Cryptojacking: How to protect yourself

What is Cryptojacking and How to Protect Yourself

In the cyber-security industry, the only constant, it seems, is change. The threat landscape is always shifting as cyber criminals seek new ways to exploit individuals, corporations, and nations themselves. One significant shift in the threat landscape is with cryptojacking. While the impact to individuals and organizations is not maleficent like ransomware or theft or […]

Information Security Policies and why they are important

Information Security Policies: Why They Are Important To Your Organization

In a previous blog post, I outlined how security procedures fit in your overall information security documentation library and how they provide the “how” when it comes to the consistent implementation of security controls in an organization. This blog post takes you back to the foundation of an organization’s security program – information security policies […]

The FedRAMP SSP (System Security Plan) Tips for Successful Outcome

The FedRAMP SSP: Important Tips for a Successful Outcome

Whether for an agency assessment or a Joint Authorization Board (JAB) assessment, the FedRAMP System Security Plan (SSP) is the foundational document that supports a FedRAMP assessment. From it, the government agency representatives and the Third Party Assessment Organization (3PAO) are able to get an understanding of how the FedRAMP baseline security controls are implemented […]

FISMA Compliance

FISMA Compliance: Security Standards & Guidelines Overview

The Federal Information Security Management Act (FISMA) was originally released in December 2002 and established the importance of information security principles and practices within the Federal Government, noting that information security was “critical to the economic and national security interests of the United States.

FedRamp monitoring

FedRAMP Continuous Monitoring – What Are the Responsibilities of CSPs and 3PAOs?

Today’s information environments are always changing, whether through the development of new capabilities, patching systems, responding to new threats and vulnerabilities, or fixing discrepancies within the system. Each change to the system carries with it an inherent security risk. Therefore, that security risk must be evaluated in the context of the security posture of the […]

FARS - compliance

The DFARS Compliance Deadline is Fast Approaching – Will You Be Ready?

Since November 2013 with the release of its initial rule on safeguarding covered defense information and cyber incident reporting, the Department of Defense (DOD) has been working to impose additional requirements on defense contractors that process, store, or transmit what is identified as covered defense information. The Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 […]