Buy Maryland Cybersecurity Program
The Buy Maryland Cybersecurity Tax Credit provides an incentive for Qualified Maryland Companies to purchase cybersecurity technologies and services from a Qualified Maryland Cybersecurity Seller. Time is running out for this year's BMC tax credit from the state of...
Is war coming to a town near you?
US Officials are now preparing for Iranian cyberattacks. According to FBI Director Christopher Wray, "The cyber targeting of American interests and critical infrastructure that we already see conducted by Iran and non-state actors alike we can expect to get worse...
Red Flags Rule Training
Is Your Organization in Compliance With the Red Flags Rule? In 2011, the FTC began enforcing its FACT Act Red Flags Rule, which requires each financial institution or creditor to implement a written program to detect, prevent, and mitigate identity theft. In order...
How to Choose Your Safeguards Rule Qualified Individual (QI)
Why You Need a Safeguards Rule Qualified Individual (QI) Any organization that collects financial data from their clients needs a Qualified Individual (QI) to meet the recently enforced FTC Standards for Safeguarding Customer Information regulation, better known as...
AI is here. For you, for me, and for the cyber attackers
Normally, in this monthly article, I discuss a particular cybersecurity topic. However, this month, I wanted to deviate to talk about AI. As you are probably aware, AI is making a big impact on the way we do business now. ChatGPT is almost as common a name as...
DOD Submits New CMMC Rule to OMB for Enhanced Cybersecurity in Defense Industry
In an increasingly interconnected world, where digital systems play a pivotal role in various sectors, cybersecurity has emerged as a critical concern. Among the sectors most vulnerable to cyber threats is the defense industry, which handles sensitive information...
Virtual Compliance Officer (vCCO) vs Compliance as a Service (CaaS)
CaaS is a recent term I found interesting. We all are familiar with the term SaaS (Software as a Service), also known as applications in the cloud. Simple enough, we all use SaaS for things like our CRM, accounting platform, video conferencing, etc. But the term...
How to spot check where you are with DFARS / CMMC
If you are a prime or subcontractor to the DOD, the DFARS compliance requirement is something you already know. We have been discussing "adequate security" from clause 7012 for some time now. Your service provider may not be able to assess how close you are to...
How to Reduce Risk
Risk is not just a vulnerability. Risk is a combination of the likelihood of a vulnerability being exploited and the impact to the system if that vulnerability is exploited. So, what does that mean? When we think about a threat to the system, we look at the events...