. Rooted in principles that prioritize customer satisfaction, leadership involvement, and a continuous improvement ethos, ISO 9001 offers a structured approach to achieving excellence in operational processes. This article delves into the intricacies of… Read More
According to a recent report by IT Governance, there were over 70 data breaches in June 2023 alone–accounting for compromising over 14 million data records. Once these records are out in the open, they are often sold on the dark web. Following that, it’s just a matter of time before hackers can use this data… Read More
In June 2023, the US. The Department of Health and Human Services (HHS) reached an agreement with Yakima Valley Memorial Hospital over a significant breach of privacy and security rules. Specifically, HHS found that several security guards had inappropriately accessed the private records of up to 419 patients. This settlement demonstrated administrative and internal security… Read More
From the comfort of smart homes and the convenience of wearable devices to the intelligent operations of manufacturing systems and the functionality of smart cities, the Internet of Things (IoT) serves as the connective tissue of a digitally unified world. While a hallmark of modern innovation, this proliferation of interconnectivity also introduces a multifaceted set… Read More
From time to time, new directives and requirements come up in the federal space that has ripple effects throughout the cybersecurity landscape. Recently, FedRAMP raised a note that a new Binding Operational Directive has shifted some requirements for agencies and contractors. While this doesn’t seem to directly impact the program, it is significant enough for… Read More
The General Data Protection Regulation (GDPR) is one of the strongest security and privacy frameworks in operation in the world. Of this regulation, Article 32 stands out among its numerous guidelines as it deals explicitly with the “security of processing” of personal data. This piece aims to demystify GDPR Article 32, breaking down its requirements… Read More
The Common Criteria, recognized worldwide, provides a standardized framework for evaluating the security attributes of IT products and systems. From defining security requirements to testing and verifying products against these requirements, the Common Criteria assure that the evaluation process is rigorous, repeatable, and thorough. To ensure the success of the program on a national basis,… Read More
GDPR certification is quickly becoming a topic of concern for enterprise businesses worldwide. With news of Meta’s record-breaking $1.3B fine from the European Union, companies are learning that data privacy and compliance in the EU is no joke. This article will dig into GDPR to discuss how organizations can approach their security and privacy with best… Read More
With the ever-increasing complexities of the IT and business environments, risk management has become crucially important for cybersecurity. Accordingly, risk management methodologies provide the blueprint for this anticipatory and strategic approach. They guide businesses in identifying potential threats, assessing their impact, devising effective responses, and monitoring progress. This article will introduce some basics of risk… Read More
The General Data Protection Regulation (GDPR) has fundamentally transformed the data protection landscape for organizations operating within the European Union. Managed Service Providers, essential partners for many businesses, must also carefully navigate GDPR compliance to protect their clients’ data and maintain trust. Understanding the implications of GDPR on MSPs and their services is vital for… Read More