cybersecurity

Oversight is Coming: How to Prepare for a DCMA Supply Chain Audit

This article is the first in a two-part series. On January 21, 2019 the DoD released a memo requiring DCMA to validate contractor procedures for supply chain management. If you are a prime or sub on Department of Defense contracts, then your contracts are already subject to DCMA administrative oversight. This new memo adds to… Read more »

Kicking the Tires on FedRAMP

Straight talk about whether FedRAMP accreditation is right for you. In the world of FedRAMP, you are either a cloud service provider (CSP) or a user of cloud services. Many of our CSP clients are asked about FedRAMP accreditation. In some cases, a government user has told them they should be FedRAMP accredited. This is… Read more »

Cybersecurity’s 3-Million-Person Workforce Shortage is Now a Risk Management Problem

Cybersecurity’s 3-million-person workforce shortage is now a risk management problem. The cybersecurity workforce needs and wants you!  Good news for many of us – but from an employer or strategic workforce planning perspective, this is problematic. There’s now a shortage of people qualified to protect data, systems, and operations. Worldwide, the cybersecurity workforce shortage is… Read more »

Guided by Motto “Cybersecurity is a Team Sport,” Sera-Brynn’s New Fractional CISO Service Takes Off

There’s a need for coordinated, cohesive teams of cyber talent. Suffolk, VA, March 19, 2019 — Sera-Brynn, LLC, a global leader in cybersecurity compliance and risk management, launched a new service in 2019: the Fractional Chief Information Security Officer (FCISO).  Sera-Brynn believes the popularity of the FCISO service is due to the cybersecurity skill set… Read more »

Understanding the Red Team Cycle

… and avoiding the “one and done” mentality in cybersecurity decision-making. The term Red Team is being used loosely as another term for penetration testing, though it is generally not being used as a solid business planning tool for improving the overall security of an organization’s security.  The relationship between doing a Red Team exercise… Read more »

Is “FedRAMP Ready” Status in your PaaS, IaaS, or SaaS’ Future?

“FedRAMP Ready” is an official designation from the Federal Risk and Authorization Management Program, or FedRAMP. The status of “FedRAMP Ready” is awarded to cloud service providers who undergo an independent security assessment to show they are ready to move ahead with the full FedRAMP authorization process.  Achieving FedRAMP Ready status is typically a singular… Read more »

Final Compliance Date for NY DFS Cybersecurity Regulation is March 1, 2019

A significant deadline is now approaching under the New York State Department of Financial Services (“DFS”) cybersecurity regulation, 23 NYCRR 500.   On March 1, 2019, the two-year transitional period under the NY DFS regulation expires and all remaining requirements become effective. The final requirement concerns supply chain cybersecurity. Background The NY DFS cybersecurity framework requires… Read more »

In the News: NEO Blockchain adds Spatium™ wallet to the list of approved wallets

In recent news, Spatium announced that its wallet for storing cryptocurrency was accepted into the NEO blockchain community.  In order to be accepted into the selective community, Spatium’s wallet underwent multiple, rigorous technical security reviews.  Sera-Brynn was the independent third-party evaluator.  Spatium states that its “software wallet promises greater security than today’s hardware wallets based… Read more »

Our 5 Favorite Blogs of 2018 on Cybersecurity and Privacy for Businesses

FedRAMP strategy, red teaming, NIST privacy standards, evolving Federal acquisition rules, Ohio’s new cybersecurity safe harbor law – these are some of the Sera-Brynn staff blog topics from 2018.  We wrote about GDPR (but are still digesting PIPEDA, the Canadian privacy law).  We continued to talk about the FAR Reform.  We published a guest blogger’s… Read more »