Terrick T.

Gap Assessment? Mock Assessment? Certification Assessment? Conformity Assessment? Joint Surveillance Voluntary Assessment? NIST SP 800-171 Assessment? CMMC Level 1 Assessment? CMMC Level 2 Assessment? CMMC Level 3 Assessment? Control Assessment? DIBCAC Assessment? Seriously, who knew there are so many types of assessments that occur in the CMMC & NIST SP 800-171 ecosystem today!!! If you don't understand the nuanced differences between all of these types of assessments, this whitepaper, "A Greenhorn's Guide to All of the Assessment Types" may help to clear it all up. At least until DoD provides their next set of updated documents... Like all of our content Peak InfoSec, there is no marketing passthrough where we collect your information. Everything is provided free of marketing and advertising gimmicks. ================================================= Peak InfoSec Homepage: https://peakinfosec.com As the CMMC Churns Episodes: https://lnkd.in/eVGYGs3g Contact Peak InfoSec for Support: https://lnkd.in/e8sM_2Z3 Email: cmmc@peakinfosec.us ================================================= #cuicon #cmmc #cmmc2 #32cfrpart2002 #32cfrpart170 #infosec #informationsecurity #compliance #cybersecurity #cui #fci #cmmcab #thecyberab #nist800171 #defenseindustry #defensecontractors #defensecontracting #grc #manufacturing #dfars #manufacturingindustry #dib #satellite #satellitecommunications #satellitesystems #managedserviceprovider #msp #managedsecurityservices #mssp #DoD #GovCon #governmentcontracting #SmallBusiness #contracts #contractors https://lnkd.in/eFtmQ6mf

12

1 Comment

I encourage all my LinkedIn connections, followers, and readers of my posts to follow the DVMS Institute as the Institute is about to launch some significant "VALUE ADD" updates to its Accredited NIST Cybersecurity Professional Certification Training Programs. Click here to Follow the DVMS Institute https://lnkd.in/gxZsKUQc Also, stay tuned for the release of the Institute’s third publication! This publication centers around the Institute’s NIST Cybersecurity Framework Digital Value Management Overlay System (DVMS). At the heart of the DVMS’s power are the people within organizations learning to see and think in systems so they can be part of a culture capable of thriving safely in today’s and tomorrow’s global digital economy. The DVMS is neither a framework nor a method; it is an overlay that acts like a lens through which organizations can gain a new perspective on digital risk, revealing gaps and empowering proactive strategies. It’s not a one-size-fits-all solution but an adaptable and scalable guide for organizations of any size, from agile startups to established giants. Click here to Follow the DVMS Institute https://lnkd.in/gxZsKUQc

18

1 Comment

This Kiteworks article is a good read for cybersecurity professionals who are interested in a comprehensive checklist for achieving compliance with the Cybersecurity Maturity Model Certification (CMMC) framework. It outlines the steps organizations need to take to meet the requirements of different CMMC levels, from basic cybersecurity hygiene to advanced practices.  Your Complete CMMC Compliance Checklist 👇👇 Get the checklist: https://lnkd.in/eEmiVs79 #cybersecurity #compliance #CMMC #NIST #CUI #blog

19

1 Comment

Why CaaS (Cybersecurity-as-a-Service)? Key features: • Holistically detects & prevents potential threats or suspicious activities in the cloud and internal networks • Understands attack tactics and predicts the attacker’s next steps via detection rule mapping with MITRE ATT&CK® framework • Uses Machine Learning (ML) to identify anomalous activity • Correlates telemetry from multiple sources with your existing security tools to provide greater visibility • Provides visibility of threat activity in XDR’s reporting & dashboard • Leverages SIEM and SOAR technologies • Supports custom alerting and self-service reports • Includes 24/7/365 SOC support and remediation guidance • Backs critical security controls within industry standards and compliance frameworks such as continuous monitoring and log retention Learn more @ www.hctit.com #CyberSecurity #MSSP #DigitalProtection

4

So humbled by this gracious endorsement for the ISC2 Board of Directors by Tommy Ferreira, CISSP! If I'm elected, I look forward to supporting the organization and its members more broadly, driving value to the security industry through all of our valuable and career changing certifications like #CISSP! #governance #cybersecurity

35

3 Comments

Selecting the right cybersecurity certification can feel like navigating a labyrinth, especially when deciding between the Certified Information Systems Security Professional (CISSP) and the GIAC Certified Incident Handler (GCIH). Both certifications are well-regarded in the industry, but they serve different purposes and career paths. Are you more interested in the broad, managerial aspects of cybersecurity, or do you want to dive deep into incident handling and response? This article will break down the essentials of CISSP vs. GCIH, helping you make an informed decision that aligns with your career goals. Whether you're aiming for a management role or a hands-on technical position, we've got you covered. Read the full article here ➡️ https://buff.ly/4bgQtfJ

