Review of the Critical Infrastructure Maturity Model
The success and efficiency of any cybersecurity program depend primarily on how far people can see the difference between what situation they are in and what situation they think they are in. The Critical Infrastructure Maturity Model (CIMM) touches upon this critical issue.
How to Escape from Spreadsheet Hell (Cyber Risk Manager’s Edition)
First a pop quiz. (Don’t worry, I won’t call on you to answer in front of the class 😉)
Update: GDPR and its Lack of Precise Standards
Numerous cases under the GDPR standards are now in process or have already resulted in fines being levied:
MD Anderson Fined $4.3 Million for Data Breach
MD Anderson was accused of violating HIPAA by the Office for Civil Rights (OCR) for failing to encrypt devices that held electronically protected health information (ePHI). The failure exposed the ePHI of over 33,500 people when a laptop and two thumb drives were lost in 2012-2013.
What You Need to Know About Cybersecurity Ratings
What Are Security Ratings? Security ratings are metrics used by a number of different companies to quantify businesses’ cyber risk. As security ratings continue to mature, more organizations in the public and private sectors leverage ratings to make business and risk decisions. Because of the increased interest in security ratings, the US Chamber of Commerce […]
Recent Russian Cyber Attacks and How to Defend Your Business from Cybersecurity Threats
A Brief Explanation of the Russian Cyber Attacks On March 15, 2018, a Technical Alert (TA) was released jointly by the Department of Homeland Security (DHS) and the FBI which implicated Russian government cyber actors in the targeting of numerous US, Canadian, and European targets. The cyberattacks used a variety of infection vectors, including malicious […]
Cyber Attacks and Regulation of the Pipeline Industry
Hackers last week infiltrated a communications platform provided by Energy Services Group LLC, which Bloomberg reports impacted five pipeline operators. This has provided increased focus to an ongoing thrust for cybersecurity regulation of the energy industry and its subset, the pipeline industry.
What You Need to Know About DFARS
What is DFARS, and Why Are My Customers Asking About It? If it’s been asked, you are either in the process of responding to an RFP or already have a contract with the Department of Defense (DoD). All Defense contractors that process, store, or transmit Controlled Unclassified Information (CUI) must meet the Defense Federal Acquisition […]