Poor cybersecurity practices complicated recovery from the Arizona Beverages ransomware attack. What appears to have been a targeted ransomware attack knocked over 200 networked computers and servers offline at Arizona Beverages, one of the largest beverage suppliers in the U.S., TechCrunch reports. The attack, which the company was still struggling to recover from two weeks… Read More
The Death of Privacy: A Tale of Collusion and Corruption
In our technically advancing world, our personal privacy expectations must be reconsidered, re-conceived and redefined. We all expose ourselves through swipes, transactions, likes and tweets. Through handsets, television sets and mindsets, we voluntarily add our behavioral attributes to the associated handlers of our digital DNA almost entirely without consideration for personal privacy. We will review… Read More
Are You Alert?
The world is full of information and it is becoming more transparent and more accessible to more people every day. This technological paradigm shift enables the individual and the organizational entities to discover more about another person or item of interest or even themselves. It becomes increasingly important to, where possible, control your digital spin.… Read More
Happy Birthday Salem!
My eldest Son has a birthday today! It has been just a blink since the day that I cut that umbilical cord and welcomed him into the world. Happy birthday Salem! Be well, be wary, be wise, and be safe.
Binary Equivalent
I’m glad that computers keep track of my name (Michael D. Peters) so I don’t need to! The binary equivalent is: 01001101 01101001 01100011 01101000 01100001 01100101 01101100 00100000 01000100 00101110 00100000 01010000 01100101 01110100 01100101 01110010 01110011 Get yours at: http://www.roubaixinteractive.com/PlayGround/Binary_Conversion/Binary_To_Text.asp
Michael Salem Peters – Independant Man
My son has been busy. He has an obvious talent for photography. Check out his wares here: http://www.flickr.com/photos/photographsbymichaelsalempeters/. Salem has also been recording folk tunes he wrote and a sample is here: http://www.myspace.com/salempeters. My first impression was a warm coffee on a rainy day hanging with Coldplay.
Michael Salem Peters
Today is my eldest sons birthday. Twenty years ago today I cut the umbilical cord and welcomed him into the world. Salem is a good soul. He has his own apartment, is in college working towards a photojournalist degree, and works in a coffee shop. I wonder if a parent ever really feels like they… Read More
Michael Salem Peters – My eldest son.
Salem, my eldest son and an aspiring photojournalist, has been placing much of his work on this site: http://www.flickr.com/photos/photographsbymichaelsalempeters/. Salem has also produced his first book which may be purchased here: http://www.blurb.com/bookstore/detail/451268. I have always considered the artistic expression put into books especially admirable so I am trilled that my son has taken his first… Read More
Integrating ISO 27001 with other ISO Standards: Preparing for Long-Term Security and Compliance
We are big believers in packaging your compliance needs into a single, effective standard within your organization. It doesn’t make any sense to double up on work, and streamlining compliance across multiple standards makes your efforts better and faster. In light of that, we’re discussing how you can streamline some of your existing ISO compliance… Read More
The Common Criteria in Well-Known Security Frameworks
In today’s digital age, cybersecurity is not just a technical necessity but a critical compliance requirement. Organizations worldwide face rigorous regulations to safeguard sensitive data and maintain public trust. The Common Criteria certification is a pivotal standard in cybersecurity compliance among these regulatory frameworks. This article will discuss how CC plays a role in other,… Read More
The Digital Supply Chain and Security Flaws in the R Programming Language
We use “the digital supply chain” regularly because enterprise and government businesses rely heavily on it. The relationships between vendors, cloud providers, software, and customers are so deeply intertwined that it’s impossible to avoid the big picture–that security is a complex activity that can span dozens of entities. A recently discovered flaw in the R… Read More
The Kaiser Data Breach and the Importance of HIPAA for Vendor Relationships
Unfortunately, HIPAA data breaches are increasingly common. Kaiser Permanente, one of the largest healthcare insurance providers in the U.S., recently reported a massive exposure of millions of patient records (Protected Health Information, or PHI). This unfortunate event also serves as a learning moment for companies who may not understand how to avoid such unintended consequences.… Read More
NIAP and Protection Profiles
IT security in the federal market is layered and multifaceted. Specific requirements exist for different types of data platforms and technologies. At a more granular level, standards have been developed for individual IT products: NIAP Protection Profiles. This article will cover why these profiles are essential for federal security, how to find them, and what… Read More
CVE-2024-3094 Utils and Vulnerabilities in Federal Linux Systems
Over the past week, a new vulnerability in the Linux operating system and the XZ compression utility has led to a new security alert and an immediate call to roll back some new updates. While this threat is a massive problem for federal IT systems relying on specific Linux distributions, it also highlights how poorly… Read More
FedRAMP and Penetration Testing Guidance Updates in 2024
Recently, the FedRAMP program (via the OMB) released a request for feedback on new guidance documentation for penetration testing under the program. The new guidance standards target organizations and 3PAOs undergoing or performing penetration tests under FedRAMP requirements. The new guidance addresses new attack vectors targeting subsystems in IT infrastructure. Here, we’ll cover his newest… Read More
When Should You Work with a CMMC RPO vs. a C3PAO?