2

This Kiteworks article outlines eleven essential requirements for a secure managed file transfer (MFT) solution. Key points include the necessity for robust security features like encryption, integrated antivirus, and hardened virtual appliances. It also emphasizes governance capabilities such as flow authoring access controls and role-based user policies. Additionally, it highlights the importance of visibility through security visualizations and consolidated logs. These measures ensure compliance, data protection, and operational efficiency in modern enterprises. Eleven Requirements for Secure Managed File Transfer 👉 Learn more: https://gag.gl/QPSQ3B #cybersecurity #FileTransfer #SecureFileTransfer #MFT

6

CISA & FBI Release Urges Developers to Eliminate Directory Traversal Vulnerabilities: The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint Secure by Design Alert, calling on software developers and industry executives to intensify their efforts in eliminating directory traversal vulnerabilities within their products. This move comes in response to a series of high-profile cyber-attacks that have exploited […] The post CISA & FBI Release Urges Developers to Eliminate Directory Traversal Vulnerabilities appeared first on Cyber Security News. #CyberSecurity #InfoSec

2

"Catholic Medical Center (CMC) in Manchester, New Hampshire, revealed on Monday that nearly 2,792 patients may have had their personal and health information compromised in a third-party data security incident.  The announcement comes amidst financial challenges faced by CMC, which recently laid off 54 employees and reduced hours for others. The CMC data breach is attributed to a vendor providing account receivable management services to CMC.  An unauthorized party accessed an employee email account through a phishing attempt." It only takes ONE CLICK for the damage to be done. It's time for change. It's time for PhishCloud Inc. PhishCloud arms employees with the tools they need to clearly spot and avoid #phishingattacks, across all digital platforms – not just email – letting them Click With Confidence. PhishCloud gives your security team the real-time visibility and control they need to see and block #phishing attacks your employees see. And with real-time metrics, you no longer need to rely on simulations and reporting to understand your phishing risk. And PhishCloud delivers reality-based training that imparts real knowledge, not just awareness. Sound too good to be true? Give us 15 minutes to show you the power of PhishCloud Inc.. #technology #innovation #informationsecurity #phishingattackprevention https://lnkd.in/dwmu5ZCb

1

"Catholic Medical Center (CMC) in Manchester, New Hampshire, revealed on Monday that nearly 2,792 patients may have had their personal and health information compromised in a third-party data security incident.  The announcement comes amidst financial challenges faced by CMC, which recently laid off 54 employees and reduced hours for others. The CMC data breach is attributed to a vendor providing account receivable management services to CMC.  An unauthorized party accessed an employee email account through a phishing attempt." It only takes ONE CLICK for the damage to be done. It's time for change. It's time for PhishCloud Inc. PhishCloud arms employees with the tools they need to clearly spot and avoid #phishingattacks, across all digital platforms – not just email – letting them Click With Confidence. PhishCloud gives your security team the real-time visibility and control they need to see and block #phishing attacks your employees see. And with real-time metrics, you no longer need to rely on simulations and reporting to understand your phishing risk. And PhishCloud delivers reality-based training that imparts real knowledge, not just awareness. Sound too good to be true? Give us 15 minutes to show you the power of PhishCloud Inc.. #technology #innovation #informationsecurity #phishingattackprevention https://lnkd.in/dwmu5ZCb

1

You can use CIS audits to determine if your controls are in order, or aligned to best practices. Some of the controls are critical and can help reduce breach impact, such as avoiding the use of NTLMv1, dormant cloud accounts and open buckets. From CISSecurity.org: "The CIS Critical Security Controls (CIS Controls) are a prescriptive, prioritized and simplified set of best practices for strengthening cybersecurity posture." We use it by ingesting CIS templates into DFIR agents and processes. There are templates for any technology and application. The output is automated audits, nonstop, across the entire technology stack. If someone introduces generous control, an alert will fire. The screenshot below shows a single-view benchmark of AWS and Azure controls. #australianmade #cybersecurity

11

It's time to kick-off our CISSP Exam Practice series with Larry Greenblatt and Arpita Gandhi ! Take a look at our practice questions for a deep dive this Tuesday @ 10 AM EST. Join us for a detailed review, exam taking strategies and....more practice!

6

2 Comments

Confused about the new NIST CSF 2.0? The NIST Cybersecurity Framework offers a refreshed approach to risk management. Our guide breaks it down! Learn what's new and how it can help your organization manage cyber risks: https://lnkd.in/gsASS3ze https://jndsupport.com | 1.888.288.3007 | connect@jndsupport.com #NIST #cybersecurityframework #CSF2 #itsupportdavie #itsupportboca #jndsupport #jndsupportboca #jndsupportdavie

4

Dig into #ThreatandAttackSimulation with this substantive two-part blog on Active Directory Certificate Service vulnerabilities and potential attacks. In this hands-on learning experience, Senior Security Consultants Brian Mitchell and Eugene Mar guide you through lab building, vulnerability testing, remediation and more. Read Part 1: https://okt.to/HWt2y4 Read Part 2: https://okt.to/8rgXto #cybersecurity #penetrationtesting

14

SOC Interview Questions. Explaining an interviewer about SSL Handshake. #cybersecurity #securityanalysts #cyberterminologies#securityoperations#securitybasics

5

2 Comments