Posts by Katie C. Stewart

An Introduction to the Cybersecurity Maturity Model Certification (CMMC)
• Blog
Katie C. Stewart
Andrew Hoover co-authored this blog post. A recent study predicted that business losses due to cybercrime will exceed $5 trillion by 2024. The threat to the Defense Industrial Base (DIB)--the network of more than 300,000 businesses, organizations, and universities that research, engineer, develop, acquire, design, produce, deliver, sustain, and operate military weapons systems--is especially alarming due to current cyber warfare activities by cybercriminals and state-sponsored actors. A cyber attack within the DIB supply chain could...
Read More
Why Is Measurement So Hard?
• Blog
Katie C. Stewart
Developing security metrics within an organization is an ongoing challenge. Organizations want to know "Am I secure enough?" While this is the common question, it lacks context. Organizations vary in size, mission, risk appetites, and budget for security. There is no "one size fits all" for security metrics....
Read More
Governing the Internet of Things (IoT)
• Blog
Katie C. Stewart
The Internet of Things (IoT) is proliferating exponentially, exposing organizations to an increased risk of IoT-targeted attacks, such as botnets and DDoS attacks. In this blog post, I explore the challenges of dealing with the IoT and some approaches that organizations can use to reduce their risk as they adopt more IoT technologies....
Read More
Summary (Part 7 of 7: Mitigating Risks of Unsupported Operating Systems)
• Blog
Katie C. Stewart
In this blog series, I explained the five actions your organization can take now to ensure its cybersecurity and address the risk of having unsupported software. These five actions work together to protect your organization from cyber attacks when it chooses to keep unsupported software on its network....
Read More
Create a Policy to Manage Unsupported Software (Part 6 of 7: Mitigating Risks of Unsupported Operating Systems)
• Blog
Katie C. Stewart
Although you can accept the risk of running unsupported software, you should treat it as a temporary strategy. In this post, I discuss the importance of establishing a policy for upgrading, replacing, or retiring unsupported software across the organization....
Read More
Establish and Maintain Whitelists (Part 5 of 7: Mitigating Risks of Unsupported Operating Systems)
• Blog
Katie C. Stewart
Software whitelists, part of an organization's software policies, control which applications are permitted to be installed or executed on an organization's devices and network. In this post, I describe how whitelisting and real-time monitoring of log data can reduce the organization's exposure to cyber attack....
Read More
Upgrade, Retire, or Replace Unsupported Software (Part 4 of 7: Mitigating Risks of Unsupported Operating Systems)
• Blog
Katie C. Stewart
In line with its risk management program, an organization might decide to host unsupported applications on its supported or unsupported operating systems. In this post, I describe how organizations should upgrade, replace, or retire unsupported software assets, including operating systems....
Read More
Manage Your Software Inventory (Part 3 of 7: Mitigating Risks of Unsupported Operating Systems)
• Blog
Katie C. Stewart
Having a managed software asset inventory helps an organization ensure that its software is identified, authorized, managed, or retired before it can be exploited. In this post, I describe why your organization should establish a software inventory to manage its software....
Read More
Define Your Organization's Risk Tolerance (Part 2 of 7: Mitigating Risks of Unsupported Operating Systems)
• Blog
Katie C. Stewart
Risk tolerance--the amount of risk an organization is willing to accept--should be part of your organization's comprehensive risk management program. In this post, I describe how your organization can define its risk tolerance....
Read More
Introduction (Part 1 of 7: Mitigating Risks of Unsupported Operating Systems)
• Blog
Katie C. Stewart
Federal CIOs and CISOs are challenged with analyzing the risk of having unsupported operating systems on their networks and determining how to properly address this risk. In this blog series, I explain how an unsupported operating system can expose a network to attack and what steps your organization can take to mitigate this risk....
Read More