Sitemap

CMMC Assessment Pilot Programs: When, What and Who?

US Department of Defense (DoD) subcontractors of all sizes are gearing up for compliance with the new Cybersecurity Maturity Model Certification (CMMC) standard. The mind-boggling scale of the assessment/certification effort dictates a methodical rollout approach by...

What’s the Cost of ISO 27701 Certification?

The new ISO 27701 privacy extension to the ISO 27001 information security standard can be a “one stop shop” to holistically manage compliance and attestation for both cybersecurity and data privacy. Leveraging these internationally trusted standards in tandem helps...

CMMC and ISO 27001 Audit Requirements Compared

If your company participates in US Department of Defense (DoD) contracts, you probably already know about the new Cybersecurity Maturity Model Certification (CMMC) audit program, which will progressively roll out through 2025. CMMC certification “raises the bar” over...

Data Controller vs. Data Processor: Are We Neither, Either or Both?

Data privacy regulations like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are impacting more and more businesses in all sectors. Not only do many companies need to comply with these laws, but also clients and other...

Why Data Flow Mapping is Key to Web App Security Testing

The Application Security Verification Standard (ASVS) V4 from the Open Web Application Security Project (OWASP) was created to help the industry advance the maturity and consistency of web application security testing. It’s no secret that hackers are always upping...

Like Drogon Changed King’s Landing… CV-19 is Changing Information Security

If you don’t get the title reference I would encourage you to got to HBO Max and watch the complete back catalog of “Game of Thrones” (except perhaps Season 8). I would refer you to George R. Martin’s even better books, except that we are still awaiting books 6 and 7,...

What Makes a Great CIO or vCIO?

The virtual CIO (vCIO) role has been rapidly gaining momentum—and the IT turmoil brought about by the COVID-19 pandemic has only heightened the interest. If your company is ready to engage a vCIO, what skills and traits should you look for? Most people would probably...

Just Like the Fox and the Hen House: Keeping IT and Information Security Assessment Separate

One of the challenges in our industry is everyone wants to be an information security company to at least some degree, and it’s not hard to understand why— everyone needs it. Everyone is being asked about it. There’s a lot of money to be made. How this plays out for...

What’s a vCIO? Wait… What’s a CIO?

There’s growing buzz around the virtual CIO (vCIO) concept, especially now as SMBs struggle to wrap their IT capabilities around increased teleworking and other changes resulting from the COVID-19 pandemic. Is a vCIO relationship right for your business in these...

This is Why DoD Suppliers Need to Move Soon to CMMC Readiness

The US Department of Defense (DoD) audit-based Cyber Maturity Model Certification (CMMC) program went live on January 31, 2020. The rollout timeframe is five years; CMMC certification won’t be mandated in all DoD RFIs and RFPs until 2026. The DoD anticipates that...