NIST Framework v1.1 Enhancements Widen Applicability Across Organizations and Industries

The update was intended to clarify, refine and enhance the Framework, increasing its value and making it easier for even more organizations to use it in managing their cybersecurity risk. For the most part, the NIST Cybersecurity Framework v1.1 is consistent and fully compatible with v1.0, and it remains flexible, voluntary and cost-effective. Here are some key NIST CSF v1.1 updates explained - including supply chain risk management and more.

Read More
The Pentagon to Include Contractor Security Into Buying Decisions - How Contractors Can "Deliver Uncompromised"

On June 8, the Washington Post reported that the Chinese government hackers had compromised the computers of a Navy contractor, and had completed a mission to steal large amounts of sensitive data, some of which included secret plans to develop a supersonic anti-ship missile to be used on U.S. submarines in less than two years time. DFARS 252.204-7012 will likely become a FAR in 2019. Here’s why.

Read More
Alison Furneaux
Tips for Your Next Risk Assessment Based on NIST 800-30

The demand for responsible cybersecurity in business is ubiquitous. The need to protect information is not limited to the financial services, insurance and healthcare sectors. It’s difficult to identify an industry that escapes some type of obligation to protect electronic information. The ultimate goal of a risk-aware cyber program is, in part, to better manage those risks, which inevitably cover the entire organization, vendors, applications and customer base in many cases. It's no surprise that having this knowledge across your organization leads to effective cyber risk management.

Read More
Defense Federal Acquisition Regulation Supplement Overview for Companies with Defense-Related Revenue

Putting off DFARS compliance? Some companies have yet to implement an adequate cybersecurity program, and are seeing delays in contract wins and a drop in business. Perhaps to put further pressure on these companies, the DoD now has issued guidance that demonstrates both its insistence on strong cybersecurity practices from its third-party providers and its intent to cut ties with those who do not.

Read More
NIST CSF Update Uses Valuable Feedback to Make Invaluable Changes: How Businesses Can Approach v1.1

“Engagement and collaboration will continue to be essential to the framework’s success,” said Barrett. The process for gathering feedback that was used to update Framework v1.0 received high praise from the cybersecurity community and was continued during the development of v1.1. It has evolved to be more informative, useful, and inclusive of all types of organizations past ust critical infrastructure, especially now attractive to those with a large supply chain. Learn more about the NIST Framework’s v1.1 additions….

Read More
Bright Horizons CISO Attests to CyberStrong's Value in Company's Enterprise Compliance and Risk Programs

Bright Horizons Family Solutions® Inc. (NYSE: BFAM), a leading provider of high-quality child care, early education and other services designed to help employers and families better address the challenges of work and family life. The organization has hundreds of locations across the US and abroad, thus the issues of cybersecurity and risk management are taken very seriously across the organization. Javed Ikbal, the CISO and VP of Information Security, Risk Management and Compliance at Bright Horizons speaks on why he chose CyberStrong to add value to his compliance and risk programs.

Read More
Alison Furneaux
State of Ohio Passes Law That Would Provide Safe Harbor to Companies Standardizing on NIST Standards and More

Senate Bill 220, also known as the Data Protection Act, was recently introduced in the Ohio legislature. If passed, the Data Protection Act will create a safe harbor from certain liability as a result of a data breach where the organization has complied with NIST standards or certain other cybersecurity frameworks. CyberStrong is the only platform that allows you to adopt, measure, prove progress and ultimately prove real, evidence-based and measurable adoption of these standards in a way that future-proofs your compliance.

Read More
DFARS Cybersecurity 2.0: What We Learned From the DCMA About 800-171 Requirements This Year

In May of this year, members of the CyberSaint team attended the National Defense Industrial Association New England Chapter’s annual forum. This year, the topic was DFARS Cybersecurity 2.0: The Year of Continuous Monitoring with a spotlight on the GDPR. Here’s what we learned is the landscape of enforcement, audit, and compliance for the Defense Federal Acquisition Regulation this year.

Read More
Press Release: CyberSaint Security Raises $3 Million In Growth Financing

BOSTON, May 29, 2018 /PRNewswire/ -- CyberSaint Security, a cybersecurity software company providing a comprehensive solution to cyber-resilience, compliance and risk management through the CyberStrong Platform, today announced the closing of a $3 million growth round of financing. The proceeds will be used to expand its worldwide sales team and fuel continued platform innovation.  The round was co-led by Audeo Capital and founding investor, BlueIO.

Read More
Security Fragmentation in Governance, Risk, and Compliance

Part of running a proactive cybersecurity program is realizing that cyber isn't just a security problem - it's a business problem. Security efforts exist to better support and protect all business functions, sensitive data, and livelihoods of employees and customers. Without the effort and understanding of all business areas, a security team's efforts to standardize cybersecurity tends to be less effective and much less efficient than it would be otherwise.

Read More