Mark B.

Get ready for CMMC 2.0 in December. Even if your organization is not providing products or services to the United States Department of Defense, it's worth reviewing CMMC to see where you are and how you can mature your cybersecurity program. https://lnkd.in/dSk4KcQg #cybersecurity #infosec #DoD #CMMC

1

Corncon24 is in day two and we are listening to Zach Kromkowski drop some knowledge on asset hardening.

16

3 Comments

SQL injection bug allows anyone to skip airport security

1

Thoughts on Just-In-Time procedures and NIST SP 800-171 / #CMMC compliance... At Kieri Solutions - Authorized C3PAO , we figured out that people follow procedures best when they 𝘢𝘳𝘦𝘯'𝘵 𝘱𝘳𝘰𝘤𝘦𝘥𝘶𝘳𝘦𝘴. ??? Let me explain. You're onboarding a new user. To be compliant with #CMMC, your onboarding team needs to go through a convoluted process involving getting details about the new user, verifying NDA, background checks, training, requesting permissions, justifying permissions, reviewing permissions, authorizing permissions, creating accounts, creating records of the accounts, creating records of the permissions for the accounts, assigning expiration dates for each account, setting up a laptop, authorizing the laptop...!!! It goes on and on. If your strategy is to tell your HR and IT team that they need to perfectly follow a 70 step process on page 19 of ye old 𝐈𝐓_𝐏𝐫𝐨𝐜𝐞𝐝𝐮𝐫𝐞𝐬_𝐌𝐚𝐧𝐮𝐚𝐥, 𝘺𝘰𝘶 𝘮𝘪𝘨𝘩𝘵 𝘢𝘴 𝘸𝘦𝘭𝘭 𝘱𝘢𝘤𝘬 𝘶𝘱 𝘺𝘰𝘶𝘳 𝘣𝘢𝘨𝘴 𝘳𝘪𝘨𝘩𝘵 𝘯𝘰𝘸. The error rate will be upwards of 80%, unless you nag and threaten 😡 everyone constantly, in which case you might get down to an error rate of 30% (and your team will quit). Instead, if you use a combination of a well-designed Access Request Form and an Account Management database, all your team needs to do is remember to start with the correct form. 📝 The form should have fields and just-in-time instructions for each step of the process between HR and your IT Department. All your team needs to do is fill out each field in the form and they will complete the background screening, training, permissions, justifications, etc. naturally without nagging. Then, a well designed Account Management database helps your team manage the accounts long-term by including checks ◻️ for commonly-forgotten steps (like user agreements), next-review dates, annual training refresher dates, mapping the user to their supervisor, granular "should-be" permissions for both digital systems and facilities, and historic authorization notes. The last step for perfect procedures is a regular review to look for and fix errors. But again, if you want to be successful, don't expect your team to remember your dusty policies and procedures book in the corner. Instead, use a scheduled task, a ticket, or a checklist with just-in-time instructions to make sure that the review gets done. Pro-tip: next-review-dates are an excellent way to spread this task across time, instead of trying to do it all in one lump. Are your compliance policies and processes working for you, or against you? There is a better way. Use thoughtful design in your compliance system to reduce errors and streamline functionality. Screenshot below is from the Kieri Compliance Documentation's Account Management Database, showing some of the magic of our full-featured 800-171 / CMMC Level 2 compliance program. I'll put the link in comments, for anyone that is interested.

54

5 Comments

This is an area where we need the best regardless of party. Hardening of our IT infrastructure needs to happen quickly. I'm a proponent of cooperation between the private and federal sector. The risk of playing politics or favoritism is too great for our national security. I recommend for those who want to better understand what's at stake you may want to read, Worm: The First Digital World War, published in 2011. The threat today and what's at stake is even greater.

1

Missed the Anatomy of a Ransomware Attack Live Simulation? Here’s what you should know: -Clumio ensures your backups are incorruptible -Recover data quickly and easily in the event of ransomware -Reduce the complexity and cost of ransomware resilience -Get a #ransomware risk assessment today! https://bit.ly/3xFmT5D

21

EC2 Compromise Leads to S3 Bucket Exfiltration

53

Not everything you hear about cybersecurity is completely accurate, and certain myths are undermining your organization's ability to respond to threats. Schedule a free consultation to separate security fact from fiction.

1

With an increase in consumer banking done online post-pandemic, and the current geopolitical situation, it’s important for the Public and Private sectors to share threat intelligence to stop bad actors and Secure the Internet.

5

Understanding your SPRS score is critical for NIST 800-171 compliance, but managing it can be complex. Victor Cich, Compliance Consultant at RADICL demonstrates how our platform’s live score calculator gives you real-time updates as you assess each requirement, making compliance tracking easier for your team. Check out this clip to see how our platform simplifies compliance management. How do you ensure your team stays on top of compliance? #SPRS #ComplianceTracking #NIST800171 #CyberSecurity #RADICL #DefenseIndustry

4

Pretty cool to see this come to fruition, with 3 areas of focus for delivering AI capabilities for operations, enabling AI adoption, and countering AI threats

4

Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a vulnerability in Ivanti Endpoint Manager that is currently being actively exploited. Agencies are urged to apply available patches immediately to mitigate potential risks. This flaw could allow attackers to gain unauthorized access or execute malicious code, posing a significant threat to sensitive data and systems. It's crucial for organizations using Ivanti Endpoint Manager to prioritize these updates to safeguard their environments. #TechSecurity #CyberThreat #SecurityPatch #ITSecurity #Ascellainfose

1

The adoption of AI-powered applications is accelerating rapidly, challenging cloud security professionals to keep pace with robust protections. Don’t miss this opportunity to elevate your security strategy and secure your organization’s future. Watch now!

1