by John Verry | May 7, 2021 | ISO 27001 Certification
Reading Time: 4 minutes
Over the last 20+ years, one of the most frequent questions I’ve answered for clients that need to move to a (more) “provably secure” state (e.g., ISO 27001 certification, CMMC compliance, SOC 2 attestation) is “Why don’t you just...
by Alex Fugairon | Apr 28, 2021 | InfoSec Risk Assessment
Reading Time: 4 minutes
The “Goldilocks and the Three Bears” Approach I’m sure most people are familiar with the children’s tale of “Goldilocks and the Three Bears.” What does that have to do with security risk assessments? I’ve found that when...
by John Verry | Mar 23, 2021 | InfoSec Strategies
Reading Time: 3 minutes
Cyber attacks against higher education institutions continue to escalate, and the reason is simple: these organizations remain vulnerable. Technology use on campus is evolving faster than corresponding data protections, exposing...
by Andrea VanSeveren | Mar 16, 2021 | FedRamp
Reading Time: 3 minutes
FedRAMP, the Federal Risk and Authorization Management Program, is the gateway to selling cloud services to US government agencies. To be awarded a FedRAMP Authority to Operate (ATO), most cloud service providers (CSPs) need to take...
by Andrea VanSeveren | Mar 12, 2021 | FedRamp
Reading Time: 3 minutes
FedRAMP, the Federal Risk and Authorization Management Program, assesses the cybersecurity of cloud services on behalf of all US government agencies. You need a FedRAMP Authority to Operate (ATO) to sell to government agencies. But...
