Blog

"Do we need penetration testing?"

The Cybersecurity Maturity Model Certification (CMMC) is a third-party assessment program created by the DoD to gauge the maturity of an organization's cybersecurity practices and verify the protection of Federal Contract Information (FCI) as well as Controlled Unclassified Information (CUI). When CMMC 1.0 was released in 2017, there were concerns amongst government contractors as it was incredibly pricey for small organizations, contained vague language of CMMC assessment process, and did not include a lot of overlap in cybersecurity requirements to other federal requirements or commonly accepted standards.

Understanding your company's data life cycle is a critical aspect of your cyber risk management program. A recent article in Forbes Magazine quotes figures from Domo, a business intelligence company, who reports that 2.5 quintillion bytes of data are created every day, and that 90% of all data currently on the Internet was created in the past 2 years.

Educational Technology or “EdTech” is a discipline of Technology focused solely on the development of Software as a Service (SaaS) to improve student learning. Despite EdTech sounding field-specific, its impact is far-reaching as education or even the lack of it touches everyone’s life. This blog will dissect how cybersecurity intersects with EdTech.

The use cases for Software as a Service (SaaS) are undeniably vast and advantageous. However, the nature of subscribing to a cloud service leaves a ton of ambiguity as to who is responsible for its security… The vendor or the customer? This article will present a 10,000-foot view of SaaS and the unintentional risks that surface when organizations bring in cloud services like SaaS. 

Companies looking to build a cyber risk management program have four options. This video describes the various options, plus pros and cons of each. It is important to understand what is available so you can make the best choice for your organization's protection and longevity.