How to Quickly Use the AESCSF Assessment Framework
What is the AESCSF Framework? In 2017, the Australian government set out an initiative to strengthen the country’s cybersecurity posture and created the AESCSF. The framework went under revision in 2019, and again in 2020. Though no major changes were made in 2020, the revision came as part of Australia’s Cybersecurity Strategy 2020, which has […]
Solar Winds’ Orion Platform Hack Looks Like It Started With Simple Human Error
A brief (high level view) summary of what happened: A group of hackers were able to add disguised malware into a system in Solar Wind’s Orion Network Management Platform that pushes out updates to organizations who use Orion. When the compromised Orion system pushed out the update, the organizations who received it were unable to […]
The first 3 things to focus on in cybersecurity risk management.
Edit: In case you missed the show, we have a video of it posted at the bottom of this blog post. Enjoy! Listen on Spotify or Apple Podcasts We’ve been working on a knowledge base of helpful content for the cybersecurity community and one of the open questions we asked was, How do […]
Is CMMC Mission Critical for You?
Who does CMMC apply to? Starting in September of 2020, companies who are going through the Department of Defense (DOD) procurement process are required to improve their cybersecurity hygiene. The DOD is requiring the Cybersecurity Maturity Model Certification (CMMC) for any company it conducts business with (including subcontractors). The required level will vary based on […]
Update: GDPR and its Lack of Precise Standards
Numerous cases under the GDPR standards are now in process or have already resulted in fines being levied:
MD Anderson Fined $4.3 Million for Data Breach
MD Anderson was accused of violating HIPAA by the Office for Civil Rights (OCR) for failing to encrypt devices that held electronically protected health information (ePHI). The failure exposed the ePHI of over 33,500 people when a laptop and two thumb drives were lost in 2012-2013.
What You Need to Know About Cybersecurity Ratings
What Are Security Ratings? Security ratings are metrics used by a number of different companies to quantify businesses’ cyber risk. As security ratings continue to mature, more organizations in the public and private sectors leverage ratings to make business and risk decisions. Because of the increased interest in security ratings, the US Chamber of Commerce […]
Recent Russian Cyber Attacks and How to Defend Your Business from Cybersecurity Threats
A Brief Explanation of the Russian Cyber Attacks On March 15, 2018, a Technical Alert (TA) was released jointly by the Department of Homeland Security (DHS) and the FBI which implicated Russian government cyber actors in the targeting of numerous US, Canadian, and European targets. The cyberattacks used a variety of infection vectors, including malicious […]
Cyber Attacks and Regulation of the Pipeline Industry
Hackers last week infiltrated a communications platform provided by Energy Services Group LLC, which Bloomberg reports impacted five pipeline operators. This has provided increased focus to an ongoing thrust for cybersecurity regulation of the energy industry and its subset, the pipeline industry.
What You Need to Know About DFARS
What is DFARS, and Why Are My Customers Asking About It? If it’s been asked, you are either in the process of responding to an RFP or already have a contract with the Department of Defense (DoD). All Defense contractors that process, store, or transmit Controlled Unclassified Information (CUI) must meet the Defense Federal Acquisition […]