cyber

GSA’s proposed new rule to govern data breaches, government access, proprietary information, and contractor responsibilities

In November 2018, U.S. General Services Administration (GSA) published its intent to enact a new rule on the reporting of data breaches. GSA is the U.S. government’s lead contracting agency. GSA also manages many government-wide IT security programs, like FedRAMP and cloud.gov. The proposed rule will ensure that GSA, plus the agency customer, will have… Read more »

Using Red Team Assessments to Test Security Maturity

Red teaming is an under-appreciated term in modern businesses.  Red teaming is an opportunity for leadership to understand how an entire system works together to protect information critical to a company’s existence, their “crown jewels.” Red teaming in the age of the Internet has had companies focusing exclusively on CYBER Red Teams.  However, such an… Read more »

Ohio’s New Cybersecurity Law Grants Data Breach Litigation Safe Harbor

Ohio’s law – effective November 2018 – creates a safe harbor for organizations that adopt one of 10 cybersecurity compliance frameworks. With a new cybersecurity law, the home of the Rock and Roll Hall of Fame is now rocking the cybersecurity framework discussion. Effective November 2, 2018, Ohio’s law puts cybersecurity frameworks centerstage. The law… Read more »

PRESS RELEASE: New Blockchain-Powered SaaS for Cybersecurity Compliance Announced

Carver, Sera-Brynn’s new blockchain-powered SaaS offering, visualizes and manages cybersecurity compliance across enterprises and supply chains. Press Release – Suffolk, VA, Oct. 30, 2018  – Sera-Brynn, a leading cybersecurity audit and advisory firm, today unveiled Carver, a new software-as-a-service (SaaS) offering that helps organizations manage their security and regulatory compliance. “Sera-Brynn originally built Carver to… Read more »

Cybersecurity’s 3-Million-Person Workforce Shortage is Now a Risk Management Problem

Cybersecurity’s 3-million-person workforce shortage is now a risk management problem. The cybersecurity workforce needs and wants you!  Good news for many of us – but from an employer or strategic workforce planning perspective, this is problematic. There’s now a shortage of people qualified to protect data, systems, and operations. Worldwide, the cybersecurity workforce shortage is… Read more »

But Seriously, What is a 3PAO?

3PAO means “third party assessment organization” under the FedRAMP program. FedRAMP is the U.S. government’s first program for the protection of federal information in the cloud. A 3PAO audits the cloud service provider because, in short, self-assessments are not permitted. Stated another way: a 3PAO is an independent entity that performs initial and period security… Read more »

Privacy Framework: NIST is in the House.

This month, NIST kicked off a series of public meetings to highlight its efforts to create a voluntary Privacy Framework. Much in the same way it developed the Cybersecurity Framework, NIST is trying to achieve a technology-privacy balance within the guidance by crowdsourcing its way there.  By bringing in views from federal agencies, small businesses,… Read more »

How Do I Know if FedRAMP is Right For My Organization?

Why FedRAMP? Why now? One thing that’s become clear to me in the last few months is that many Cloud Service Providers, or CSPs as we’ll refer to them, are very UNCLEAR on what FedRAMP is, the commitment level, and how the process works. Many are being asked by government customers if they are FedRAMP… Read more »

FedRAMP: A Heavyweight Security Framework for Cloud Service Providers

The real first rule about FedRAMP is that it’s a certification companies should get if they want to prove that their cloud services and products are secure enough for U.S. government data. Read the full September 6, 2018 article published on cybersecurityventures.com here. In its latest Compliance Report for Cybersecurity Ventures, Sera-Brynn shares how the FedRAMP rules… Read more »

Cyber Tips For Students Heading Off To College

Thousands of students will head off to college later this summer and fall and take with them laptops, smartphones, tablets, gaming consoles and myriad other electronic devices. But they are probably not taking the proper precautions against the risks posed by the use of those devices. Whether it’s having someone walk off with an unattended… Read more »