Open-source software is the cornerstone of most IT platforms and infrastructure. This reliance extends beyond major applications; most software worldwide relies, in part, on even the smallest OSS library that solves a critical problem. For businesses subject to FedRAMP, CMMC, and other federal jurisdictions, this is a solid way to plan their compliance. As we’re… Read More
FedRAMP has long been the backbone of how U.S. federal agencies evaluate and trust cloud services. For more than a decade, it has provided a standardized approach to assessing security controls, granting authorizations, and maintaining ongoing oversight. Yet as cloud architectures evolved, software delivery accelerated, and agencies increasingly relied on modern DevSecOps practices, the original… Read More
Data is possibly one of the most valuable assets any organization holds. Customer information, employee records, and proprietary business intelligence present challenges because the data flowing through modern enterprises represents both significant opportunities and serious risks. Businesses face a challenging balance: investing in compliance measures to protect sensitive information while also preparing for the real… Read More
Cyber Insurance Coverage: a Brave, Uncertain New World for Insurers and Policyholders Despite the escalating intensity and frequency of cyber attacks, fewer than 1/3 of U.S. businesses have purchased cyber insurance policies. A recent report by Deloitte provides insight into why organizations are deciding to go without cyber coverage, as well as why many insurers… Read More
A Proactive Approach Could Have Prevented the DNC Email Hack The NSA isn’t the only Washington organization being embarrassed by a data breach. The sorry state of cybersecurity in America has taken center stage in this year’s presidential election. In June, it was discovered that Russian cyber criminals had managed to hack the Democratic National… Read More
Human hacking, also known as social engineering, has surpassed hardware and software vulnerabilities and is now the top cybersecurity threat, Computer Weekly reports: [A]ttackers shifted away from automated exploits in 2015. Instead, attackers engaged people through email, social media and mobile apps to do the dirty work of infecting systems, stealing credentials and transferring funds.… Read More
The following standard definitions of Personal Information and Breach of Security (based on the definition commonly used by most states) are used for ease of reference, and any variations from the common definition are noted: Personal Information: An individual’s first name or first initial and last name plus one or more of the following data… Read More