Tag Archives: NIST

CMMC 101: The Basics of Cybersecurity Maturity Model Certification

WHAT IS CMMC? CMMC which stands for ‘Cybersecurity Maturity Model Certification’ is the upcoming required standard for all contractors and suppliers that work with the Department of Defense (DoD). WHY IS THIS NEEDED? The new framework is to ensure contractors and suppliers have appropriate cybersecurity frameworks in place to protect data such as Controlled Unclassified […]

NIST Cyber Security Risk Management Conference – Reasonable Risk

NIST Cyber Security Risk Management Conference – Reasonable Risk. Our partner, Chris Cronin will be speaking with  Phyllis Lee of the CIS (Center for Internet Security).

THE FTC IS TELLING US THAT PCI DSS CERTIFICATION IS NOT ENOUGH. NOW WHAT?

As part of its enduring interest in LifeLock, Inc., the Federal Trade Commission issued the following statement on December 17, 2015, “PCI DSS certification is insufficient in and of itself to establish the existence of reasonable security protections … the existence of a PCI DSS certification is an important consideration in, but by no means […]

REDUCING RISKS THROUGH COMPENSATION: HOW TO INSTITUTIONALIZE RISK MANAGEMENT IN EMPLOYEE INCENTIVE COMPENSATION PLANS

REDUCING RISKS THROUGH COMPENSATION. Has your organization been struggling to achieve its compliance goals? Whether your organization is new to risk management or you’ve been struggling with compliance for some time, making compliance a part of every employee’s compensation plan is a smart strategy. This can get everyone in your organization thinking about information security […]

PCI DSS v3.1 Coming – SSL No Longer Considered Strong Cryptography

SSL No Longer Considered Strong Cryptography Author: Viviana Wesley, PCI QSA In a recent bulletin the Payment Card Industry Security Standards Council (PCI SSC) stated that updates will be forthcoming to the Data Security Standard (DSS) version 3.0 – and very soon.  The change is related to vulnerabilities seen with Secure Socket Layer (SSL) cryptography.

Vendor Risk Management Hype Extends Beyond Target®

The Target® Breach in November 2013 lives infamously in our memories and has served as a pivot point for all businesses with regard to third party vendor management (TPRM).  After all, who could have imagined that the giant retailer would have been breached through a seemingly insignificant third party that didn’t seem to have direct […]

Darrell Issa Just Learned the Difference Between Compliance and Security. Let’s Hope for a Payoff.

Darrell Issa’s House Committee on Oversight and Government Reform has been busy looking into the security of the healthcare.gov website and its connected systems.