Sitemap

GDPR, CCPA and the NIST Privacy Framework, OH MY!

GDPR, CCPA and the NIST Privacy Framework, OH MY! Like Dorothy in The Wizard of Oz, those of us concerned with privacy regulations seem to be following a yellow brick road. Although where this one ends there’s no all-powerful and all-knowing man behind the curtain…...

How Much Will CMMC Certification Cost My Business?

I was tempted to start this blog with a flip comment, like “How the #$%&*@ am I supposed to know? The #$%&*@ auditor program doesn’t even exist yet!!!” But Jeremy, our fearless Marketing leader, told me that using that kind of language in a blog may be...

Does Your Organization Need to Get CMMC Certified with the Limited Rollout? – Let’s Read the Tea Leaves

On January 31, 2020, version 1 of the Cyber Maturity Model Certification (CMMC) program went live with the intention of improving the overall information security posture of the Defense Department’s supply chain. Good news for our nation’s cyber security. Not-so-good...

What CMMC Level Should Your Organization Pursue?

Now that the long waiting game is over and CMMC V1.0 is (Facebook) official, the biggest questions we are hearing from clients are: What CMMC Level should we pursue? How long will it take? How much will it cost? This blog post will address the first question, and I’ll...

Why OFIs in Your Internal ISO 27001 Audit Report are a “Good Thing”

I regularly perform internal Information Security Management System (ISMS) ISO 27001 audits for our clients. These internal audits provide management with assurance that the ISMS is effectively implemented and maintained. They also provide a mechanism to assess your...

How Does the CCPA Affect You and Your Vendors? – Quick Summary

The California Consumer Privacy Act (CCPA) went live on January 1st, 2020 and applies to any company (e.g., yours or your vendors’) that collects or provides the personal information of California residents and meets one or more of the following additional criteria:...

Using the Shared Assessments SCA for Added Benefits—Even If You’re Already ISO 27001 Certified

The Standardized Control Assessment (SCA) tool is provided by the Shared Assessments program. It’s part of their “Trust but Verify” model, where the Standardized Information Gathering (SIG) Questionnaire is the “Trust” portion and the SCA is the “Verify” portion. The...

Even The Greatest Jeopardy Contestants of All Time Struggle with Cybersecurity

If anyone out there is like me, you have enjoyed James Holzhauer, Ken Jennings and (a little of) Brad Rutter go toe to toe in the, “The Greatest of All Time” Jeopardy showdown over the last three nights. These guys are nothing short of amazing. They recall information...

ISO 27701 and ISO 27001—Better Together

We’re seeing a big uptick in interest in the newly published ISO 27701 data privacy extension to ISO 27001—especially among organizations that are considering ISO 27001 certification (or area already ISO 27001 certified). That makes sense given the high percentage of...

Why Business Impact Analysis and Recovery Planning Should Be Facility-Specific

Recently one of our legal clients asked for a business impact analysis (BIA). The BIA was to cover all of its other offices in the U.S. and abroad…  But we would interview only the personnel at the headquarters office. In other words, the functional recovery plan...