Sal Marino

As the argument in favor of cloud computing continues to strengthen in the era of remote work, the debate around private cloud security and public cloud security rages on. Few businesses have the resources to maintain their own data centers, which might seem to indicate that the private cloud is off-limits. Fortunately, that is no longer the case now that a virtual private cloud is a viable ...

One of the biggest challenges in building a sufficiently robust information security program is that there are so many guidelines and frameworks to choose from. Moreover, every business has a unique set of needs and a different technology infrastructure, which also means there’s no one-size-fits-all approach.

The NIST Cybersecurity Framework is a set of guidelines and best practices for organizations seeking to improve their information security posture. While originally intended for the critical infrastructure sector, it has been widely adopted around the world across all industries as one of the most recognized standards.

There is no denying the benefits of cloud computing in today’s hyper connected age. But at the same time, this relatively new computing model presents some unique security concerns. After all, the ability to access business-critical apps and data from anywhere and on any device can also mean it is easier for malicious actors to do the same.

Every business in existence has valuable and sensitive data at its disposal, and protecting it from the myriad threats out there has become a top priority. The National Institute of Standards and Technology (NIST) Cybersecurity Framework is thus top of mind for many organizations.

Far too many business leaders still consider the needs of information security to be a burden, and a costly and time-consuming one at that. But as the threat landscape continues to evolve alongside technological advancement, the need for achieving the highest possible standards of cybersecurity is clearer than ever. It’s not just about protecting information systems either. It’s also about adding ...

The Cybersecurity Maturity Model Certification (CMMC) replaces the current DFARS 252.204-7012 clause that defense contractors currently have to when entering into a contract with the Department of Defense. Based on the NIST SP 800-171 framework, albeit with the addition of various other processes and practices, CMMC compliance spans five levels, with the third one being the minimum requirement ...

Although there have been several delays since the Cybersecurity Maturity Model Certification was first announced, 101 experienced professionals have now been chosen to become future CMMC auditors. Most have now completed their training, thus providing valuable insights that will influence the training of registered provider organizations (RPOs).

When a data breach occurs, one of the first things business leaders tend to think about is who or what to blame. This can be a difficult question to answer, in which case the blame will likely shift throughout the organization as leaders, employees, and departments point the finger at one another, often without any solid evidence. If that situation sounds familiar, then you might have a serious ...

Every organization within the healthcare sector, including their suppliers, is legally obliged to take every reasonable step to safeguard the confidentiality, security, and integrity of protected health information (PHI) according to the health insurance portability and accountability act. A failure to comply with HIPAA regulations can result in civil action and substantial fines, as well as ...