Blogs & Analysis

But Seriously, What is a 3PAO?

3PAO means “third party assessment organization” under the FedRAMP program. FedRAMP is the U.S. government’s first program for the protection of federal information in the cloud. A 3PAO audits the cloud service provider because, in short, self-assessments are not permitted. Stated another way: a 3PAO is an independent entity that performs initial and period security… Read more »

Privacy Framework: NIST is in the House.

This month, NIST kicked off a series of public meetings to highlight its efforts to create a voluntary Privacy Framework. Much in the same way it developed the Cybersecurity Framework, NIST is trying to achieve a technology-privacy balance within the guidance by crowdsourcing its way there.  By bringing in views from federal agencies, small businesses,… Read more »

FedRAMP: A Heavyweight Security Framework for Cloud Service Providers

You need FedRAMP if you want to prove your cloud services is secure enough for U.S. government data. Read the full September 6, 2018 article published on cybersecurityventures.com here. In its latest Compliance Report for Cybersecurity Ventures, Sera-Brynn shared how FedRAMP came into being, who should care, and why being FedRAMP-authorized is important for companies. “The… Read more »

Good Communications Planning Increases Resilience

By: Loren Dealy MahlerPresident, Dealy Mahler Strategies, LLC The last two years have given us a plethora of news headlines taking companies to task for incidents that exposed or directly compromised customer data. From very large events involving millions of financial records, to smaller events involving personal health information, the hits just keep coming. As… Read more »

Cyber Tips For Students Heading Off To College

Thousands of students will head off to college later this summer and fall and take with them laptops, smartphones, tablets, gaming consoles and myriad other electronic devices. But they are probably not taking the proper precautions against the risks posed by the use of those devices. Whether it’s having someone walk off with an unattended… Read more »

The Kaspersky Ban

October 1, 2018 Deadline for Government Contractors to Comply with the FAR Ban on Kaspersky Lab Products Nears On October 1, 2018, U.S. government contractors will need to be compliant with the government-wide ban on the use of Kaspersky Lab products and services in support of their government contracts.  An interim rule requiring the insertion… Read more »

The Heavyweight Rules and Concepts You Need to Know About FedRAMP

The first rule of FedRAMP is … You do not talk about FedRAMP! (Sorry, that’s of course a quote from Fight Club, a movie about an insomniac office worker looking to shake things up with, well… fighting.) The real first rule about FedRAMP is that companies should attain the certification to show that their cloud… Read more »

What Cyber Framework Should My Organization Follow?

What are Security Frameworks? Security frameworks provide a calculated approach to determining risk, setting up a security strategy, and allocating security resources. They are (or should be) measurable, repeatable, and are often standardized by industry. With all the frameworks available…NIST, ISO, NERC CIP, PCI…which is right for your organization? Well the answer is…it depends. Where… Read more »

A Cybersecurity Checklist for GDPR

Where Does Cybersecurity Fit into GDPR? By Heather Engel, Sera-Brynn Chief Strategy Officer By now most everyone has heard of GDPR, or at the very least been bombarded by pop-up messages asking you to accept cookies and confirm access to your data as you surf the web. But if you are responsible for the security… Read more »

Why does your organization need a CISO?

By Crystal Silins, Senior Security Analyst Most companies today employ a Chief Information Officer (CIO) or Chief Technology Officer (CTO), an executive responsible for all things IT for the organization. The CIO or CTO typically reports directly to the CEO, and educates executive management and employees on the business value and risk that IT systems… Read more »