About Rob Lewis

This author has not yet filled in any details.
So far Rob Lewis has created 69 blog entries.

Introducing the DFARS Evergreen Compliance Kit

By |March 11th, 2017|Compliance, DFARS|

Advantage of a New DFARS Compliance Delivery Model? Saves Time and Money! This post is primarily for defense contractors interested in attaining their DFARS compliance quickly, and in a more cost-effective manner. Persons who focus on compliance generally, may be interested in an innovative compliance delivery model discussed in this post. This

Challenging Insider Threat Problems? Try Technical Controls

By |February 3rd, 2017|Insider threat, KSE|

KSE Technical Controls (Insider Threat Round-table Continued) A previous post, "New methods needed for addressing insider threats", was based on a panel discussion that pointed out hard challenges in preventing the insider threat. NISPOM CC2 and Executive Order 13587 for Federal government departments and agencies are now mandating insider threat programs to be implemented. The requirements

Defense Against the Dark phArts

By |January 14th, 2017|KSE|

Wait! What! There's no spell for that? This tongue-in-cheek post was written  to point out that one should consider preparing for worst case scenarios. We can’t talk ourselves secure, and it doesn’t look like it’s going to be business as usual. This week saw the damage caused by Petya/NotPetya, a widespread attack that appeared at

New methods needed for addressing insider threats: A roundtable discussion

By |December 28th, 2016|Compliance, Insider threat, KSE|

Tough Insider Threat Problems Identified   Two federal compliance regimens for insider threat  will drive improved awareness, but not much more. They are NISPOM Conforming Change 2 regulating cleared DOD contractors, and Executive Order 13587 for Federal government departments and agencies. These standards are significant because they formally recognize the insider threat. However, they will have

Stricter DoD Compliance Regimens: a New Trend?

By |December 27th, 2016|Compliance, DFARS, SMB|

Better shape up fast, civilian!   The CC2 - NISPOM and DFARS compliance updates may lead one to perceive DoD as a bit of a bully, carrying a big stick, as discussed in the previous post. Consider what's probably driving these compliance updates. DoD has recognized a rapidly escalating threat environment and the urgent need to protect

Compliance Regimens! All Stick, and no Carrot!

By |December 19th, 2016|Compliance, DFARS, SMB|

As we know, compliance is said to drive security spending. This is certainly going to be the case for SMB defense contractors due to some updates to two DoD compliance regimens. The security controls and cyber incident reporting requirements required, become quite a bit stricter. There is no doubt these regimens are using the "stick" to

Compliance Remains a Key Driver of Cyber Security Budgets

By |November 27th, 2016|Compliance, DFARS, SMB|

New DoD Compliance Regimens Two major compliance regimens, DFARS and NISPOM, ratchet up this month, for all DoD contractors and sub-contractors. Many defense contractors are SMBs. These regulations break some new ground in terms of the level of cyber security investment and types and protection levels expected of contractors. Different compliance regimens, in particular