Foster Charles

Recent years have seen cloud computing diversify into several deployment models suited to different workloads and business needs. The general classifications fall either into the category of public or private cloud, though many organizations use both in the form of a hybrid cloud deployment.

Last week, the U.S. Department of Defense came out with updates to CMMC the framework. The aim of the updates, labeled "CMMC 2.0", is to provide strategic direction following an internal program assessment by the Department leaders. The revision still maintains the compliance's goal of safeguarding sensitive information, while simplifying the standards it follows.

With cyberattacks costing businesses and governments billions of dollars every year, it’s never been more important to adopt a proactive approach to information security.

Organizations can no longer afford to view cybersecurity as a necessary evil and a mere cost center. Instead, they should view it as an integral component of their value propositions now that customers are increasingly wary about who they do business with. In other words, good security is good for business, not just because it helps mitigate risk, but because it opens the door to lucrative new ...

There are three primary components of the globally adopted NIST Cybersecurity Framework: the framework core, the profiles, and implementation tiers. While the framework details the specific control categories you need to protect your data, the profiles enable you to create a strategy for reducing risk. Implementation tiers, on the other hand, establish a baseline for cybersecurity that you can ...

The NIST Cybersecurity Framework is a leading global standard in cybersecurity, as well as the basis of many legal regulations and other standards. There are three main elements to the framework – the framework core, profiles, and implementation tiers. These tiers are intended to provide context for stakeholders to help determine the degree to which their organizations exhibit the characteristics ...

One of the most common drawbacks of cybersecurity frameworks and standards is that they fail to make a sufficiently compelling case to business leaders. Many focus on the needs of IT teams and exhibit high technological complexity and technical challenges for implementation. Others are biased towards specific types of computing infrastructure or even specific vendors.

Control mapping is the process of bringing together two or more compliance domains or sets of business requirements to build a strategy that aligns to your unique needs. While the NIST CSF controls set the standards for information security, which controls you apply and how you apply them depends on your unique business environment. Important factors to consider are your appetite for risk, the ...

The NIST Cybersecurity Framework is a globally recognized set of best security practices and guidelines. Although compliance is voluntary, and the framework provides much flexibility over how organizations implement the various controls it encompasses, it is heavily tied to the NIST Special Publication 800 53.

The NIST Cybersecurity Framework was first released in 2014 with the purpose of promoting better risk management and innovation across the critical infrastructure sector in the US. Since then, it has been widely adopted around the world across a multitude of industries, including defense, healthcare, and legal.