Mar 26, 2020 6:30:00 AM

Pt. 3: Level 2, A Readiness Roadmap to the Cybersecurity Maturity Model Certification

In our previous blog, we discussed the purpose of the Cybersecurity Maturity Model Certification (CMMC) and the requirements potential contractors will need to meet to achieve compliance with Level 1. As we progress to Level 2, we will provide *Readiness Notes* to highlight potential roadblocks for achieving CMMC Level 2 readiness.

Topics: CMMC

Mar 12, 2020 6:00:00 AM

Pt. 2: Level 1, A Readiness Roadmap to the Cybersecurity Maturity Model Certification

In our previous blog, we discussed what it is going to take to achieve readiness for the Cybersecurity Maturity Model Certification (CMMC).

Topics: Cyber Assurance Insights

Mar 4, 2020 6:00:00 AM

A Readiness Roadmap to the Cybersecurity Maturity Model Certification

In our previous blog, we discussed the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S))’s upcoming roll out of approximately 10 large contracts which will require contractors to meet Cybersecurity Maturity Model Certification (CMMC) standards in 2020.

Topics: CMMC

Feb 27, 2020 6:00:00 AM

NIST’s Privacy Framework: An Enterprise-Wide Approach to Protecting Individual Privacy

Framework Overview In January, NIST launched version 1.0 of its Privacy Framework - a voluntary tool to help companies identify and manage their products and services while protecting their customers’ individual privacy.

Feb 20, 2020 6:15:00 AM

Introduction to CMMC Readiness

CMMC Background In an effort to mitigate the cybersecurity risk currently present across all sectors of the Defense Industrial Base (DIB), the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) is rolling out the Cybersecurity Maturity Model Certification (CMMC).

Topics: Cyber Assurance Insights

Jan 2, 2020 8:00:00 AM

Cybersecurity and the Power of Belief

How Rethinking Your Public, Private, and Core Beliefs Can Improve Your Cybersecurity Posture   “Belief” Defined It should come as no surprise to us that belief drives everything we do as humans. In honor of the New Year and resolutions, I’d like to bring a little philosophy to the table and show you how it can improve your organization’s cybersecurity posture.

Topics: Executive Insights

Jan 1, 2020 9:22:00 AM

Testing the Security of Your Remote Infrastructure

There is a lot of uncertainty around where we are headed, both individually and corporately, as we watch, for most of us, one of the most impactful events of our lives unfold day after day. We each have the responsibility to do our part in flattening the curve and, for many organizations, that means implementing alternative work arrangements.

Dec 10, 2019 6:30:00 AM

Cyber 2020: The Year of Situational Awareness

Situational Awareness: words that were ingrained in my psyche during my years in the military. The phrase is simply defined as, “the perception of environmental elements and events with respect to time or space, the comprehension of their meaning, and the projection of their future status.” By gaining situational awareness, IT teams can begin to form an idea of how an environment should be securely maintained and how it will likely evolve in the near future. Additionally, enhanced situational awareness will likely allow organizations to see a more logical approach to anticipating the future trends in cybersecurity as a whole.

Topics: cybersecurity, ransomware

Nov 27, 2019 6:00:00 AM

12 Tips for Safe Online Shopping this Holiday Sale Season

As the Holiday Season presents itself once again, consumers take to smartphones, tablets, and laptops to research and buy gifts for family, friends, and loved ones. Online shopping proves to be a convenient alternative for consumers in our hurried societies; however, ecommerce also presents increased risk of financial fraud and identity theft.

Topics: online shopping

Nov 15, 2019 6:30:00 AM

Friday Brief: The End is Near, Windows 7 End of Support

This year, Microsoft announced End of Support for Windows 7 will begin on January 14, 2020. As we approach the new year, organizations still running Windows 7 should – if you haven’t already – prepare to transition to Windows 10. What does End of Support mean, exactly?

Topics: Software End of Support

Nov 1, 2019 6:30:00 AM

Friday Brief: How Contractors can Prepare for Upcoming CMMC Requirements

What is the CMMC? Earlier this year, the DoD announced a new standard for cybersecurity certification of its contractors and sub-contractors. The standard is known as Cybersecurity Maturity Model Certification and includes a five-tier approach to determining the adequacy and effectiveness of contractors’ controls and processes for protecting the department’s controlled unclassified information (CUI).

Topics: NIST 800-171

Jul 16, 2019 6:30:00 AM

XaaS, Part 1: Demystifying "The Cloud"

Laying the Foundation Cloud computing is here to stay, and businesses of all sizes are strategizing to catch up and keep up. In this multi-part series, we will demystify cloud computing by first defining what "the cloud" is. Future blog posts in this series will evaluate the unique advantages and challenges related to various cloud computing as a service - "aaS" models. 

