The Digital Supply Chain and Security Flaws in the R Programming Language

May 9, 2024 Continuum GRC 0 Comment

We use “the digital supply chain” regularly because enterprise and government businesses rely heavily on it. The relationships between vendors, cloud providers, software, and customers are so deeply intertwined that it’s impossible to avoid the big picture–that security is a complex activity that can span dozens of entities.

A recently discovered flaw in the R programming language (which you may or may not have even heard of) has introduced a severe security threat and CVE designation that experts are patching. But how does a small problem in a programming environment threaten major tech companies like Google and Microsoft?

The Kaiser Data Breach and the Importance of HIPAA for Vendor Relationships

May 1, 2024 Continuum GRC 0 Comment

Unfortunately, HIPAA data breaches are increasingly common. Kaiser Permanente, one of the largest healthcare insurance providers in the U.S., recently reported a massive exposure of millions of patient records (Protected Health Information, or PHI).

This unfortunate event also serves as a learning moment for companies who may not understand how to avoid such unintended consequences.

CMMC and Level 2 Assessment Guidelines

Apr 24, 2024 Continuum GRC 0 Comment

Digital cloud of computers and lock images.

Our previous articles on CMMC Level 1 certification focused on what organizations need to know when conducting self-assessments. These documents relied primarily on the fact that the contractor would do their assessments and reporting.

With Level 2 certification, the game changes. Not only are nearly all assessments performed by C3PAOs, but their requirements expand nearly tenfold. That said, some basics of what to expect in the assessment remain the same.

Here, we’re discussing the CIO’s guidance for Level 2 assessments.