by Shawn Duffy | May 19, 2023 | Assessments, Blog, Featured, Risk, risk assessment
Risk is not just a vulnerability. Risk is a combination of the likelihood of a vulnerability being exploited and the impact to the system if that vulnerability is exploited. So, what does that mean? When we think about a threat to the system, we look at the events...
by Shawn Duffy | Sep 9, 2022 | CMMC 2.0, Assessments, Blog, CMMC, Compliance, Featured, Incidence Response, risk assessment, Security Awareness Training
If you’re a defense industrial base (DIB) contractor, you’re already aware you need to meet compliance requirements in the new CMMC system, which goes live May 2023. Most government contractors are required to meet CMMC Level 2 requirements. When in...
by Shawn Duffy | Nov 9, 2021 | CMMC, Assessments, Blog, CMMC 2.0, Department of Defense, DFARS, DOD, News, POA&M, SPRS, vulnerability
As you may have seen last week, the new CMMC 2.0 has been released, which reverts us back to the NIST 800-171 set of security controls and families. It also allows for both a Plan of Actions & Milestones (POA&M) and self-assessments. This is great news for...
by Shawn Duffy | Mar 25, 2021 | Assessments, Blog, vulnerability
Besides regulatory compliance, two cybersecurity services Duffy Compliance has been known for are penetration testing and vulnerability assessments. At first glance, pen testing and vulnerability assessments may appear to mean the same thing. Often this question comes...
by Shawn Duffy | Aug 6, 2018 | Assessments
What is a vulnerability? When looking for vulnerabilities don’t consider technical threats as the only threats to the system. Your security should include some attention to all threats. A system vulnerability is defined as a weakness to the system. For...
by Shawn Duffy | Jul 9, 2018 | News, Assessments
For a limited time, we are providing a hacker’s preliminary view of your environment, also known as an assessment. This is a no obligation view of your organization designed to show you what a hacker will discover about your organization before they even start...
