Kevin McKenzie

No matter where your organization is on your #ZeroTrust journey, achieving optimal maturity is always the end goal. Check out some tips and tactics to help you build your #ZTA with CDW VP of Security Stephanie Hagopian! #Security https://dy.si/RhqFA

19

Say goodbye to ransomware threats with 100% visibility into all human and non-human identities and automated access reviews. Achieve least privilege posture, eliminate over-permissioned exposures, and address Shadow Access. Enjoy real-time database monitoring, cloud incident prevention, and seamless compliance automation. Want to learn how you can achieve all of this? click here: https://stackidentity.com/ #CyberSecurity #RansomwareProtection #UnifiedIdentityFabric #StackIdentity #ITSecurity #ProactiveSecurity #ShadowAccess #DataBreach #IdentitySecurity #CloudSecurity #IdentityandAccessManagement

23

The Cybersecurity and Infrastructure Security Agency (CISA) has recently published guidance on implementing Encrypted DNS to enhance security for federal agencies. This proactive step aims to protect sensitive information and mitigate DNS-based threats. Stay informed by reading the full article here: https://lnkd.in/d3Ncqctk 🛡️💻 #CyberSecurity #CISA #EncryptedDNS #DataProtection

1

Question for the CMMC-aware folks in my network: The new DoD CIO FAQ dropped today with some interesting clarifications (or so I'd hoped) about #CMMC applicability for MSPs. However, the wording of FAQs 31 & 33 seem contradictory or otherwise unclear. https://lnkd.in/eTBSHhmQ -Q31. We separately outsource our IT support to an MSP and our security tools are managed by a different MSSP. No CUI is with either vendor. Are they required to be assessed? -A31. In both cases, the MSP and MSSP services provided are both considered ESPs are the services are assessed as a Security Protection Asset Critical. -Q33. Our MSP remotely accesses our on-premises and cloud environments. CUI is stored in both environments. Does the MSP require a CMMC certification? -A33. No, as long as CUI is not processed, stored, or transmitted on MSP systems. My questions are: -Do Q31 and Q33 contradict each other? -According to DOD-2023-OS-0096-0003, Process is defined as if “CUI can be used by an asset (e.g., accessed, entered, edited, generated, manipulated or printed”, by that definition, wouldn't an MSP with any ability to access the CUI, via remote tools or otherwise, be in scope? What am I missing here? Ill be the first to admit I'm not a CMMC expert. Thanks in advance! Tagging those for reach. Matt Lee, CISSP, CCSP, CFR, PNPT, Jacob Hill, Jacob Horne

13

11 Comments

Do you know the top threats to your data in 2023? Learn about the threat actors and tactics that loom largest in your industry. Get your complimentary copy of this summary of Verizon's DBIR report. VMware

1

Download the 2024 Frost Radar™ report to get an unbiased look comparing 9 leading PKIaaS vendors. What’s in the Report? ✅ Understand why PKI as a Service is a strategic imperative. ✅ Learn the core capabilities to evaluate when choosing a PKIaaS solution. ✅ Gain insights into the top PKIaaS vendors in the market. ✅ Discover why Keyfactor stands out as the premier choice. Download the report now: https://okt.to/fc0PVY #PKI #PKIaaS #DigitalTrust #Cybersecurity

9

1 Comment

Learn the core capabilities to evaluate when choosing a PKIaaS solution and gain insights into the top PKIaaS vendors in the market.

3

While CMMC’s core concepts remain intact from the initial release of CMMC 2.0 in November 2021, there are many important changes in final program rule, as well as important clarifications. The rule itself is not an easy read. Its 470 pages, 140,000 words, is acronym-laden and full of internal cross references and external references. In our webinar and the blog, Eric Crusius (Holland & Knight LLP), James Goepel (FutureFeed), and I have distilled the  final rule’s key elements, explaining the structure, requirements, timeline, caveats, and risks. #CMMC #FinalRule

17

Protected Health Information. Whether the data is mine, yours, a family member’s, or someone you know, it’s frequently under attack from external forces bent on attacking data systems with the sole goal of extracting personal data or disrupting care. Researchers publishing in the Journal of Clinical Monitoring and Computing say that hacking or an “IT incident,” such as an unauthorized login or accidental data exposure, are the cause of most breaches. One concern is the growth of the use of the Internet of Medical Things. These healthcare devices are connected to the Internet and can send data from the patient using the device to a healthcare provider. And that’s the rub. If these devices are hacked, a patient can suffer potential physical danger in addition to the loss of private health information. Oftentimes, outdated software or excessively lean IT departments, make it easier for hackers to implement attacks successfully. Read the article (PDF): https://lnkd.in/gNJQ39iN #Cybersecurity #Cyberattack #Healthcare

20

Attackers are adapting to the standard practices for vulnerability management. They aren’t using CVSS severity as the criteria for compromise. Instead, they are prioritizing the most exploitable vulnerabilities, which are often those ranked as medium or low severity. If security and patching teams are too focused on critical CVEs, they can miss middle-of-the-road exploits that allow attackers to gain network access and then move laterally into business-critical systems. Following your monthly scan, analyze vulns by the ease of exploit and compare that to the CVSS score. It may shed light on gaps you didn't know existed. #cybersecurity, #vulnerabilitymanagement, #proactivesecurity

13

2 Comments