WHAT IS CMMC? CMMC which stands for ‘Cybersecurity Maturity Model Certification’ is the upcoming required standard for all contractors and suppliers that work with the Department of Defense (DoD).
As people “Stay at Home” and work remotely during the COVID-19 pandemic, organizations have an increased reliance on external partners, suppliers, and third party vendors to keep their businesses running. For some companies, this may be the first time their employees worked outside of their office, without the benefit of established cyber security policies for […]
Your Vendors May Be Weak Links in Supply Chain Breaches
According to a survey conducted by the Ponemon Institute in 2018, 59 percent of companies have experienced a third-party breach of some type. Despite the high prevalence of these incidents however, only 16 percent say they effectively mitigate third-party risks.
NYCRR 500 New York City is often referred to as the financial capital of the world; with the state of cybersecurity today and the increasing barrage of threats that financial related institutions must combat on a daily basis, it is no wonder that New York became the first state to take government action to do something […]
Author: Glenn A. Stout, Ph.D, PMP Your organization just experienced a data security breach. All of the data that was entrusted to your organization to be kept safe is now “out there” on the Internet. Your organization doesn’t have an incident response plan. Who do you call? When should you call? What information needs to be […]
Author: Viviana Wesley, PCI QSA Some recent breaches of cardholder data have been the direct result of a successful compromise of a trusted third party to the breached entity. For example, a factor in the well-publicized breach at Target may have been compromised credentials of a trusted service provider with access to the Target internal […]
One of the common misunderstandings we’ve noticed among merchants is in relation to the proper definition of a PCI Service Provider. Most companies understand that if they share cardholder data with a third party, that entity is a Service Provider and needs to be covered for DSS requirements 12.8.x. But there’s another class of Service Providers that often gets […]