We’ve already been seeing the changes for months now: new, robust cookie acceptance disclaimers, longer and more involved data collection forms and an uptick in fines for U.S. companies operating in the European Union. Companies in the United States are starting to understand their regulatory responsibilities under EU law, but few actually understand the scope… Read More
The General Data Protection Regulation (GDPR) is a set of regulations enforced in the European Union to protect consumer data privacy and instill new controls over data ownership and use. While only having jurisdiction in the EU, this law has had a major impact on how companies do business in Europe, especially digitally. Here, we’ll… Read More
Lazarus Alliance Partnering Provides Audit & Compliance and Regulatory Support You have customers working with you today who need or demand additional support for their own compliance, risk, governance, and cybersecurity programs. Maybe your firm is a Public Accounting Firm and your clients work with you on taxation, but they also require a SOC 1… Read More
Government agencies and contractors in the supply chain face threats every single day. If you haven’t read the news lately, our national infrastructure and data systems face significant challenges in maintaining the security and integrity of their devices, applications and network resources. When agencies and contractors want to connect to any sensitive system, the Department of… Read More
Risk management and assessment is the practice of assessing an organization’s security systems against possible vulnerabilities and gaps to determine how much “risk” is acceptable as part of doing business. Factors like compliance, emerging threats and changes in technology and business operations all play an immense role in how security experts manage the risk their… Read More
The Cybersecurity Maturity Model Certification (CMMC) framework of regulations is a relatively new governing document that combines several cybersecurity and risk management requirements to streamline security and compliance for agencies and contractors in the Defense Industrial Base (DIB) supply chain. Even though all DoD agencies do not yet require this framework, its roadmap suggests that… Read More
Compliance and risk management aren’t the same, but they are closely aligned with one another. Companies operating with IT and data-intensive technologies and industries must attend to the reality that risk of breach, damage, or data loss exists in their system and that they will almost always have to manage the balance between optimized business… Read More
Working with federal agencies can be a big boon for enterprise and SMB service providers. Not only are they working in a lucrative and challenging space, but they can also provide critical infrastructural support to the operation and defense of our country. The regulations, however, can prove a nightmare. For example, should you adhere to… Read More
Major infrastructure in the United States is under attack. As more heavy industrial companies, defense contractors and government agencies increasingly rely on cloud platforms and IT solutions to serve their users and constituents, hackers are finding ways to leverage vulnerabilities and steal information. The problem with these attacks is that they are taking advantage of… Read More
Words like cybersecurity and compliance are often interchangeable without much care taken with how they differ. But make no mistake: while they are related practices, both are different approaches to a common problem of cybersecurity threats. Here we break down the differences and, more importantly, why these differences are important for when you have to… Read More
Cybersecurity is all over the news. With the SolarWinds and Colonial Pipelines hack, we’ve learned the hard way that critical infrastructure is something we cannot take for granted. That’s why it is so important that IT providers understand why compliance frameworks like FedRAMP are necessary. Is FedRAMP compliance mandatory? Yes. If you provide cloud services… Read More
With the more recent threats and attacks we’ve seen in both the Colonial Pipeline and SolarWinds hacks, the question of infrastructure security is firmly in the collective consciousness. With President Biden’s Executive Order focusing executive resources to beef up cybersecurity, the efforts of the government are turning towards addressing some of the gaps that have… Read More
ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.
“Resiliency” is a word that gets thrown around a lot by professionals interested in the continuity of business in times of disruption. The fact is that depending on the industry and business model, resiliency is more akin to a science than anything else. Professionals measure things like logistics, statistics, risk and operational effectiveness to balance… Read More
The complexity of healthcare service demands robust technical infrastructure. Advances in patient treatment, research, diagnostic tools and even predictive analytics and AI have pushed technologies available to healthcare providers, which means that these organizations turn to expert providers to give them new tools and features to revolutionize their patient care models. This increased reliance on… Read More
The Payment Card Industry Data Security Standard is a voluntary security framework to help protect customers and merchants against the theft of credit card data during POS transactions. Like many other compliance frameworks, PCI DSS has continually evolved over the years to match new technologies and new threats to the privacy of consumers shopping online… Read More
Any IT or cloud provider working with the government needs to show that they are secured against data breach or theft. As the SolarWinds hack has demonstrated, our interconnected technology systems are under attack from outside entities who want to gain access to critical civil, military, and industrial data and undermine our security. That’s why… Read More