Topic: Cybersecurity Policy

From the Spring 2023 Issue

New and Improved ISO/IEC 27002: A Comprehensive Guide to Strengthen Cybersecurity and Data Protection

Author(s):

Dr. Michael C. Redmond, PhD, Founder and CEO, Redmond Worldwide

New and Improved ISO/IEC 27002

ISO/IEC 27002:2022 is an essential information security standard that helps organizations protect their data and assets. It provides a comprehensive set of guidelines and best practices to help ensure the Confidentiality, Integrity and Availability (CIA) of sensitive information. It outlines a strong framework for risk assessment and management, as well as robust operational security controls, … Read more

From the Spring 2021 Issue

Compliance is Cumbersome – Cloud Can Help

Author(s):

Christopher Hughes, Managing Consultant/Cybersecurity Professor/Board Advisor , Oteemo

compliance-is-cumbersome

Anyone who has ever worked in Compliance can attest to the fact that it can be a cumbersome and tedious activity. It often involves screenshots, spreadsheets, and other inefficient and not so exciting activities that no one is thrilled to do. In this article, we will discuss how cloud computing changes these traditional approaches to … Read more

From the Fall 2020 Issue

Change Management: Encounters of a Strategic Security Kind

Author(s):

Amy Kissinger, MS Cyber Security 2020 Graduate, Author

Kissinger-feature

Strategy is Tiered and Targeted Over Time Change Management for enterprise security sensitivity or awareness involves strategically framing the internal and external environment. Within this framework, there must be a clearly defined external villain as well as internal security heroes of an organization.[1] For an example of directed strategy, we can look no further than the … Read more

From the Winter 2020 Issue

Threat Modeling: Methodologies, Myths, and Missing Perspectives

Author(s):

Hilary MacMillan, EVP for Engineering, CyLogic

Threat Modeling

On April 10, 2014, citizens of Ghaziabad, a city near Delhi, India, cast their ballots for parliamentary elections using electronic voting machines. The machines – and the votes they held – had to be stored in a secure location for a month, until vote counting was set to begin.  When planning, election officials accounted for … Read more

From the Winter 2020 Issue

Outsourcing Your Security Operations Center and Why It Makes Good Sense

Author(s):

John Price, Chief Executive Officer, SubRosa

SOCaaS Outsourcing

2019 saw more than its fair share of data breaches, including numerous mega breaches that were considered newsworthy. These breaches were costing organizations hundreds of millions of dollars and affecting billions of consumers across the globe. 2019 also saw many smaller, but just as damaging breaches. The breaches affected retail companies like Macy’s and Saks … Read more

From the Fall 2019 Issue

Practical Advice for DoD Contractor Cybersecurity Compliance

Author(s):

Glyn Cashwell, Esq., JD, CISSP, CSEP, PMP, PE, ProObject/Cashwell Legal, LLC

Compliance

There are a number of questions that small businesses frequently ask about cybersecurity compliance within their organization. It is important for the DoD small business community to better understand Controlled but Unclassified Information (CUI), DFARS 252.204-7012, and Cybersecurity Maturity Model Certification (CMMC). What Exactly is Controlled but Unclassified Information (CUI)? CUI must be clearly marked … Read more

From the Fall 2019 Issue

Data Subject Access Requests (DSAR) Under CCPA (California Consumer Privacy Act): Challenges and Solutions

Author(s):

Sameer Ahirrao, Founder and CEO, Ardent Security

CCPA Header

Background Privacy laws are coming in effect worldwide and GDPR (General Data Protection Regulation), the most comprehensive data protection law, came in effect in May 2018 in Europe. Here in the U.S., CCPA (California Consumer Privacy Act) will be a landmark law for protecting consumer data privacy. This act will go into effect in January … Read more

From the Spring 2019 Issue

Evolution of National Cyber Strategy in the United States

Author(s):

Eric Hipkins, Founder and Chief Executive Officer, R9B

“Everything in war is simple, but the simplest thing is difficult.” -Carl von Clausewitz What would the old Prussian general have to say about warfare in the 21st century? The wars of today, and certainly of tomorrow, may be readily understood as anything but simple. At least in comparison to the days of armies meeting … Read more

From the Spring 2019 Issue

Cybersecurity and Critical Infrastructure: A Growing Sense of Urgency Part 2

Author(s):

Audie Hittle, Chief Innovation Officer , Mystek Systems, Inc.

critical infrastructure sp19

Part II – Responding Faster to Threats Part II of this article will discuss mechanisms that can increase the speed with which responses to critical infrastructure threats can be executed. So what are some specific options and what can be done to implement a faster, more aggressive response to such cyber threats? One security approach … Read more

From the Winter 2019 Issue

Designing Compliance: To Cloud or Not to Cloud?

Author(s):

Ryan Brady, Cybersecurity Analyst, ProObject

RyanBrady-feature-image-wn19

Organizations implementing a new corporate network may find it more practical to not deploy and manage an on-premises network infrastructure (e.g., a network with local internally managed servers). The cloud provides an attractive alternative. Data storage, virtualization, software development, and system management are all managed offsite by cloud service providers. These offerings collectively comprise software … Read more