Field Notes
Cost of CMMC: Conquer the Fear Of Finding Out
What will CMMC (Cybersecurity Maturity Model Certification) cost your organization? Many Defense contractors have a Fear Of Finding Out (FOFO) due, in part, to the traditional approach where sunk costs add up before an estimate is produced. A SecuriThink Step Zero report answers the question with a verified level of accuracy in as little as 72 hours. Want to know how we do it?
(5 minute read)
Livestream: How to Communicate Cyber Strategy to the C-Suite
Let folks who’ve seen it tell you what to expect from this one-hour livestream:
• We need more of this out there in the wild. Great stuff!
• Beautifully done. Love the opening point (we see with the brain) and the value of knowing your audience and speaking to them in terms that appeal to their interests. Brava!
• Fantastic presentation!
Cyber Risk is a Top Business Risk
In 2023, cybersecurity again ranks among the top of all business risks, as it has consistently done for many years.
We don’t expect the relative importance of cybersecurity on your Board or C-suite agenda to hinge on whether cybersecurity ranked #1 or #8 in some study. Our point is that in multiple studies which survey long lists of enormous risks facing our world and your business, cyber ranks predictably in the single digits and often the top 3-5.
(5 minute read)
Intangible Assets are Driving Cyber Risk
• Intangible assets are increasingly important in total company value.
• Intangible assets are in the crosshairs of cyberattacks.
This one-two punch is driving cybersecurity into a more critical role in protecting company value.
Evidence that the game has already changed is showing up in Mergers & Acquisitions (M&A), owner exit strategies, credit ratings, and cyber insurance.
(5 minute read)
Livestream: Mike Warner talks Cybersecurity Entry Level Hiring on SimplyCyber
Leaders should be “The Keeper of the What, not the Master of the How” offers SecuriThink Executive Advisor Mike Warner during this 45-minute interview with Gerald Auger on SimplyCyber.
Livestream: The CISO Experience
Listen in as SecuriThink Executive Advisor, Mike Warner, and founder, Linda Rust, join host Simon Linstead for a one-hour YouTube “Ask Me Anything” (AMA) to explore Mike’s 12 years as the CISO of Oshkosh Corporation (the Fortune 500 specialty vehicle innovator, not to be confused with a well-known brand of children’s clothing).
Avoid M&A Buyer’s Remorse from Cybersecurity
Cybersecurity is a significant driver of buyer’s remorse in Mergers and Acquisitions (M&A). That’s no surprise when more than half of all companies have poor cybersecurity.
What’s needed is a way to rapidly assess cybersecurity costs early in the deal process. Our unique solution has been field-tested on 12 Fortune 500 M&A deals.
(4.5 minute read)
M&A Helps Make the Business Case for Cybersecurity
The growing importance of cybersecurity posture in the structure of M&A deals is another way to quantify the benefits of a good stance.
See how we have used this topic to successfully engage senior stakeholders at the level of the Board of Directors and the C-suite of Fortune 500 companies and leveraged it as a component in the overall business case for better cybersecurity.
(2.3 minute read)
Enhanced Acronym Passwords
Enhanced Acronym Passwords offer a way to hide names, dates, and other facts that can be socially engineered or otherwise attacked by common password cracking methods. With clever designs that can be varied and made unique by each person using this method, we can allow the best of our humanity to shine while getting an important job done.
How To Make Passwords Easy to Crack
To choose a password that’s likely to stand up to attack, wouldn’t it be helpful to know the most common tricks bad actors beat consistently? Here’s a postcard-size reference on what makes a password easy to crack.
Do you already have strong passwords? Run your favorites against this list and see how they hold up.
Cybersecurity is Like Securing Your Car
Just like securing your car, it takes more than one thing to be cybersecure. Problems come from more than one angle and each protection has its strengths but also limitations. We add up the strengths and protect the blind spots by layering the protections.
