FISMA is the Federal Information Security Management Act. It is a high-level law that mandates a level of cybersecurity for all federal agencies and federal contractors. It was enacted by Congress in 2002 and updated in 2014.
While FISMA delegates cybersecurity responsibility to the various federal departments and agencies, it also centralizes a significant amount of cybersecurity functions (including mandates) to the Department of Homeland Security (DHS) and leaves the nitty-gritty standards and guidelines to the National Institute of Standards and Technology (NIST) to hammer out.
In this cyber environment, it is important to have a robust Information Security Management System (ISMS), but how do you know if you have a strong ISMS?
Well it's as simple as filling out a questionnaire!
Overview of the Federal Trade Commission in regards to cybersecurity:
“HiTRUST: Burdensome, But Worth It if You Have the Resources”
For the past few months the challenges facing the country’s medical infrastructure has been all over the news. Mostly these issues have focused on medical supplies and capacity, but as with any organization the IT needs of these medical facilities are also of the utmost criticality.
Free Cybersecurity Strategies for the Homebound
Well, April is almost over, and most of us are still teleworking from home. Last month I discussed some basic requirements for working remotely, and given that the coronavirus pandemic is still very much affecting our working lives, I’ve decided that this month it would be good to build on some of the concepts introduced last month.
Lately, and for good reason, the top thing on people’s minds has been the COVID-19 Coronavirus. Any change from normal operations will inherently be less secure, because often the processes are unfamiliar and have not been ironed out to the extent that a company’s normal operations have been. In a situation like we are facing now, with widespread teleworking, a company’s prime security concern should be the correct implementation of a strong teleworking policy.
The importance of risk training.
“Don’t Forget About Negligence – It Hasn’t Forgotten you”