In today’s interconnected digital landscape, application programming interfaces (APIs) play a pivotal role in facilitating seamless communication and data exchange between various applications and systems. However, with this increased connectivity comes heightened security risks, particularly concerning the protection of sensitive data in those APIs. One of the most notorious examples of API risk is the Cambridge Analytica scandal in the...

In today’s rapidly evolving cybersecurity landscape, Zero Trust has emerged as a critical strategy to defend organizational assets against persistent cyber threats. However, the presence of mobile devices in enterprise environments poses significant challenges to traditional Zero Trust implementations. As government agencies increasingly rely on mobile devices to conduct business and communicate, ensuring the security of these endpoints...

All the elements of the U.S. healthcare system are under siege by hackers. A recent article in Modern Healthcare reported that “[o]ver the past five years, there’s been a 256% increase in large breaches reported to [the U.S. Department of Health and Human Services] involving hacking and a 264% increase in ransomware.” Federal health agencies face the same risks – and private-sector attacks ripple through the agencies, a...

While the Personal Identity Verification (PIV) and Common Access Card (CAC) represent a high assurance, technically interoperable, and a highly regulated method of authentication, they suffer from factors such as ease of use, ability to work with mobile devices and across devices. Office of Management and Budget (OMB) memorandum M-19-17, Enabling Mission Delivery Through Improved Identity, Credential, and Access Management, opened the door for...

You are invited to attend Acquisition Training for the Real World’s Summer Camp event, July 15 - 19, 2024! This week-long series of two hour, virtual training sessions features engaging thought leaders who know the challenges that acquisition professionals face and can provide real-world solutions. Participants can earn up to 10 CLPs over the week! Classes offered this session include: Quest for Clarity: Asking the Right Procurement Ques...

The continuous evolution of technology presents us with a dynamic landscape filled with both promise and challenges. As the internet gained widespread adoption, it revolutionized various aspects of our lives, introducing innovations such as online shopping and real-time news updates, alongside issues like spam, phishing, and malware. Traditionally, government entities have been cautious in adopting new technologies, often due to regulatory con...

States’ voter registration systems and voter access have undergone a host of changes over the past five years, thanks in large part to the Covid-19 pandemic. Many states expanded vote-by-mail options, stepped up automatic voter registration programs, or both. Cities took action, as well – Los Angeles, for instance, has overhauled its voting system infrastructure, using open source, the cloud, and cybersecurity partnerships to updat...

A Practical Approach to A-123 Compliance Programs Join us for a unique, interactive workshop that "walks you through" the latest update of The Green Book which now conforms to the Internal Control Integrated Framework (COSO 2013). This training is focused on the current Standards for Internal Control in the Federal Government as detailed in the Green Book. This 18 hour CPE course provides you with the tools to implement a compliance program th...

State governments understand that utilizing IT effectively is the key to delivering excellent customer service. For instance, in Ohio the current strategic plan forthrightly states that the “use of State technology assets to increase the wellbeing of Ohioans and their health, property, security, livelihood, and prosperity is essential.” Measures include improving information security and privacy, building on cloud-smart infrastruct...

In this CPE training event, we overview the principles and implementation of Zero Trust Architecture to enhance your organization's security posture. Zero Trust Architecture, based on the NIST SP 800-207 criteria, revolutionizes the traditional approach to cybersecurity. It challenges the assumption of implicit trust within networks and promotes a model where trust is never granted by default. Instead, it emphasizes continuous analysis and eva...