Poor cybersecurity practices complicated recovery from the Arizona Beverages ransomware attack. What appears to have been a targeted ransomware attack knocked over 200 networked computers and servers offline at Arizona Beverages, one of the largest beverage suppliers in the U.S., TechCrunch reports. The attack, which the company was still struggling to recover from two weeks… Read More
The Death of Privacy: A Tale of Collusion and Corruption
In our technically advancing world, our personal privacy expectations must be reconsidered, re-conceived and redefined. We all expose ourselves through swipes, transactions, likes and tweets. Through handsets, television sets and mindsets, we voluntarily add our behavioral attributes to the associated handlers of our digital DNA almost entirely without consideration for personal privacy. We will review… Read More
Are You Alert?
The world is full of information and it is becoming more transparent and more accessible to more people every day. This technological paradigm shift enables the individual and the organizational entities to discover more about another person or item of interest or even themselves. It becomes increasingly important to, where possible, control your digital spin.… Read More
Happy Birthday Salem!
My eldest Son has a birthday today! It has been just a blink since the day that I cut that umbilical cord and welcomed him into the world. Happy birthday Salem! Be well, be wary, be wise, and be safe.
Binary Equivalent
I’m glad that computers keep track of my name (Michael D. Peters) so I don’t need to! The binary equivalent is: 01001101 01101001 01100011 01101000 01100001 01100101 01101100 00100000 01000100 00101110 00100000 01010000 01100101 01110100 01100101 01110010 01110011 Get yours at: http://www.roubaixinteractive.com/PlayGround/Binary_Conversion/Binary_To_Text.asp
Michael Salem Peters – Independant Man
My son has been busy. He has an obvious talent for photography. Check out his wares here: http://www.flickr.com/photos/photographsbymichaelsalempeters/. Salem has also been recording folk tunes he wrote and a sample is here: http://www.myspace.com/salempeters. My first impression was a warm coffee on a rainy day hanging with Coldplay.
Michael Salem Peters
Today is my eldest sons birthday. Twenty years ago today I cut the umbilical cord and welcomed him into the world. Salem is a good soul. He has his own apartment, is in college working towards a photojournalist degree, and works in a coffee shop. I wonder if a parent ever really feels like they… Read More
Michael Salem Peters – My eldest son.
Salem, my eldest son and an aspiring photojournalist, has been placing much of his work on this site: http://www.flickr.com/photos/photographsbymichaelsalempeters/. Salem has also produced his first book which may be purchased here: http://www.blurb.com/bookstore/detail/451268. I have always considered the artistic expression put into books especially admirable so I am trilled that my son has taken his first… Read More
NIAP and Protection Profiles
IT security in the federal market is layered and multifaceted. Specific requirements exist for different types of data platforms and technologies. At a more granular level, standards have been developed for individual IT products: NIAP Protection Profiles. This article will cover why these profiles are essential for federal security, how to find them, and what… Read More
CVE-2024-3094 Utils and Vulnerabilities in Federal Linux Systems
Over the past week, a new vulnerability in the Linux operating system and the XZ compression utility has led to a new security alert and an immediate call to roll back some new updates. While this threat is a massive problem for federal IT systems relying on specific Linux distributions, it also highlights how poorly… Read More
FedRAMP and Penetration Testing Guidance Updates in 2024
Recently, the FedRAMP program (via the OMB) released a request for feedback on new guidance documentation for penetration testing under the program. The new guidance standards target organizations and 3PAOs undergoing or performing penetration tests under FedRAMP requirements. The new guidance addresses new attack vectors targeting subsystems in IT infrastructure. Here, we’ll cover his newest… Read More
When Should You Work with a CMMC RPO vs. a C3PAO?
