This blog post ‘How to mature Audit and Accountability’ is the third in a series on Cybersecurity Maturity Model Certification (CMMC) – a US Department of Defense (DoD) initiative that imposes requirements on contractors and subcontractors to help safeguard information within the US defense supply chain.
Read More
The Cybersecurity Maturity Model Certification (CMMC) is a US initiative lead by the Office of the Assistant Secretary of Defense for Acquisition within the Department of Defense (DoD). It imposes requirements on DOD contractors and subcontractors to help safeguard information within the US Defense supply chain. This post is the second in a series where we analyse the CMMC and look at how you might achieve compliance or use it as a basis of your own information security programme. You can read the first post that gives an overview of CMMC, here.
Read More
Cyber security and regulatory compliance are frequent bedfellows. If compliance standards aren’t specifically driving security adoption, they are affecting wider areas, such as GDPR and privacy, which significantly impacts on security.
Read More
The Cybersecurity Maturity Model Certification (CMMC) is a US initiative lead by the Office of the Assistant Secretary of Defense for Acquisition within the Department of Defense (DoD). It imposes requirements on DOD contractors and subcontractors to help safeguard information within the US defense supply chain.
Read More
In the UK, the National Cyber Security Centre (NCSC) runs an information assurance scheme called Cyber Essentials. Our blog post series looks at each of the framework’s five focus areas and offers practical hints and tips on security requirements and value to organisations wishing to follow its advice.
Read More
The importance of accurately identifying and communicating a business’s risk exposure has never been more critical. This is particularly true for audit and security managers who undertake cyber security audits.
Read More
Cyber security compliance is a growing obligation for businesses across every industry. In some cases, this is a mandatory requirement. Whilst this is a challenge for all organisations, for many it’s overwhelming since they don’t have the expertise to decipher the standard and apply it to their own IT infrastructure.
This blog post takes a look a how to get started with security compliance.
Read More
An increasing number of regulations and standards across many different industries are stipulating the cyber security controls that should be implemented by businesses and governments to protect their information. A recent collaboration between the Monetary Authority of Singapore (MAS) and the Bank of England (BofE) has seen them develop best practices for supervising cyber risk in banks and financial organisations. Standards are a great way to consistently explain the security target organisations should strive for, where they have a requirement to protect sensitive information like credit card numbers and personally identifying information. However, the issues relating to achieving cyber security compliance almost put the targets out of reach.
Read More
The latest Protective Security Policy Framework (PSPF) compliance report for the period 2017-18 was released by Australia’s Attorney General’s Department last week. The PSPF defines the Australian Government’s security classifications and associated handling protections of official information.
Read More
APRA CPS 234, the new Australian Prudential Regulatory Authority (APRA) Prudential Standard came into effect on 1st July 2019. The prudential regulator has warned businesses not to be complacent; 36 breach notifications have been received in the first four months of the new regime.
Read More