As your organization works to improve its security posture, a system security plan (SSP) is a good tool to help you achieve your objectives. Not only that, an SSP is required for organizations that handle controlled unclassified information (CUI) and […]
Components of an Effective System Security Plan Read More »
As your organization works toward achieving CMMC compliance, creating your System Security Plan (SSP) and Plan of Action and Milestones (POA&M), are critical steps in the process. The documents both provide a foundation for your remediation efforts as you work
How to Get Started on Your SSP and POA&M Read More »
Cybersecurity at small and mid-sized businesses are often under-resourced with an “Army of One” approach to compliance and risk management. Compliance with regulatory requirements like DFARs 252.204-7012, HIPAA, PCI DSS, NERC CIP, Sarbanes Oxley (SOX) and more compete with actual
CyberSheath Managed Services for Small & Mid-Size Business Read More »
The U.S. Securities and Exchange Commission issued new guidance for public companies to be more forthcoming when disclosing cybersecurity risks, expanding on previous guidance issued in 2011. In addition to warning corporate insiders not to trade shares when they have information about cybersecurity issues that isn’t public, the guidance advised that internal or law enforcement investigations cannot be used as an excuse for not informing the public. The unanimously approved guidance, was published “interpretive guidance,” which the SEC uses to publish their views and interpret the federal securities laws and SEC regulations.
Understanding SEC Cybersecurity Guidance for Public Company Disclosures Read More »
