incident response

GSA’s proposed new rule to govern data breaches, government access, proprietary information, and contractor responsibilities

In November 2018, U.S. General Services Administration (GSA) published its intent to enact a new rule on the reporting of data breaches. GSA is the U.S. government’s lead contracting agency. GSA also manages many government-wide IT security programs, like FedRAMP and cloud.gov. The proposed rule will ensure that GSA, plus the agency customer, will have… Read more »

Still Lagging on DFARS? The Navy Has A Memo For You

by Heather Engel, Sera-Brynn Chief Strategy Officer The Assistant Secretary of the Navy recently released a memo imposing additional requirements on select contracts. For the last three years, Defense contractors have been working (some more diligently than others) to comply with DFARS clause 252.204-7012 that requires implementation of NIST SP 800-171. I’ve written numerous articles… Read more »

Good Communications Planning Increases Resilience

By: Loren Dealy MahlerPresident, Dealy Mahler Strategies, LLC The last two years have given us a plethora of news headlines taking companies to task for incidents that exposed or directly compromised customer data. From very large events involving millions of financial records, to smaller events involving personal health information, the hits just keep coming. As… Read more »

Managing, mitigating and financing cyber liability is critical for risk management

Charleston, S.C. — Big data breaches such as last year’s hack of the federal government’s Office of Personnel Management, or previous hacks at Target or Home Depot, get all the headlines and notoriety. It’s the “little” data breaches, however, that are the most deadly — to small businesses. CEO Rob Hegedus and EVP Heather Engel,… Read more »

DFARS 252.204-7012 to Safeguard Covered Defense Information

By Heather Engel, Sera-Brynn, Executive Vice President  This article is the fifth in a series. The protection of Covered Defense Information (CDI) that resides on or transits through contractor information systems is of paramount importance to the Department of Defense (DoD). Particularly in light of the stunning volume of cyber attacks on DoD networks. Over… Read more »

If you are breached, you’re not the victim. You’re the villain.

By Rob Hegedus, Sera-Brynn CEO A disturbing trend is developing in the corporate world and unfortunately it’s only going to get worse: Breached companies are not the victims. They are the villains. High profile businesses and organizations, to include publicly traded companies, hospital networks and top non-profits, are no longer viewed as the victim following… Read more »

Understanding Cyber Incidents And How To Respond

The scariest thing about a cyber attack on a business is that often employees and owners have no idea they’ve been breached until an outside party (a credit card brand, Federal investigators, or even consumers) brings it to their attention. There are two types of incidents – suspected and confirmed. A suspected incident is known… Read more »

How I Learned to Stop Worrying and Love Cyber Security: Sera-Brynn CEO Perspective

By Rob S. Hegedus CEO, Sera-Brynn In a market economy, supply follows demand, and the demand for cyber security will reach over $170B in the next five years. Not surprisingly, it seems a lot of companies are jumping into the market. “Cybersecurity” is now the “service du jour.” Traditional information technology firms, government contractors, and… Read more »

Healthcare Related Cyber Attacks – What’s Going On?

Over the last few months, there has been a rash of successful healthcare related cyber-attacks in the news. These breaches range from hundreds of thousands to tens of millions of compromised records. LifeWise Health Plan. LifeWise is notifying more than 250,000 patients who may have had their personal data compromised by a cyber-attack in late… Read more »