by Andrea VanSeveren | Apr 22, 2021 | InfoSec Strategies
Reading Time: 3 minutes
A wise CISO once said: “The only thing worse than no cybersecurity guidance is too much cybersecurity guidance.” In today’s world, we are blessed/cursed with multiple, interrelated and cross-referenceable standards of comparable...
by Andrea VanSeveren | Apr 21, 2021 | Third Party Risk Management
Reading Time: 4 minutes
It’s axiomatic that many organizations “fail” information security, in the sense that they have significant unmitigated vulnerabilities that they are unaware of… until it’s too late. What are some of the reasons why? At the level of...
by Andrea VanSeveren | Apr 20, 2021 | Third Party Risk Management
Reading Time: 3 minutes
With the SolarWinds megahack still being unpacked, the issue of third-party risk management (TPRM) is once again in the cybersecurity headlines. Why can’t our industry do a better job addressing the red-alert risks that certain...
by Andrea VanSeveren | Apr 19, 2021 | Third Party Risk Management
Reading Time: 3 minutes
It’s ironic that the timing of the SolarWinds breach, which compromised all five branches of the US military along with potentially thousands of other organizations, hit the headlines just two weeks after the initial rollout of the...
by Andrea VanSeveren | Apr 17, 2021 | Government
Reading Time: 2 minutes
A wise man once said that the only thing worse than too little information security guidance is too much information security guidance. With the US Department of Defense (DoD)’s Cybersecurity Maturity Model Certification (CMMC) now...