Blog Posts
Beyond NIST SP 800-171: 20 Additional Practices in CMMC
In November, defense contractors will be required to meet new security practices outlined in the Cybersecurity Maturity Model Certification (CMMC). As this post details, while the primary source of security …
• By Andrew Hoover, Katie C. Stewart
In Enterprise Risk and Resilience Management
Cybersecurity Maturity Model Certification (CMMC) Part 2: Process Maturity's Role in Cybersecurity
Process maturity represents an organization's ability to institutionalize their practices. Measuring process maturity determines how well practices are ingrained in the way work is defined, executed, and....
• By Andrew Hoover, Katie C. Stewart
In Enterprise Risk and Resilience Management
An Introduction to the Cybersecurity Maturity Model Certification (CMMC)
A recent study predicted that business losses due to cybercrime will exceed $5 trillion by 2024. The threat to the Defense Industrial Base (DIB)--the network of more than 300,000 businesses, …
• By Katie C. Stewart, Andrew Hoover
In Enterprise Risk and Resilience Management
Why Is Measurement So Hard?
Developing security metrics within an organization is an ongoing challenge. Organizations want to know "Am I secure enough?" While this is the common question, it lacks context....
• By Katie C. Stewart
Governing the Internet of Things (IoT)
The Internet of Things (IoT) is proliferating exponentially, exposing organizations to an increased risk of IoT-targeted attacks, such as botnets and DDoS attacks. In this blog post, I explore the …
• By Katie C. Stewart
In Insider Threat
Summary (Part 7 of 7: Mitigating Risks of Unsupported Operating Systems)
In this blog series, I explained the five actions your organization can take now to ensure its cybersecurity and address the risk of having unsupported software. These five actions work …
• By Katie C. Stewart
In Insider Threat
Create a Policy to Manage Unsupported Software (Part 6 of 7: Mitigating Risks of Unsupported Operating Systems)
Although you can accept the risk of running unsupported software, you should treat it as a temporary strategy. In this post, I discuss the importance of establishing a policy for …
• By Katie C. Stewart
In Insider Threat
Establish and Maintain Whitelists (Part 5 of 7: Mitigating Risks of Unsupported Operating Systems)
Software whitelists, part of an organization's software policies, control which applications are permitted to be installed or executed on an organization's devices and network. In this post, I describe how …
• By Katie C. Stewart
In Insider Threat
Upgrade, Retire, or Replace Unsupported Software (Part 4 of 7: Mitigating Risks of Unsupported Operating Systems)
In line with its risk management program, an organization might decide to host unsupported applications on its supported or unsupported operating systems. In this post, I describe how organizations should …
• By Katie C. Stewart
In Insider Threat
Manage Your Software Inventory (Part 3 of 7: Mitigating Risks of Unsupported Operating Systems)
Having a managed software asset inventory helps an organization ensure that its software is identified, authorized, managed, or retired before it can be exploited. In this post, I describe why …
• By Katie C. Stewart
In Insider Threat
Get updates on our latest work.
Sign up to have the latest post sent to your inbox weekly.