SSAE 18 is a statement that sets standards for reporting on the controls and processes related to financial reporting. It comes from the American Institute of Certified Public Accountants, outlining the framework for reporting on internal controls. The SSAE 18 is designed to provide assurances that the reporting of service organizations is secure, thorough, and… Read More
Managing cybersecurity threats is a full-time job, and most cybersecurity specialists rely on shared knowledge between experts in the field to combat these threats. The Common Vulnerabilities and Exposures (CVE) database provides a starting point for this kind of knowledge, centralizing an index of known security vulnerabilities in the wild. The CVE program recently joined… Read More
Discussions about security and compliance disproportionately focus on businesses and enterprises, precisely because these organizations serve as central repositories for critical industrial or consumer information. Accordingly, regulations and best practices are often tied to securing this infrastructure, with consumers getting little to no attention. However, the reality of modern cybersecurity threats is that almost all… Read More
The federal government has strict and comprehensive regulations on how agencies handle constituents’ personal information. This is just as true for tax information. The IRS leans on established guidelines associated with federal security to dictate regulations for agencies that handle tax information and, by and large, treats that information as a sensitive and critical part… Read More
Following the continuous rage of the COVID-19 pandemic, organizations face a difficult task to secure the workload and devices of the employees scattered around the world. As a home has become the new office, it unveiled serious organizational cybersecurity gaps. Experts say that simply installing antivirus software or encrypting traffic on a company-issued MacBook is… Read More
Corporate compliance is a major undertaking for a few reasons–IT systems become complex, work forces grow to hundreds of individuals with different levels of access to information and public corporations must file difficult financial and security attestations annually to prevent fraud. One of the essential forms of financial and IT compliance for publicly-traded companies in… Read More
The Federal Information Security Act, or FISMA, is a comprehensive cybersecurity law that has a widespread impact on federal agencies, state agencies handling federal programs and contractors and service providers working with these agencies. As such, its effect is wide-ranging, and FISMA requirements often overlap or inform other, more specific compliance frameworks. However, at its… Read More
Security isn’t simply something to consider during audits. In today’s evolving threat landscape, new attacks are emerging every day, and security experts are racing to stay ahead of them. The best approach to mitigating security is to maintain proactive cybersecurity practices, including testing, self-assessments and application scanning. Because many organizations are using or deploying web… Read More
We’ve already been seeing the changes for months now: new, robust cookie acceptance disclaimers, longer and more involved data collection forms and an uptick in fines for U.S. companies operating in the European Union. Companies in the United States are starting to understand their regulatory responsibilities under EU law, but few actually understand the scope… Read More
The General Data Protection Regulation (GDPR) is a set of regulations enforced in the European Union to protect consumer data privacy and instill new controls over data ownership and use. While only having jurisdiction in the EU, this law has had a major impact on how companies do business in Europe, especially digitally. Here, we’ll… Read More
Government agencies and contractors in the supply chain face threats every single day. If you haven’t read the news lately, our national infrastructure and data systems face significant challenges in maintaining the security and integrity of their devices, applications and network resources. When agencies and contractors want to connect to any sensitive system, the Department of… Read More
Risk management and assessment is the practice of assessing an organization’s security systems against possible vulnerabilities and gaps to determine how much “risk” is acceptable as part of doing business. Factors like compliance, emerging threats and changes in technology and business operations all play an immense role in how security experts manage the risk their… Read More
The Cybersecurity Maturity Model Certification (CMMC) framework of regulations is a relatively new governing document that combines several cybersecurity and risk management requirements to streamline security and compliance for agencies and contractors in the Defense Industrial Base (DIB) supply chain. Even though all DoD agencies do not yet require this framework, its roadmap suggests that… Read More
Compliance and risk management aren’t the same, but they are closely aligned with one another. Companies operating with IT and data-intensive technologies and industries must attend to the reality that risk of breach, damage, or data loss exists in their system and that they will almost always have to manage the balance between optimized business… Read More
Working with federal agencies can be a big boon for enterprise and SMB service providers. Not only are they working in a lucrative and challenging space, but they can also provide critical infrastructural support to the operation and defense of our country. The regulations, however, can prove a nightmare. For example, should you adhere to… Read More
Major infrastructure in the United States is under attack. As more heavy industrial companies, defense contractors and government agencies increasingly rely on cloud platforms and IT solutions to serve their users and constituents, hackers are finding ways to leverage vulnerabilities and steal information. The problem with these attacks is that they are taking advantage of… Read More
Words like cybersecurity and compliance are often interchangeable without much care taken with how they differ. But make no mistake: while they are related practices, both are different approaches to a common problem of cybersecurity threats. Here we break down the differences and, more importantly, why these differences are important for when you have to… Read More
Cybersecurity is all over the news. With the SolarWinds and Colonial Pipelines hack, we’ve learned the hard way that critical infrastructure is something we cannot take for granted. That’s why it is so important that IT providers understand why compliance frameworks like FedRAMP are necessary. Is FedRAMP compliance mandatory? Yes. If you provide cloud services… Read More
With the more recent threats and attacks we’ve seen in both the Colonial Pipeline and SolarWinds hacks, the question of infrastructure security is firmly in the collective consciousness. With President Biden’s Executive Order focusing executive resources to beef up cybersecurity, the efforts of the government are turning towards addressing some of the gaps that have… Read More
ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.
“Resiliency” is a word that gets thrown around a lot by professionals interested in the continuity of business in times of disruption. The fact is that depending on the industry and business model, resiliency is more akin to a science than anything else. Professionals measure things like logistics, statistics, risk and operational effectiveness to balance… Read More
The complexity of healthcare service demands robust technical infrastructure. Advances in patient treatment, research, diagnostic tools and even predictive analytics and AI have pushed technologies available to healthcare providers, which means that these organizations turn to expert providers to give them new tools and features to revolutionize their patient care models. This increased reliance on… Read More