What is Penetration Testing

There are several types of testing in the IT market, each meant to address different aspects of security, operations and compliance. Penetration testing is a practice that can often span many of these aspects in meaningful ways, by providing security and system awareness across almost any facet of your organization’s technical operations. 

Here, we’ll start with an intro to the concept of penetration testing. In the near future, we will start to dig into the details of penetration testing for compliance, but here we will introduce some of the basics of what penetration is and why it is important. 

Read More

Modern Risk Management and Compliance in 2021

risk management featured

Risk management and assessment is the practice of assessing an organization’s security systems against possible vulnerabilities and gaps to determine how much “risk” is acceptable as part of doing business. Factors like compliance, emerging threats and changes in technology and business operations all play an immense role in how security experts manage the risk their organizations are willing to take on, and how much they will invest in their cybersecurity infrastructure. 

As we pass the halfway point of 2021, we look back to some of the trends that have played a role in risk management and assessment. In some ways, the story of risk in 2021 is heavily dictated by 2020, as the COVID pandemic has fundamentally altered how companies in multiple industries worldwide continue to do business. 

Read More

What are the Three Levels of CMMC Certification?

The Cybersecurity Maturity Model Certification (CMMC) framework of regulations is a relatively new governing document that combines several cybersecurity and risk management requirements to streamline security and compliance for agencies and contractors in the Defense Industrial Base (DIB) supply chain. 

Even though all DoD agencies do not yet require this framework, its roadmap suggests that it will become a requirement in the coming years.

Central to CMMC regulations are three security levels, each determining the data a contractor can manage in their systems. These levels are distinguished by an escalating series of requirements regarding an organization’s technical capabilities and abilities. 

 

Read More