If you’re in the Department of Defense supply chain, you’ve become familiar with DFARS and the corresponding NIST SP 800-171 r1 over the last few years. It is a list of 110 controls that you need to be compliant with in order to continue supplying certain contracts.
Topics: Cybersecurity, Information Security, DFARS, cybersecurity plan, NIST
If you’re reading this, it’s very likely that you know how to use the internet. It’s also likely you’ve made an account on the internet somewhere. When you created your last account, what kind of requirements were you forced to use? For a number of web services, these requirements still follow the 2003 NIST SP 800-63 Appendix A standards that recommend an 8-character minimum, containing one uppercase, one lowercase, one digit, and one special character (Ex: Procircular1!).
Topics: Cybersecurity, Data Protection, Personal Privacy, hacking, NIST, Passwords
The reason we wear our seat belts is not to avoid getting a ticket from the police, but rather to avoid a potential injury in a car accident. This analogy is an easy way to describe the difference between box-checking security and real security, and it's instantly understood regardless of technical knowledge. This message resonates with executives, because they typically prefer to “get to the point” and correctly protecting their data is “the point” of cybersecurity.
Topics: HIPAA, Information Security, consumer security, Data Security, Data Protection, Vulnerability Assessment, it risk assessment, DFARS, cybersecurity plan, NIST
“What are the top 7 things you can do to protect your business from hackers?” Have you ever read a list like that on the internet? In the cybersecurity realm, they’re everywhere. I’ve even assembled and presented one of those lists to a group of business owners myself. They tend to point out things like user awareness training, patching and passwords. All noble things to get your arms around, of course, but are they useful to a client? Sometimes I feel as though those lists, as true as they are, are about as useful as telling a football team to “score touchdowns”, or “guard the quarterback.” Yeah, I know that scoring touchdowns is good… but how?
Topics: Cybersecurity, HIPAA, DDOS, it risk assessment, cybersecurity plan, NIST
The hot topic for contractors in the DoD supply chain these days is DFARS compliance. DFARS regulations increase our cybersecurity maturity as a country, to better protect ourselves from threats that can disrupt the DoD supply chain.