From the Fall 2019 Issue

DoD Contractors Prepare for CMMC Assessment and Certification in 2020

Author(s):

Chor-Ching Fan, President and CEO, Rizkly

CMMC Assessment and Certification in 2020

Department of Defense (DoD) contractors understand that demonstrating security and compliance is critical to winning business with the Pentagon. Recently, the DoD has announced a new security standard designed to address cybersecurity concerns for contractors providing products and services for the defense supply chain.[1] The Cybersecurity Maturity Model Certification (CMMC) will require cybersecurity audits and … Read more

From the Fall 2019 Issue

IT Governance to Streamline and Strengthen Your Cybersecurity Posture

Author(s):

Dr. Michael C. Redmond, Director, IT and GRC Consulting and Audit, EFPR Group

Redmond -feature-Governance

When Equifax became arguably the first firm to have its outlook downgraded due to the cybersecurity issues recently, the long-term impact of cyber ignorance became amply clear. Today, as organizations are leveraging more and more digital systems of engagement, transactions, and records, the ramifications of an adverse cyber event are getting bigger. The attacks are … Read more

From the Fall 2019 Issue

We Hear The Problems, But What Are The Solutions?

Author(s):

Tina C. Williams-Koroma, President/CEO, TCecure, LLC

Problem and Solutions

Where should we even start? That is a common question among company owners and executives when it comes to being presented with new cyber threats, compliance requirements, and/or regulations. There are malicious actor threats to their organizations. Additionally, companies face the hammer of non-compliance fines and often unfunded new governmental mandates. At many cybersecurity conferences, … Read more

From the Fall 2019 Issue

Hacking Humans: Are You Safe? Addressing Vulnerabilities in the Advancing Medical Device Landscape

Author(s):

Diane Janosek, National Security Agency, Commandant, NCS

Donna Raziano, MD, MBA, Chief Medical Officer, Mercy Home Health and Mercy LIFE

Gabrielle E. Hempel, CHTI, Security Analyst, Accenture

Digital Transformation

The United States’ healthcare system rests on a secure critical infrastructure. However, there are valid concerns that as doctors increasingly rely on these advances in healthcare devices, the risk to the patient correspondingly increases. Vulnerabilities in implantable devices are now recognized as a significant attack surface.  With technology advances, medical devices are being fitted with … Read more

From the Spring 2019 Issue

Data Minimization: How It Can Save Your Enterprise if Breached

Author(s):

Sameer Ahirrao, Founder and CEO, Ardent Security

Data Minimization

Introduction: “We must pass laws that require data minimization, ensuring companies do not keep sensitive data that they no longer need,” U.S. Senator Mark Warner and Vice Chairman of Senate Intelligence committee stated recently after a data breach at Marriott’s Starwood subsidiary. Marriott initially indicated that 500 million customers’ data was exposed. After three weeks, … Read more

From the Spring 2019 Issue

Incident Response: Making the Most of the Attorney-Client Privilege and the Work Product Doctrine

Author(s):

Razvan Miutescu, Privacy Counsel, Whiteford, Taylor & Preston

Incident Response

Organizations in the U.S. are faced with a growing web of complex foreign, federal, and state privacy and data protection laws that apply to their operations. Running afoul of these laws, particularly by suffering a data breach, is often met with an increased likelihood of litigation, including class actions. This article is a short guide … Read more

From the Spring 2019 Issue

Identity Theft: Common Sense is not Common

Author(s):

John Evans, Chief Operations Officer, Front Sight Protection

Sofia Cardante, Risk Manager, Front Sight Protection

Identity Theft

According to statistics and conversations with analysts from the Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Internet Crime Complaint Center (IC3), and members of the Federal Trade Commission’s (FTC) Consumer Sentinel Network, global identity theft is most prevalent in the United States with over 780 million … Read more

From the Winter 2019 Issue

Get into the Nitty Gritty Of Hybrid Cloud Management

Author(s):

Diana Vantur, Technology Analyst, TatvaSoft UK

Dianna Vantur feature image

IT managers can’t take their eyes off hybrid cloud management. Hybrid cloud is the latest technology fad. In a hybrid cloud implementation, enterprises creating a computing environment is a mix of capabilities deployed across both public and private clouds. Cloud computing has paid dividends in terms of increased productivity, cost reduction and easy scalability. Hybrid … Read more

From the Winter 2019 Issue

Orange is Not the New Black Hat

Author(s):

Griffin Weaver, Associate Attorney, USAA

Jason Edwards, Compliance Director - Cybersecurity, USAA

JasonEdwards-feature-image-wn19

As a cyber professional, the perks that come with working for a large company are many – new equipment, latest technology, big salary, and free soda, to name a few. However, one perk a company cannot offer, regardless of size, is a get out of jail free card for violations of the law. Just take … Read more

From the Winter 2019 Issue

Data Classification Business Process Changes Part 3 Conclusion

Author(s):

Bill Bonney, CISO Desk Reference Guide, CISO DRG Venture

BillBonney-feature-image-wn19

In the first article in this series, “Data Classification is the Key to Data Protection,” I asserted that “Data gains value from its use, not from being hidden and protected.” In the second article, “Data Classification That Honors Business Value,” I suggested that five new attributes be added to the standard five-tier (public, internal use … Read more