The cybersecurity landscape isn’t getting any easier for any business, large or small. With high-profile cyber attacks making headlines, from ransomware attacks crippling global infrastructure to data breaches compromising millions of users’ personal information, the stakes for major corporations have never been higher. While offering unprecedented opportunities, the digital realm also presents a minefield of… Read More
The Security Operations Center (SOC) is central to this defense strategy – a dedicated hub for monitoring, detecting, and responding to security incidents. But as businesses grapple with establishing their in-house SOCs or outsourcing to specialized Managed Security Service Providers (MSSPs), many considerations come into play. In this article, we discuss the complexities of these… Read More
The development of AI has been a game-changer for nearly everyone, and that fact is no different in the world of cybersecurity. New threats powered by AI are reshaping traditional attack vectors, including cryptography, prevention, and social engineering. In this article, we’re discussing how, in the so-called AI Boom of 2023, cybersecurity is being shaped… Read More
Modern cybersecurity is about more than just reacting to threats as they emerge. Adopting proactive cybersecurity measures is not just a strategic advantage; it’s an operational necessity that can spell the difference between business as usual and breaches that erode customer trust and shareholder value. Whether you’re a cybersecurity veteran or new to the domain,… Read More
The Federal Information Processing Standard (FIPS) 199 provides organizations and individuals with the necessary guidance to determine a cybersecurity threat’s impact level accurately. These impact levels define the level of security a system should have to protect the data contained therein adequately. This article will take you through an overview of FIPS 199 and how… Read More
The U.S. Department of Defense launched the Cybersecurity Maturity Model Certification (CMMC) in response to the escalating cyber threats. This initiative underscores the increasing emphasis on the maturity of cybersecurity programs as a benchmark for assessment and standardization within the Defense Industrial Base and its extensive supply chain. Yet, a surprising revelation from Infosecurity Magazine… Read More
According to a recent report by IT Governance, there were over 70 data breaches in June 2023 alone–accounting for compromising over 14 million data records. Once these records are out in the open, they are often sold on the dark web. Following that, it’s just a matter of time before hackers can use this data… Read More
In June 2023, the US. The Department of Health and Human Services (HHS) reached an agreement with Yakima Valley Memorial Hospital over a significant breach of privacy and security rules. Specifically, HHS found that several security guards had inappropriately accessed the private records of up to 419 patients. This settlement demonstrated administrative and internal security… Read More
Not all technology is created equal, even if it all seems to serve the same function. Information Technology (IT) and Operational Technology (OT) are two particular strains of digital systems that, while seemingly similar, serve radically similar functions for an organization. That being said, IT and OT are merging due in no small part to… Read More
As we navigate through 2023, the digital frontier continues to expand, bringing forth numerous novel opportunities and, regrettably, a myriad of cybersecurity threats. These cyber threats are not simply an IT concern; they have profound implications for business continuity, customer trust, and national security. Understanding these risks and their evolution is the first step in… Read More
The General Data Protection Regulation (GDPR) is one of the strongest security and privacy frameworks in operation in the world. Of this regulation, Article 32 stands out among its numerous guidelines as it deals explicitly with the “security of processing” of personal data. This piece aims to demystify GDPR Article 32, breaking down its requirements… Read More
In the evolving world of international IT infrastructure and security, it’s critical that organizations and regulatory bodies have a standard to assess technology effectively. A key player in the United States that works to uphold these standards is the National Information Assurance Partnership (NIAP). NIAP manages the Common Criteria Evaluation and Validation Scheme (CCEVS) in… Read More
Organizations are tasked with navigating many rules, regulations, and potential risks in an increasingly complex business landscape. As they do so, the importance of a robust Governance, Risk, and Compliance (GRC) strategy becomes apparent. This trifecta acts as a guiding beacon, setting a course for businesses to follow, ensuring they operate within the bounds of… Read More
In the interconnected world of digital health information, safeguarding Protected Health Information is paramount. Healthcare providers must legally follow the Health Insurance Portability and Accountability Act (HIPAA) to protect patient privacy and maintain trust, and this compliance includes understanding what it means to identify and deal with security incidents. Among these, the concepts of security… Read More
With modern computing increasingly moving into a mobile paradigm of remote workers, laptops, and smart devices, the threat to security in various industries is only increasing. This is no more true than in healthcare, where HIPAA breaches related to mobile devices are becoming more common. This article will discuss the HIPAA security rule, how it… Read More
It has become increasingly important for financial institutions to adopt robust security measures to safeguard their client’s assets and personal data. To address this challenge, FINDA has established a comprehensive set of rules to enhance its member firms’ cybersecurity posture. However, there isn’t a set-in-stone framework for specific security measures. Instead, FINRA consists of obligations… Read More
As cloud computing continues gaining popularity, organizations increasingly turn to cloud services to store and process their data. However, with this increased reliance on cloud services comes a heightened risk of data breaches and cyber attacks, making cloud security a critical concern for businesses of all sizes. To address these concerns, the International Organization for… Read More
A Managed Service Provider (MSP) provides their clients with a wide range of IT services, including network management, software support, and hardware maintenance. However, as cyber threats evolve, MSPs are increasingly expected to provide comprehensive security solutions to their clients. This can be a significant challenge, as they may need more specialized expertise, tools, and… Read More
Quantum computing has long been a theoretical idea with limited practical application. The only usable quantum computers were only available to cutting-edge researchers supported by massive corporations or government-funded universities. As time has passed, however, these researchers have begun to make massive strides in making quantum computing realizable in a way that could impact modern… Read More
Federal Information Processing Standards (FIPS) are essential for federal agencies and contractors to ensure the security of sensitive information, such as classified data, personally identifiable information, and financial data. This article will describe some of the most common FIPS security standards, their importance, and how federal agencies and contractors use them. We will also discuss… Read More
The Federal Risk and Authorization Management Program (FedRAMP) is a security assessment and authorization program for cloud services used by the federal government. It is designed to ensure that cloud services meet the federal government’s security requirements, and that sensitive government data remains protected. A critical component of the FedRAMP security authorization process is the… Read More
We’ve previously discussed ISO 27701 and how it refines two essential security standards and control libraries (ISO 27001 and ISO 27002). But, the entire purpose of ISO 27701 is to align IT systems with privacy requirements found under GDPR. Here, we’ll discuss the third section of this document that defines additional guidelines for organizations acting… Read More
The International Organization for Standardization wrote ISO 27701 to align the standards of the ISO 27001 series with privacy-based standards like GDPR and CCPA. As such, it addresses the core requirements of that standard and refines them so that organizations don’t have to fumble in the dark about adapting their existing ISO certifications to larger… Read More
Private security standards like those from the International Organization for Standardization (ISO) generally seek some alignment with major regulations so that certified organizations can effectively adapt to new and rigorous standards. Accordingly, the ISO 27701 standard seeks to refine the standard ISO cybersecurity certifications to match evolving security laws in jurisdictions like the EU. In… Read More