Trustifier Announces DFARS Compliance Kit WASHINGTON DC, FEB 24, 2017 - Trustifier announced today the general release of an all-in-one hardware/software solution to the cyber-security compliance component of the Defense Federal Acquisitions Rules Supplement (DFARS). This DFARS Compliance Kit is a groundbreaking solution, taking a dramatically different approach to
DFARS Compliance is Sticky Business In a post about use of the carrot or the stick (rewards versus threat of a smack) as persuasion tools for behavior change, I noted that compliance regimens always use the stick. DFARS, in particular, is a good example of DoD making use of the big stick to force changes in behavior.
Better shape up fast, civilian! The CC2 - NISPOM and DFARS compliance updates may lead one to perceive DoD as a bit of a bully, carrying a big stick, as discussed in the previous post. Consider what's probably driving these compliance updates. DoD has recognized a rapidly escalating threat environment and the urgent need to protect
As we know, compliance is said to drive security spending. This is certainly going to be the case for SMB defense contractors due to some updates to two DoD compliance regimens. The security controls and cyber incident reporting requirements required, become quite a bit stricter. There is no doubt these regimens are using the "stick" to
New DoD Compliance Regimens Two major compliance regimens, DFARS and NISPOM, ratchet up this month, for all DoD contractors and sub-contractors. Many defense contractors are SMBs. These regulations break some new ground in terms of the level of cyber security investment and types and protection levels expected of contractors. Different compliance regimens, in particular PCI,
Do SMB staffing needs count? There's been no shortage of articles about the shortage of IT security expertise. This issue didn't appear overnight. It started to get real attention after a report by CISCO estimated one million unfilled positions globally back in 2014. Current estimates cite the figure of 200+k vacancies in the U.S.A alone.
Finally! Taking the Insider Threat (Semi-) seriously. Security Simplified Summary Compliance regimens continue to drive security spending, but amount to more expected cost of being in business, and doing business with DoD, etc. that may be a burden to SMBs. New compliance regimens, NISPOM Conforming Change 2 and Executive Order 13587 for Federal government
A previous version of this was previously posted in October, 2014. Previous posts on phishing, here, and here, discussed factors that might reduce the effectiveness of user security awareness training to protect against phishing. We're not saying that awareness training can't help to some degree, possibly for tightly defined business procedures and processes with enforced
Phishing attacks have become pervasive, sophisticated, insidious, and more complicated. Unfortunately, these increasingly dangerous attacks are targeting some supposedly hapless chumps collectively known as users (in the eyes of some IT and security folks). I think that security awareness training has been the only game in town, for the most part. The most recent Verizon DBIR revealed
Index of SMB posts. Extra effort has been made to keep the following posts as free of technical jargon, as possible. Many Trustifier posts are written at a high general level, so you may wish to check some of the others out at your convenience. Plight of the SMB Cyber Defender Series SMBs may