Leverage Cybersecurity Spending
A diamond only shines to the extent that it’s in the right setting. Getting full leverage from your cybersecurity spending works on the same principle. The optimal setting for cyber technology requires adapting processes and fully engaging your people. This is the shortcoming of every silver bullet scenario.
The Cybersecurity Business Case for Manufacturing Supply Chain
As the number one most attacked industry, manufacturing is in the cross-hairs of cybercrime. At the same time manufacturing has less visibility into supply chain tiers than other verticals. This combination of factors amplifies the potential blast radius for damage.
Livestream: CMMC Momentum on Simply Cyber
Dr. Gerald Auger and co-host Eric Taylor have weekly discussions called “What’s On Your Radar?” on the SimplyCyber YouTube channel.
On May 20th they invited SecuriThink principal, Linda Rust, to share her observations on the news about the Cybersecurity Maturity Model Certification (CMMC) timeline announced May 9th by the Department of Defense (DoD).
Why Cybersecurity Maturity Model Certification (CMMC)?
Attacks significantly targeting suppliers more than prime contractors are driving the Department of Defense (DoD) contract requirement for Cybersecurity Maturity Model Certification (CMMC) to confront the historic lack of compliance with requirements in place since 2017.
Cybersecurity Maturity Model Certification (CMMC) Momentum is Building
Cybersecurity Maturity Model Certification (CMMC) will be in all contracts over two years earlier than originally scheduled. How does this apply to your CMMC business case? See how SecuriThink has drawn the picture.
How CMMC Assessment Procedures Come from Practice Descriptions
Sharpening the Blade: How do CMMC Assessment Procedures come from Practice Descriptions? This video answers that question in 23 minutes.
Making the Business Case for Cybersecurity – Cyber Insurance 4Q 2021
Cyber Insurance offers useful insights to quantify cyber risk and make it real for business owners, CxOs and board members of public companies.
Panel Discussion: Governance, Risk and Compliance (GRC) for Cybersecurity
Jaclyn (Jax) Scott of Outpost Gray hosted a panel of senior leaders working in cybersecurity Governance, Risk and Compliance (GRC). Joining Jax and our founder Linda Rust in this 1 hour discussion are:
Configuration Assurance – Naming the Elephant
This is the story of a dilemma solved. A Chief Information Security Officer (CISO) had time and again discovered problems with patching and configuration settings not matching agreed upon standards.
Cybersecurity Maturity Model Certification (CMMC) – What to make of the rumors of change
If you’ve heard rumors of significant changes expected to CMMC, here’s a video to help sort it out. How to make use of this calm before the storm? What can be done in the interim with confidence it will be relevant moving forward?
Cybersecurity Maturity Model Certification (CMMC)
CMMC is a new cybersecurity compliance requirement with third party verification coming soon to U.S. Department of Defense (DoD) contracts.
CMMC – 30,000 Foot View
CMMC in 27 minutes – a video overview of the changes coming with CMMC and why.
Why plan Return on Investment (ROI) before completing design and deployment?
Experience shows that focusing on Level 3+ results from the outset yields a much more powerful outcome while also making the project easier and less risky.
How to make your data classification project easier
Leverage our lessons learned to make your project easier using the SecuriThink Data Classification Complexity Scale.
The Rapidly Changing Role of the CISO
Actionable distinctions about CISO responsibilities and the skills to master them have been identified by executive recruiters. These distinctions go beyond staffing; they also describe behaviors that increase overall InfoSec maturity.
Data Classification – Example 1
Rally C-suite ownership with a compelling business case for change
Data Classification – Example 2
Managing across the enterprise for new security habits
Data Classification – Example 3
Quick Start the project, cross-train client team, manage risk
Secure the Perimeter
23 Workstreams over 2 years deployed many technologies and policy changes in support of a “Defense In Depth” InfoSec strategy
Better Phishing Protection
Behavior change and more leverage from Security Education and Awareness (SEA)
Administrative Rights
Reduce technical support with appropriate employee engagement
Complex Passwords
Minimize business impact and technical support requirements
Managing Across the Supply Chain
High security computer-based test centers