Would You Like To Play A Game? Increasing Security and Compliance Through Gamification of Tabletop Exercises
Tabletop exercises have been used for years to mimic incident response and disaster recovery situations. They are designed to test people or processes to allow teams to practice getting out of trouble before the trouble happens.
Leviathan Security Group Offers Pre-Draft Comments on NIST SP 800-66, Implementing the HIPAA Security Rule
Leviathan submitted general comments on what Revision 2 should cover, as well as specific feedback on updates needed to the standard, which was first published in 2008. As readers will be aware, a lot has changed in that time, including the explosive growth in cloud computing and Software As a Service (“SaaS”) tools.
Contingency Planning and Business Continuity
A robust business continuity plan requires coordination across the company and time, but there are things that you can do today to help your company in the current pandemic. A quick response crisis plan may already exist within your company.
Cybersecurity Recommendations in a Rapidly Emerging Telework Environment
Some companies, particularly those who work with sensitive health information, have traditionally relied extensively on physical security controls and enterprise firewalls in their office. With workforces scattered to their residences in recent days, many enterprise security controls are no longer operating in the same way.
Mining Technical Debt for Fun and Profit
That old tech debt gets a hard crust of “don’t go there” and after a while only a few people understand how it actually works. Those few people know the system well enough to develop workarounds to meet new requirements, so you don’t get a mandate to replace it.
Initial Release of the DOD Cybersecurity Maturity Model Certification
There are five levels of CMMC certification, numbered Level 1 through Level 5 — with Level 5 being the highest, and most rigorous, standard. All vendors interacting with Federal Contract Information (FCI) will be required to meet Level 1 as a minimum, while all contracts involving accessing, transmitting, or processing Controlled Unclassified Information (CUI) will need to be at Level 3 or above.