cybersecurity

Own It, Secure IT and Protect IT: National Cybersecurity Awareness Month Kicks Off with a Theme of Personal Accountability

National Cybersecurity Awareness Month 2019 focuses on being accountable and proactive — hence the “Own IT. Secure IT. Protect IT.” slogan. Here are some tips and references on how you can incorporate this into your daily activities at work, home, and on the go: Social Media Multi-factor authentication, or MFA, is widely available now and… Read more »

The Higher Ed Model for Cybersecurity Compliance

There are fundamental challenges to fully implementing the NIST 800-171 cybersecurity framework. However, a new study shows that higher education institutions overcome these challenges and place among the top tier of organizations for compliance. Organizations that handle sensitive government information and data face a foreign intelligence threat that is unprecedented in history. Despite this, most… Read more »

Cybersecurity Audit and Advisory Leader Sera-Brynn Launches Cornerstone Continuous Monitoring Solution: SIEM as a Service

SUFFOLK, VIRGINIA (July 30, 2019) Sera-Brynn, a global leader in cybersecurity compliance and risk management, announces the launch of its Security Information Event Management as a Service (SIEMaaS). SIEM as a Service is an advanced monitoring service to detect cybersecurity attacks and network breaches so that immediate action can be taken. Sera-Brynn’s forensics experts and… Read more »

The Guardians of Society – MSPs

You read that right.  And I’m especially referring to Managed Service Providers (MSPs) that support the Information Technology needs of small and medium-sized businesses. Here’s why: Small businesses represent half of the country’s GDP. They represent just over 99% of all employer firms, and 64% of all net-new private sector jobs. They handle sensitive data… Read more »

What You Need to Know About 800-171 Revisions

The long awaited NIST 800-171 Revision 2 and 800-171B drafts were released for comment today. There have been no major changes to the controls in Revision 2. This is good news for many in the DIB who have been diligently working to implement and maintain the security requirements. Of more interest is 171B enhanced security… Read more »

GLBA is About to Get a Cybersecurity Upgrade

If you aren’t a regular reader of the Federal Register, you may have missed a proposed upgrade for safeguarding customer information. Background When the Gramm Leach Bliley Act, fondly known as GLBA, was enacted in 1999 we were worried about Y2K, a gallon of gas cost $1.22, and SpongeBob SquarePants had just premiered on Nickelodeon…. Read more »

Cybersecurity Training Is Not Optional…Unless You Are in the House

Congressional Cybersecurity Training Resolution will mandate training for elected officials. Cybersecurity risk management is about understanding why you are a target, how you will be attacked, and the fallout if an attack is successful. Election security is a big deal. Right now, Florida is trying to get a handle on exactly who might have  been… Read more »

Data Security under the California Consumer Privacy Act: Instructions Not Included

“Reasonable security.” If you’re a California business, this is what’s generally expected of you (e.g., Cal. Civ. Code § 1798.81.5).  If you collect personal data, you are expected to secure it.  But what’s the right level of cybersecurity under the California Consumer Privacy Act of 2018 (CCPA)?  Are specific frameworks recommended? Let’s wade into the… Read more »

Cybersecurity Frameworks – A (Hard)Core Feature of The Ohio Data Protection Act

In 2018, Ohio – the home of the Rock & Roll Hall of Fame – enacted a cybersecurity law that rocked cybersecurity frameworks. The Ohio Data Protection Act (“ODPA” or the Act) creates a safe harbor for organizations that adopt one of ten cybersecurity compliance frameworks. This is unique. Most other state cybersecurity laws don’t… Read more »

Oversight is Coming – Part 2: DCMA to Assess Supply Chain Compliance with DFARS

Last week, we covered the DoD memo assigning DCMA audit responsibilities for marking CUI. The same memo indicates that DCMA will also be evaluating a contractor’s procedures for assessing supply chain compliance with DFARS 252.204-7012. Today we are taking a deeper dive into what that means and what a supply chain assessment looks like. As… Read more »