Mike Bailie

3 Things You Need to Get Right to Achieve CMMC Level 3 Certification

3 Things You Need to Get Right to Achieve CMMC Level 3 Certification

While CMMC levels one and two encompass the transitional work required to get your cyber hygiene up to scratch, the third level is the one that most organizations will be aiming for. This level is currently the most common certification to aim for, as it is a requirement for businesses that handle controlled unclassified information (CUI) on behalf of the Department of Defense. You generally ...

DFARS 252.204-7012: Are the physical safeguards protecting your IT systems enough?

DFARS 252.204-7012: Are the physical safeguards protecting your IT systems enough?

In the days of widespread virtualization and cloud computing, it might seem physical security is no longer as relevant as it once was. However, this is simply not the case. All data has to live somewhere on a physical device, be that in a major data center used by hundreds of other companies or in an in-house server room exclusive to one business. While companies might not have any direct control ...

DFARS 252.204-7012: Tips for making sure your IT maintenance is up to standard

DFARS 252.204-7012: Tips for making sure your IT maintenance is up to standard

Unscheduled downtime costs businesses millions of dollars every year, but lost productivity is not the only threat. Maintaining the integrity of any information-bearing system is also essential for adhering to regulatory demands, such as those provided under the DFARS 252.204-7012 clause. Maintaining baseline configurations to ensure the integrity of information and security controls is also a ...

DFARS 252.204-7012: Key Identification and Authentication Protocols

DFARS 252.204-7012: Key Identification and Authentication Protocols

Identification and authentication is one of the central pillars of any cybersecurity strategy, and it is essential to achieving compliance with the DFARS 252.204-7012 clause. Based on NIST SP 800 171, compliance requires adherence to all the primary domains of information security. This also includes measures like mandatory security awareness training, encryption of data at rest or in transit, ...

DFARS 252.204-7012: Are you equipped for configuration management?

DFARS 252.204-7012: Are you equipped for configuration management?

Configuration management is one of the 14 control families covered under the NIST SP 800 171 cybersecurity framework. Adherence to the globally recognized standard is an essential part of achieving compliance with the DFARS 252.204-7012 clause. This is mandatory for any organization that makes up part of the 200,000-strong Defense Industrial Base (DIB), or any business that hopes to win requests ...

How to prepare for a HIPAA certification for IT professionals

How to prepare for a HIPAA certification for IT professionals

Healthcare information technology systems are a favorite target for cybercriminals. Protected health information (PHI) contains a wealth of valuable data that can sell for a lot of money on the dark web markets. Another common threat against healthcare services is ransomware, as organizations are more likely to pay ransoms to regain access to their data. On top of that, the sector is often viewed ...

Dark Web Monitoring For SOC 2 Security: How Your Company Can Benefit

Dark Web Monitoring For SOC 2 Security: How Your Company Can Benefit

Businesses around the globe are being hit by data breaches every day, but did you ever think about what cybercriminals do with the information they steal in these attacks? More often than not, the stolen information is sold by cybercriminals on the dark web.

How External Vulnerability Scanning Can Help with SOC 2 Data Security

How External Vulnerability Scanning Can Help with SOC 2 Data Security

The system and organization controls (SOC) compliance frameworks set out the standards of a secure information architecture. By design, the framework leaves a high degree of flexibility to allow businesses to make their own decisions regarding how they ensure the security and privacy of their information assets. This is because every service provider has different needs and systems in place.

Why Cybersecurity Awareness Training is Vital to Passing a SOC 2 Audit

Why Cybersecurity Awareness Training is Vital to Passing a SOC 2 Audit

For far too long has cybersecurity been viewed by the average employee as a technical issue and therefore something for the IT department to take care of. In reality, everyone has a role to play when it comes to safeguarding potentially sensitive information, especially when others are putting their trust in you to do just that.

Why Managed Detection is Helpful for SOC 2 Type 2 Compliance

Why Managed Detection is Helpful for SOC 2 Type 2 Compliance

SOC 2 stands for service organization controls version 2, which was introduced to document and validate a business’s efforts to secure client data.