Blog Posts
Beyond NIST SP 800-171: 20 Additional Practices in CMMC
These 20 practices are intended to make DoD contractors more security conscious.
• By Andrew Hoover, Katie C. Stewart
In Enterprise Risk and Resilience Management
Cybersecurity Maturity Model Certification (CMMC) Part 2: Process Maturity's Role in Cybersecurity
Mature cybersecurity processes will improve an organization's ability to prevent and respond to a cyberattack
• By Andrew Hoover, Katie C. Stewart
In Enterprise Risk and Resilience Management
An Introduction to the Cybersecurity Maturity Model Certification (CMMC)
A cyber attack within the DIB supply chain could result in devastating losses of intellectual property and controlled unclassified information.
• By Katie C. Stewart, Andrew Hoover
In Enterprise Risk and Resilience Management
Why Is Measurement So Hard?
Developing security metrics within an organization is an ongoing challenge. Organizations want to know "Am I secure enough?" While this is the common question, it lacks context....
• By Katie C. Stewart
Governing the Internet of Things (IoT)
The Internet of Things (IoT) is proliferating exponentially, exposing organizations to an increased risk of IoT-targeted attacks, such as botnets and DDoS attacks. In this blog post, I explore the …
• By Katie C. Stewart
In Insider Threat
Summary (Part 7 of 7: Mitigating Risks of Unsupported Operating Systems)
In this blog series, I explained the five actions your organization can take now to ensure its cybersecurity and address the risk of having unsupported software. These five actions work …
• By Katie C. Stewart
In Insider Threat
Create a Policy to Manage Unsupported Software (Part 6 of 7: Mitigating Risks of Unsupported Operating Systems)
Although you can accept the risk of running unsupported software, you should treat it as a temporary strategy. In this post, I discuss the importance of establishing a policy for …
• By Katie C. Stewart
In Insider Threat
Establish and Maintain Whitelists (Part 5 of 7: Mitigating Risks of Unsupported Operating Systems)
Software whitelists, part of an organization's software policies, control which applications are permitted to be installed or executed on an organization's devices and network. In this post, I describe how …
• By Katie C. Stewart
In Insider Threat
Upgrade, Retire, or Replace Unsupported Software (Part 4 of 7: Mitigating Risks of Unsupported Operating Systems)
In line with its risk management program, an organization might decide to host unsupported applications on its supported or unsupported operating systems. In this post, I describe how organizations should …
• By Katie C. Stewart
In Insider Threat
Manage Your Software Inventory (Part 3 of 7: Mitigating Risks of Unsupported Operating Systems)
Having a managed software asset inventory helps an organization ensure that its software is identified, authorized, managed, or retired before it can be exploited. In this post, I describe why …