Mar 28, 2019 9:30:00 AM

How HIPAA Compliance Efforts May Impact Your Overall Security Posture

HIPAA security and privacy rule requires many resources for an organization to be compliant. Resources can be time consuming and often create operational issues and financial burden for covered entities. Organizations often believe that there is one solution out there that will make achieve compliance or, more importantly, secure the organization.

Topics: HIPAA

Mar 7, 2019 9:00:00 AM

3 Data Governance Strategies for Financial Institutions

Read Time: 5 Minutes Data Governance is how we describe the processes and management of data in any given organization. This includes the processes around the protection and use of data. In our specific context today, we will be discussing data governance for a financial institution (FI).

Topics: Data Governance

Feb 21, 2019 6:30:00 AM

2018 SOC 2 Criteria and Positive Cybersecurity Impacts

How the AICPA’s 2018 SOC 2 Update can Positively Impact your Cybersecurity Model and Organization READ TIME: 2 minutes In January 2018, the AICPA released detailed guidance on its newest SOC 2 Common Criteria (based on COSO 2013 Framework for an entity-wide reporting level). The new framework officially went into effect December 15, 2018. Many organizations, including some of HORNE’s clients, were early adopters of the new framework and have already benefited greatly from its guidance.

Topics: SOC 2

Jan 24, 2019 9:30:00 AM

What's Missing from Your Security Strategy?

I have seen that there’s often a flaw in logic with organizations when it comes to cybersecurity. The market has been flooded with products and services that “AUTOMAGICALLY” take care of security and stop attackers. That’s right, “automagically.”

Jan 10, 2019 9:30:00 AM

HHS Finally Offers Cybersecurity Guidance to Healthcare Organizations

I’ve worked with healthcare organizations of all sizes for many years and questions are regularly asked about what the best controls framework is for building a cybersecurity program. Surprisingly, very little guidance related to cybersecurity has been provided by the government in the past years even though healthcare has been one of the prime targets of hackers.

Topics: Cyber Assurance Insights, HHS Guidance, NIST

Oct 31, 2018 9:30:00 AM

Cybersecurity Lessons from WWII Propaganda

In honor of National Cybersecurity Awareness Month, let's look at how principles from World War II propaganda can teach us valuable lessons in the way we treat cybersecurity today.

Topics: Executive Insights

Oct 24, 2018 9:30:00 AM

SOC for Cybersecurity: Providing Board Members the Keys to the Castle

Earlier this year, the AICPA’s Center for Audit Quality (CAQ) released their Cybersecurity Risk Management Oversight: A Tool for Board Members. In this document are questions to help direct a conversation to understand the relationship between cybersecurity risk oversight and disclosures.

Topics: SOC for Cybersecurity

Oct 17, 2018 8:56:00 AM

Six Considerations for Purchasing Cyber Insurance

In our most recent blog, Brad Pierce discussed what a cyber insurance policy is not. It is not a savior in the wake of a data breach. It is not a replacement for proactive, resilient security measures. What it is, however, is a component of an effective incident response strategy. In this post, I would like to take the time to discuss considerations organizations should take when purchasing a cyber insurance policy.

Sep 25, 2018 9:30:00 AM

Developing an Incident Response Strategy: Preparing for the "What Ifs"

When we think about the impact of an unexpected event, it can often leave us with varying emotions. In many cases, those emotions are not pleasant… such as panic and stress, feeling vulnerable or lacking control over the world around us.

Topics: incident response

Aug 16, 2018 9:30:00 AM

NIST Upcoming Mobile Application Security Recommendations

Turning Attention to Mobile Applications

Topics: Cyber Assurance Insights

Aug 9, 2018 9:30:00 AM

Lessons Learned from SOC for Cybersecurity Readiness Assessments

During 2017, the AICPA issued a formal framework to allow independent accounting firms to attest to the cybersecurity related posture for companies. In connection with this issuance, firms are able to help companies assess their current environment prior to the actual audit. The goal of this assessment is to allow companies to prepare for the audit to ensure their control environment is sufficient to pass the rigorous SOC for Cybersecurity audit. 

Jul 5, 2018 10:30:00 AM

Going Beyond HIPAA Compliance to Elevate Your Security Posture

Health Insurance Portability and Accountability Act (HIPAA) Security and Privacy ruling provides standards for required and addressable security and privacy standards around patient medical records and other health information for covered entities.

Topics: Cyber Assurance Insights

Jun 28, 2018 9:30:00 AM

NIST for Cybersecurity: What You Need to Know About the Framework v1.1 Update

At the end of April, NIST released the v1.1 update to its Cybersecurity Framework (‘CSF’). (See our introduction to the Framework through our most recent blog article.) HORNE had the opportunity to attend the NIST update webinar last month. Below is a summary of the the latest updates to be considered by your organization if you currently utilize or plan to utilize the Cybersecurity Framework.

Topics: Cyber Assurance Insights