Risk assessment has been and continues to be, one of the more challenging cybersecurity practices that many organizations will put into place. Unlike simple security control implementation and maintenance, risk assessment calls for your organization to understand how adopting, or not adopting, particular controls, operations or processes can impact security.

As the federal government and the defense supply chain are turning more and more attention to the importance of cybersecurity (including President Biden’s Executive Order on the subject and the several bills in Congress addressing limitations in our security posture), businesses working in that area will be expected to implement risk-based compliance. This fact, in turn, means that you must understand critical government frameworks that speak about risk. 

In this article, we are discussing NIST 800-30 and how it serves as a foundation for risk assessment in government compliance. 

Read More

The Defense Industrial Base (DIB) supply chain is integral to the security and well-being of our country and includes everyone from government agencies to IT contractors providing software, applications and cloud services to those agencies. It seems obvious that the regulations pertaining to these companies and their products would be more stringent than others, and would include more than simple security measures. That’s where RMF plays a major role. 

In this article, we discuss RMF and how it breaks down into actionable steps. Furthermore, we will discuss the importance of risk management for DoD contractors and why you should work with experts in managing your own risk. 

Read More

Business Continuity Planning in a Coronavirus World

The need for a business continuity plan is becoming more critical as businesses adjust disruptions caused by the coronavirus.

A virus in and of itself can’t shut your company’s systems, operations, or services down, but it can impact how a business functions. It’s not often that businesses face a pandemic. Still, natural disasters, human-made disasters, security threats (such as a malware attack), and an outage are a reality. If businesses want to ensure a smooth recovery process and continuity of operations, they must do a risk assessment and develop a recovery services strategy with disaster recovery and business continuity plans.

Read More