CMMC is a complex undertaking. Depending on where you are in your certification journey, you could require consulting, assessment, or both. Fortunately, the CMMC program includes training and authorization for two distinct types of organizations: Registered Provider Organizations (RPOs) and Certified Third-Party Assessment Organizations (C3PAOs), each offering different services. We’re discussing these organizations and which… Read More
CP-CSC, CMMC, and North American Cybersecurity
International collaboration between countries in cybersecurity isn’t unheard of, but it involves several miles of red tape and regulations. That’s why many countries seek parity in their security frameworks. One such parity that Canadian officials are seeking is between their own CP-CSC and the CMMC model for handling CUI.
The OCR HIPAA Report and Proper Breach Requirements
HIPAA is a core cybersecurity framework for patients and healthcare providers in the U.S. Unfortunately, a new report from the OCR shows an increase in significant events and a lack of resources to follow up on critical compliance issues. We’re covering some of this report and the underlying HIPAA requirements reflected in it.
The 2023 Revisions to SOC 2 Compliance
In 2023, the American Institute of CPAs (AICPA) launched a revision of its SOC 2 standard. This revision focused specifically on security issues and emphasized “points of focus” to boost SOC 2 audits’ ability to address modern security threats.
An In-Depth Guide to SOC 2 Security Common Criteria
While typically not mandatory outside financial sectors, SOC 2 is a reliable security compliance model that any organization can follow. This can be seen in its security assessments, which include a robust list of “Common Criteria,” or broad areas of focus that any secure organization should follow. The recent revision of these criteria in 2023… Read More
The CMMC Proposed Rule and Expectations in 2024
In December 2023, the Department of Defense announced its new Proposed Rules for CMMC. This release comes two years after their initial proposal for CMMC 2.0 as a framework. Many of CMMC’s expected requirements are coming to pass, and the DoD is looking to finalize and aggressively roll out the program over the next three… Read More
What Is NIST 800-172 and Advanced Security Structures
The ongoing rise of state-sponsored Advanced Persistent Threats (APTs) has increased scrutiny of federal and state IT systems security systems. The latest version of CMMC includes a high-maturity level specifically designed to address these threats, which relies primarily on advanced security controls listed in NIST Special Publication 800-172.
Leveraging Managed Security Service Providers for NIST 800-171 and CMMC Compliance in the Defense Supply Chain
The complex relationships between government agencies, third-party vendors, and managed service providers form a challenging web of connections that comprise the DoD digital supply chain. Both NIST 800-171 and CMMC address these at various points, expecting providers to adhere to complex security requirements. These requirements can become so complex that they may turn to Managed… Read More
CMMC, NIST 800-172, and Advanced Persistent Threats
As organizations move up the CMMC maturity model, they do so for one reason: to prepare themselves better to protect against Advanced Persistent Threats (APTs). These threats are a significant problem in the defense supply chain, and as such, CMMC leans heavily on NIST 800-171 and 800-172 to address them. This article introduces how these… Read More
Third-Party Vendor Security and PCI DSS
We’ve regularly written about maintaining security and compliance with third-party vendors. While vendors and managed service providers are a crucial part of digital economies, it’s up to the client businesses to ensure they work with vendors that meet their needs. Following previous discussions of third-party vendor security under standards like SOC 2 and HIPAA, we’re… Read More
What Is Post-Quantum Cryptography and Apple’s PQ3?
The existence of quantum computers on the horizon has shaken the cryptography world, and researchers and scientists have received a massive response to build feasible Post-Quantum Cryptography (PCQ). Recently, Apple has taken an enormous step forward by announcing their own PCQ systems, PQ3, in Apple devices. Learn more about PCQ and Apple’s announcement and the… Read More
What Are the Ivanti Vulnerabilities, and How Do They Impact You?
An emergency vulnerability has emerged in Ivanti products and appliances, and it has sent many service providers, especially those in the federal space, in a rush to close their gaps and respond as best they can. This article covers the incident, the government’s response, and what it means for service providers.
Incident Response and the Responsibility of Your Organization for Protecting Data
As the recent Ivanti security breaches indicate, the existence of a strong and effective incident response isn’t an option but a necessity. An incident response plan (IRP) is essential to prepare an organization to respond to any security incident effectively and on time. This plan spells out processes that an organization should undergo in case… Read More