CMMC is a complex undertaking. Depending on where you are in your certification journey, you could require consulting, assessment, or both. Fortunately, the CMMC program includes training and authorization for two distinct types of organizations: Registered Provider Organizations (RPOs) and Certified Third-Party Assessment Organizations (C3PAOs), each offering different services. We’re discussing these organizations and which… Read More
CP-CSC, CMMC, and North American Cybersecurity
International collaboration between countries in cybersecurity isn’t unheard of, but it involves several miles of red tape and regulations. That’s why many countries seek parity in their security frameworks. One such parity that Canadian officials are seeking is between their own CP-CSC and the CMMC model for handling CUI.
The OCR HIPAA Report and Proper Breach Requirements
HIPAA is a core cybersecurity framework for patients and healthcare providers in the U.S. Unfortunately, a new report from the OCR shows an increase in significant events and a lack of resources to follow up on critical compliance issues. We’re covering some of this report and the underlying HIPAA requirements reflected in it.
The 2023 Revisions to SOC 2 Compliance
In 2023, the American Institute of CPAs (AICPA) launched a revision of its SOC 2 standard. This revision focused specifically on security issues and emphasized “points of focus” to boost SOC 2 audits’ ability to address modern security threats.
An In-Depth Guide to SOC 2 Security Common Criteria
While typically not mandatory outside financial sectors, SOC 2 is a reliable security compliance model that any organization can follow. This can be seen in its security assessments, which include a robust list of “Common Criteria,” or broad areas of focus that any secure organization should follow. The recent revision of these criteria in 2023… Read More
The CMMC Proposed Rule and Expectations in 2024
In December 2023, the Department of Defense announced its new Proposed Rules for CMMC. This release comes two years after their initial proposal for CMMC 2.0 as a framework. Many of CMMC’s expected requirements are coming to pass, and the DoD is looking to finalize and aggressively roll out the program over the next three… Read More
What Is NIST 800-172 and Advanced Security Structures
The ongoing rise of state-sponsored Advanced Persistent Threats (APTs) has increased scrutiny of federal and state IT systems security systems. The latest version of CMMC includes a high-maturity level specifically designed to address these threats, which relies primarily on advanced security controls listed in NIST Special Publication 800-172.
Leveraging Managed Security Service Providers for NIST 800-171 and CMMC Compliance in the Defense Supply Chain
The complex relationships between government agencies, third-party vendors, and managed service providers form a challenging web of connections that comprise the DoD digital supply chain. Both NIST 800-171 and CMMC address these at various points, expecting providers to adhere to complex security requirements. These requirements can become so complex that they may turn to Managed… Read More
CMMC, NIST 800-172, and Advanced Persistent Threats
As organizations move up the CMMC maturity model, they do so for one reason: to prepare themselves better to protect against Advanced Persistent Threats (APTs). These threats are a significant problem in the defense supply chain, and as such, CMMC leans heavily on NIST 800-171 and 800-172 to address them. This article introduces how these… Read More