Tobias Musser’s Post

CMMC Level 2 Assessment Objective: Communications Authenticity PRACTICE: Organizations must protect the authenticity of communications sessions. ASSESSMENT: Authenticity protection includes protecting against man-in-the-middle attacks, session hijacking, and the insertion of false information into communications sessions. This requirement addresses communications protection at the session-versus-packet level, and it establishes grounds for confidence at both ends of communications sessions in ongoing identities of other parties and in the validity of information transmitted. Be prepared! Your assessor could ask to 🔍 EXAMINE system and communications protection policy. 🗣 INTERVIEW system or network administrators. 📝 TEST mechanisms supporting or implementing session authenticity. (CMMC Assessment Guide: Level 2 Version 2.11, page 237) #CMMC #DoD #cybersecurity #NIST #InformationSecurity

CMMC Level 2 Assessment Objective: Public-Access System Separation [CUI Data] PRACTICE: Organizations must implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. ASSESSMENT: Organizations are required to separate publicly accessible systems from the internal systems that need to be protected. That means internal systems cannot be placed on the same network as the publicly accessible systems. Access to internal networks must be blocked by default from demilitarized zone (DMZ) networks, which are subnetworks that are physically or logically separated from internal networks. Be prepared! Your assessor could ask to 🔍 EXAMINE system and communications protection policy. 🗣 INTERVIEW system or network administrators. 📝 TEST mechanisms implementing boundary protection capability. (CMMC Assessment Guide: Level 2 Version 2.11, page 216) #CMMC #DoD #cybersecurity #NIST #InformationSecurity

CMMC Level 2 Assessment Objective: System & File Scanning Protection for Controlled Unclassified Information (CUI) Data PRACTICE: Organizations must perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed. ASSESSMENT: Periodic scans of organizational systems and real-time scans of files from external sources can detect malicious code. Organizations should use antimalware software to scan for and identify viruses in computer systems, and they should determine how often scans are conducted. Real-time scans look at the system whenever new files are downloaded, opened, and saved. Periodic scans check previously saved files against updated malware information. Be prepared! Your assessor could ask to 🔍 EXAMINE system and information integrity policy. 🗣 INTERVIEW system or network administrators. 📝 TEST organizational processes for employing, updating, and configuring malicious code protection mechanisms. (CMMC Assessment Guide: Level 2 Version 2.11, page 251) #CMMC #DoD #cybersecurity #NIST #InformationSecurity

🔒 確保數據安全：超越網絡安全配件 如果我們旨在保護機構會員和受助者的個人資料，僅依靠網絡安全 (Cyber Security)配件是不夠！ 我們需要從兩個角度來理解這一點。 首先，我們的數據設計是否容易被管理團隊之外的同事登入？ 系統是否有安全規定來保障機構如何處理個人數據？ 其次，我們是否制定了一套員工應遵循的規則，以處理內部流程和指引？ 雖然網絡安全是機構保護的外屏障，系統的法規也需要提高安全標準。 🔒 Ensuring Data Security: Beyond Cybersecurity Accessories If we aim to protect the personal data of our institution's members and beneficiaries, relying solely on network security accessories is not enough! We need to understand this from two perspectives. Firstly, is our data design easily accessible by colleagues outside the management team? Are there security regulations in place to safeguard how the institution handles personal data? Secondly, have we established a set of rules for employees to follow in handling internal processes and guidelines? While network security serves as an external barrier for institutional protection, the system's regulations also need to elevate security standards. #Cybersecurity #Personaldata #DataProtection #KSolveglobal #ISO27001 #ISO9001 Aaron Hui Bao Bau Ken Chung Alex Lau

CMMC Level 2 Assessment Objective: Flaw Remediation for Controlled Unclassified Information (CUI) Data PRACTICE: Organizations must identify, report, and correct system flaws in a timely manner. ASSESSMENT: All software and firmware have potential flaws. Organizations must identify systems that are affected by announced software and firmware flaws, including potential vulnerabilities resulting from those flaws, and report this information to designated personnel with information security responsibilities. Security-relevant updates include patches, service packs, hot fixes, and antivirus signatures. Be prepared! Your assessor could ask to 🔍 EXAMINE system and information integrity policy. 🗣 INTERVIEW system or network administrators. 📝 TEST organizational processes for identifying, reporting, and correcting system flaws. (CMMC Assessment Guide: Level 2 Version 2.11, page 241) #CMMC #DoD #cybersecurity #NIST #InformationSecurity

ISO 27001:2022 | Physical Entry Within any organisation, one of the key objectives should be protecting the organisational assets. One critical element to consider is "requiring all personnel and interested parties to wear some form of visible identification and to immediately notify security personnel if they encounter unescorted visitors and anyone not wearing visible identification. Easily distinguishable badges should be considered to better identify permanent employees, suppliers and visitors." Within one particular organisation this week, they were adhering to the above procedure. In addition to this, staff passes enabled them to access certain areas of the building (dependent on their role based access control policy) however "visitor" passes would automatically deny entry into any part of the building. What physical controls does your organisation have in place to protect the organisations assets? KNOWLEDGE IS IMPORTANT, ACTION IS CRITICAL. Are you CYBERFIT? 🙌 #CYBERFIT #CyberWellbeing #Cybersecurity

A robust incident response plan is crucial for organizations to swiftly mitigate threats and minimize damage—here are 6 essential steps every organization should have in place, and how cloudDFN's cDFN Managed SOC can implement them for comprehensive protection. #cybersecurity #infosec #security #incidentresponse #managedsoc

As a SOC analyst, one of the key daily responsibilities is reviewing security logs and alerts to identify potential incidents or threats. However, the routine nature of this task can sometimes lead to complacency. It’s crucial to remember that cyberattacks don’t take 24 hours to unfold—they can happen in the blink of an eye, often when we least expect it. Neglecting these alerts, even for a day, can have serious consequences. Always stay vigilant—the alert you skip today might be the one that saves your organization from a costly breach. #Cybersecurity #SOCAnalyst #IncidentResponse #ThreatDetection #SecurityMonitoring #CyberAwareness #InfoSec #Vigilance #SecurityOperations #SIEM

True Positive vs. False Positive… What does that mean? What context are we talking about? In MSSP / SOC land, I’ve had conversations with hundreds of customers on this topic and what I can conclude is that we (customer and provider) need to agree on context and terminology before we make assumptions. I believe the provider has an opinion on if the detection rules and technology are functioning as expected. I consider this “Detection Accuracy”. I believe the consumer cares most about if the escalation/ticket/case is actionable. I call this “Detection Relevancy”. I wondering if my network feels accuracy and relevancy in SOC escalations are a problem (because of context) and what needs to change to solve it? #cybersecurity #mssp #survey #truepositive #falsepositive

🚨 Shared Workstations: A Security & Compliance Risk 🚨 If your company uses shared workstations, it’s not just a security concern—it can also violate many regulatory frameworks. Protect your business with Gatekeeper (gkaccess.com): a solution that assigns each user a proximity-based hardware token and PIN (2FA), logging every login and tying workstation usage to a specific individual. Ensure compliance and boost security! Roc IT Consulting can install Gatekeeper and train your team for seamless use. Contact us today to learn more: 585-649-0030 📞 #CyberSecurity #Compliance #2FA #ITSolutions #efficiency #passwordmanager #proximityauthentication #proximitylogin #MFA #compliance #CMMC #DFARS #gkaccess