The Federal Information Security Act, or FISMA, is a comprehensive cybersecurity law that has a widespread impact on federal agencies, state agencies handling federal programs and contractors and service providers working with these agencies. As such, its effect is wide-ranging, and FISMA requirements often overlap or inform other, more specific compliance frameworks. However, at its… Read More
Security isn’t simply something to consider during audits. In today’s evolving threat landscape, new attacks are emerging every day, and security experts are racing to stay ahead of them. The best approach to mitigating security is to maintain proactive cybersecurity practices, including testing, self-assessments and application scanning. Because many organizations are using or deploying web… Read More
We’ve already been seeing the changes for months now: new, robust cookie acceptance disclaimers, longer and more involved data collection forms and an uptick in fines for U.S. companies operating in the European Union. Companies in the United States are starting to understand their regulatory responsibilities under EU law, but few actually understand the scope… Read More
The California Consumer Protection Act (CCPA) was a landmark law passed in California to support data privacy and consumer rights. As time has marched onward, new technologies and insights from stakeholders have introduced new approaches to the challenges addressed by CCPA. That’s why Proposition 24, the California Privacy Rights Act (CPRA), was drafted and passed… Read More
The General Data Protection Regulation (GDPR) is a set of regulations enforced in the European Union to protect consumer data privacy and instill new controls over data ownership and use. While only having jurisdiction in the EU, this law has had a major impact on how companies do business in Europe, especially digitally. Here, we’ll… Read More
Lazarus Alliance Partnering Provides Audit & Compliance and Regulatory Support You have customers working with you today who need or demand additional support for their own compliance, risk, governance, and cybersecurity programs. Maybe your firm is a Public Accounting Firm and your clients work with you on taxation, but they also require a SOC 1… Read More
Government agencies and contractors in the supply chain face threats every single day. If you haven’t read the news lately, our national infrastructure and data systems face significant challenges in maintaining the security and integrity of their devices, applications and network resources. When agencies and contractors want to connect to any sensitive system, the Department of… Read More
In a previous article, we discussed GDPR compliance for businesses in the European Union. Simply put, GDPR changed the way that businesses can use consumer data for marketing and business purposes while giving more control to consumers in terms of how that data is stored, deleted or transmitted. While GDPR is not a standard in… Read More
Risk management and assessment is the practice of assessing an organization’s security systems against possible vulnerabilities and gaps to determine how much “risk” is acceptable as part of doing business. Factors like compliance, emerging threats and changes in technology and business operations all play an immense role in how security experts manage the risk their… Read More
The Cybersecurity Maturity Model Certification (CMMC) framework of regulations is a relatively new governing document that combines several cybersecurity and risk management requirements to streamline security and compliance for agencies and contractors in the Defense Industrial Base (DIB) supply chain. Even though all DoD agencies do not yet require this framework, its roadmap suggests that… Read More
Compliance and risk management aren’t the same, but they are closely aligned with one another. Companies operating with IT and data-intensive technologies and industries must attend to the reality that risk of breach, damage, or data loss exists in their system and that they will almost always have to manage the balance between optimized business… Read More
Working with federal agencies can be a big boon for enterprise and SMB service providers. Not only are they working in a lucrative and challenging space, but they can also provide critical infrastructural support to the operation and defense of our country. The regulations, however, can prove a nightmare. For example, should you adhere to… Read More
Major infrastructure in the United States is under attack. As more heavy industrial companies, defense contractors and government agencies increasingly rely on cloud platforms and IT solutions to serve their users and constituents, hackers are finding ways to leverage vulnerabilities and steal information. The problem with these attacks is that they are taking advantage of… Read More
Words like cybersecurity and compliance are often interchangeable without much care taken with how they differ. But make no mistake: while they are related practices, both are different approaches to a common problem of cybersecurity threats. Here we break down the differences and, more importantly, why these differences are important for when you have to… Read More
Words like cybersecurity and compliance are often interchangeable without much care taken with how they differ. But make no mistake: while they are related practices, both are different approaches to a common problem of cybersecurity threats. Here we break down the differences and, more importantly, why these differences are important when you have to meet… Read More
Cybersecurity is all over the news. With the SolarWinds and Colonial Pipelines hack, we’ve learned the hard way that critical infrastructure is something we cannot take for granted. That’s why it is so important that IT providers understand why compliance frameworks like FedRAMP are necessary. Is FedRAMP compliance mandatory? Yes. If you provide cloud services… Read More
With the more recent threats and attacks we’ve seen in both the Colonial Pipeline and SolarWinds hacks, the question of infrastructure security is firmly in the collective consciousness. With President Biden’s Executive Order focusing executive resources to beef up cybersecurity, the efforts of the government are turning towards addressing some of the gaps that have… Read More