TransUnion shares the warning signs and financial impact of an insider threat

When people think about cybersecurity and protecting a company, organization or government agency’s networks and data, they picture cyberwarriors doing battle against sophisticated hackers, opposing nation states or hacktivist groups. And while that’s certainly part of the job, they often…

CMMC V1.0 – what is it and will it work?

Last week, my associate, Shane Rogers, shared an article on the GovCybersecurityHub discussing the Cybersecurity Maturity Model Certification (CMMC) and its potential impact on small- and medium-sized government contractors. Shane concluded that the Department of Defense (DoD) is taking incredible…

CMMC for SMBs – What should smaller contractors expect?

on January 31, 2020, the Honorable Ellen Lord, who currently serves as the Under Secretary of Defense for Acquisition and Sustainment, delivered the opening statement at the beginning of the official press briefing for the release of Cybersecurity Maturity Model…

The insider threat – the vulnerability that’s coming from inside the house

The insider threat: it’s one of the biggest and most persistent issues in cybersecurity. There have been multiple, recent high-profile cases – Manning, Snowden, and others. And these cases have both kept the issue in the public eye and kept…

The role and impact of SMBs in DoD cybersecurity

Last month, the GovCyberHub sat down with Parham Eftekhari, the Executive Director of the Institute for Critical Infrastructure Technology (ICIT), to talk about the key trends and topics of discussion at the organization’s 2019 Fall Briefing. During that discussion, Mr.…

Why leadership is essential for government cybersecurity – a Q&A with ICIT

The federal government is facing a confluence of factors that make defending their networks increasingly difficult at a time when the number and sophistication of the malicious actors attacking them is only increasing. That’s what we heard when we recently…

Why recent cybersecurity legislation is just window dressing

Representative Ro Khanna (D-Calif.) recently introduced cybersecurity legislation that would, “mandate Congress [to] direct OMB to require cybersecurity training for federal employees and include information on the risks of Internet of Things (IoT) devices…” On the surface, this seems like…

Compliance – is it becoming too big of a thing?

You have heard it enough to make you aim a fire extinguisher at your firewall: “compliance does not mean security.” Compliance work can consume up to 70 percent of security budgets in federal government agencies, and it is common to…

The ROI of cybersecurity solutions – does it exist?

What is the return on investment? Is it worth the money? That is the central question both government and industry ask themselves when deciding on any procurement. Unfortunately, demonstrating the ROI of cybersecurity products is notoriously difficult. And that’s one…

Security and compliance – they’re not the same thing

News Flash: Being compliant doesn’t mean you’re secure, any more than implementing security guarantees that you’re compliant. That’s right, compliance does not equal security. Compliance and security are separate and distinct goals. So, what is the difference? Compliance requires that you meet…