Analysis

Why does your organization need a CISO?

By Crystal Silins, Senior Security Analyst Most companies today employ a Chief Information Officer (CIO) or Chief Technology Officer (CTO), an executive responsible for all things IT for the organization. The CIO or CTO typically reports directly to the CEO, and educates executive management and employees on the business value and risk that IT systems… Read more »

Digital Privacy and Apple Pie

By Colleen Johnson, Senior Cyber Legal Analyst, Sera-Brynn Thoughts on the American perspective on privacy, its revolutionary origins, and that Gosh Darn Privacy Regulation, GDPR. Supreme Court Justice Louis Brandeis is often credited with articulating the American perspective on the right to privacy. It was 1890. He called it “the right to be let alone.”… Read more »

What Cybersecurity is Really About in 2018

By Rob Hegedus, CEO, Sera-Brynn It’s not about the technology, it’s about insurability. With the implementation of GDPR, the inevitable FAR-wide adoption of NIST 800-171 standards (already mandatory for Department of Defense contractors), and the latest news on cybersecurity legislation from New York and South Carolina, the global business community as a whole is slowly but… Read more »

Virginia Business Article: Cybersecurity in the Global Shipping and Logistics Supply Chain

Virginia Business recently published a commentary by Sera-Brynn on cybersecurity in the global shipping and logistics supply chain. The article covers some historic cyberattacks in the maritime and shipping industry. And some cautionary notes on delivery drones, autonomous warehouse robots, and mass digitization of records in the highly-transactional industries that make up the logistics supply… Read more »

GDPR: How EU Enforcement Works and Doesn’t Work

For non-EU-based companies, preparing for the new EU privacy law GDPR – the General Data Protection Regulation – can be stressful the first time around, and the threat of fines up to 4% of annual sales isn’t making it any better. The fact that you don’t fully know what kind of information your company and… Read more »

Dear Sara

Dear Sara, I am an IT Director at a small company here in Pennsylvania. I was browsing Twitter TM a couple of days ago and saw several references to GDPR, the General Data Protection Regulation. Apparently, it is some onerous requirement about European resident privacy. I mentioned it to our CEO, but she told me… Read more »

Live Webinar NIST 800-171 Compliance Higher Education / Research Institutions

Thursday, May 10, 2018 2 – 3pm EST Register here Heather Engel, Sera-Brynn’s Chief Strategy Officer will discuss the challenges colleges and universities face as they attempt to secure their cyber infrastructure to comply with new federal regulations as a condition of receiving research grants. Sera-Brynn is a top 10 global cybersecurity compliance firm. “Most… Read more »

DoD releases a much-anticipated update to the FAR/DFARs FAQs.

What you need to know now By Heather Engel, Sera-Brynn Chief Strategy Officer DoD’s original FAQ was issued in January 2017, with answers to 59 questions on general application, security requirements, and cloud computing. The FAQ issued on April 2, 2018 nearly doubles that with answers to 109 questions on DFARS 252.204-7008 and 252.204-7012, FAR… Read more »

Cloud Service Provider Requirements for FedRAMP Compliance

By Lindsey Benes, Sera-Brynn Security Analyst In the realm of securing sensitive data, acronyms abound and FedRAMP is one heard quite often. The Federal Risk and Authorization Management Program, or FedRAMP, was developed to standardize the approach to security assessment, authorization and continuous monitoring for cloud products and services. FedRAMP was developed in collaboration with… Read more »

ICYMI: Webinar – Cybersecurity Compliance for Higher Education: 2018 and Beyond, presented by Williams Mullen & Sera-Brynn (03.06.2018)

In case you missed it, watch our latest webinar for higher education here. The complexity of operations, research and compliance mandates in higher education presents unique challenges in securing information systems. Cybersecurity compliance affects everything from the handling of student data to the use of cloud services and supply chain management. You will learn:  … Read more »