"Secure" Digitization - Is It Possible?

The rapid increase in the number of internet-connected devices and rise of the Internet of Things comes with great anticipation and sometimes fear from those in the security space. Newly connected devices lead to enhanced business processes and increased customer satisfaction in many cases, but also the increase in cyber risks.

Read More
Alison FurneauxIoT, digitization
NIST Small Business Cybersecurity Act Passed Into Law

U.S. President Donald Trump signed the NIST Small Business Cybersecurity Act, S. 770 (formerly known as the MAIN STREET Cybersecurity Act) into law on Tuesday, August 14, 2018. It requires NIST to "disseminate clear and concise resources to help small business concerns identify, assess, manage, and reduce their cybersecurity risks." This is a massive achievement, as many small businesses want to adopt it, they are having trouble doing so because of the complexity.

Read More
An Actionable Definition of Information Risk Management

If you search for “Information Risk Management” on the internet, you’ll probably come up with many different definitions explaining what IRM is, or what the author believes it to be. The truth us you can learn more about IRM by searching for “NIST 800-53,” but many of the definitions you read are ubiquitous, or too theoretical to make actionable. Here’s the definition you need.

Read More
Get Your Compliance Projects Off Spreadsheets With These Corporate Compliance and Oversight Tools

In the corporate compliance and oversight use case, it's essential to have the right tools at hand. Implementing an integrated risk management tool can be the no-fail way for you to achieve continuous, provable compliance rapidly. If you have a tool that centralizes information from various sources into an integrated, asset-based risk framework and that, controls and remediation activities, you are, as they say, "GOLDEN".

Read More
Integrated Risk Management Solutions: Critical Use Cases to Look Out For

Integrated Risk Management solutions offer a holistic, comprehensive view of risk management by combining technology, process, and data to enable the simplification, automation, and integration of both strategic and operational management processes related to compliance and risk. These solutions provide a comprehensive view across all business units, risk areas, and compliance functions, also including business partners, suppliers, and other third parties.

Read More
Healthcare Mobile Device Security According to NIST and NCCoE

An article from HealthITSecurity detailed that NIST and the National Cybersecurity Center of Excellence (NCCoE) have released a guidance on how healthcare providers can make an effort to secure mobile devices in the healthcare industry. The securing Electronic Records on Mobile Devices guidance gives information for security practitioners, IT-focused professionals, and security engineers.

Read More
The Importance of IoT Security for Federal Agencies

“Know what’s in your environment,” Turk said. “You may not know all of your IoT, but I’ve got a good hunch that you’ve probably got a sense of where it all is. You know your printers, you know your copiers now have computers in them, and they’re going to be storing information, and they have the ability to take that information and send it out to random places.” Learn more about IoT security for federal agencies.

Read More
How to Do Supply Chain Risk Management Right - According to NIST

We all remember the Target security breach - what may be less known is that the hack was made possible through a vendor portal. Part of business risk management involves controlling supply chain vendors. A supply chain may begin with products and services for design, development and manufacturing, and extend to processing, handling, and eventually delivery to the end user. Given these interconnected relationships and the potential for liability, supply chain risk management (Supply Chain Risk Management) should have a high priority in most if not all businesses. Learn how.

Read More
NIST Framework v1.1 Enhancements Widen Applicability Across Organizations and Industries

The update was intended to clarify, refine and enhance the Framework, increasing its value and making it easier for even more organizations to use it in managing their cybersecurity risk. For the most part, the NIST Cybersecurity Framework v1.1 is consistent and fully compatible with v1.0, and it remains flexible, voluntary and cost-effective. Here are some key NIST CSF v1.1 updates explained - including supply chain risk management and more.

Read More
The Pentagon to Include Contractor Security Into Buying Decisions - How Contractors Can "Deliver Uncompromised"

On June 8, the Washington Post reported that the Chinese government hackers had compromised the computers of a Navy contractor, and had completed a mission to steal large amounts of sensitive data, some of which included secret plans to develop a supersonic anti-ship missile to be used on U.S. submarines in less than two years time. DFARS 252.204-7012 will likely become a FAR in 2019. Here’s why.

Read More
Alison Furneaux