Demystifying CMMC: How It Can Help Counter Current Cyberattacks
By Adam Kohnke, CISSP
The publicly available Cybersecurity Maturity Model Certification (CMMC) is getting a lot of attention these days, both within and outside the public sector. Developed by the U.S. Department of Defense in response to escalating cyberattacks aimed at the defense industrial base and DoD supply chain, CMMC has broader appeal for any organization determining the maturity of its IT security controls. But what, exactly, does it do to improve an organization’s cybersecurity posture? Read More
7 Ways to Enhance Your Business Reputation Through Security
By Duncan Greaves
Your business reputation is key to building communities, establishing partnerships, and why others choose your solutions. That reputation, whether you operate as a “solopreneur” or employee, is an external evaluation based on such criteria as direct experience, communications, branding, and/or established thought leadership. Information security professionals too often leave business reputations up to other departments or employees. However, they play no small role in how that organization’s reputation is shaped and evolves. Read More
Can There Be Trustworthy Software Supply Chains?
By Matt Gillespie
Supply chain security depends on its weakest link, a problematic reality for software because so many links are hidden from view.
When the software vendor acts as the root of trust for its customers, verifying product authenticity is more or less equated to verifying safety. But that system of belief breaks down if the vendor itself is compromised, as when SolarWinds’ trusted components proved untrustworthy after a cyberattack in early 2020. Read More
Panel: Understanding the Extensive Ransomware Threat
By Paul South
Spencer Wilcox remembers the first time he heard a respected security expert talk of “it’s not if, it’s when” in terms of ransomware attacks.
“I remember thinking at the time, ‘Well, that seems defeatist,’” Wilcox, chief security officer and executive director of technology at PNIM Resources, said. “Of course, like everybody else in the industry, I matured to finally get to a point where I can accept disaster. This [though] is a level of disaster I don’t think any of us are prepared to accept. So, as a result, we’ve got to figure out better ways to prevent ransomware. And more importantly, we have to have great ways to recover.” Read More