There are plenty of benefits to innovative new technologies, from greater efficiency to cost savings to customer satisfaction. It is rare, however, for a new technology to truly replace existing IT – rather, it gets incorporated into or bolted onto current systems. This approach, along with the explosion of mobile devices and proliferation of software and SaaS applications, dramatically increases and clouds an Agency’s cyber footpr...

All the elements of the U.S. healthcare system are under siege by hackers. A recent article in Modern Healthcare reported that “[o]ver the past five years, there’s been a 256% increase in large breaches reported to [the U.S. Department of Health and Human Services] involving hacking and a 264% increase in ransomware.” Federal health agencies face the same risks – and private-sector attacks ripple through the agencies, a...

While the Personal Identity Verification (PIV) and Common Access Card (CAC) represent a high assurance, technically interoperable, and a highly regulated method of authentication, they suffer from factors such as ease of use, ability to work with mobile devices and across devices. Office of Management and Budget (OMB) memorandum M-19-17, Enabling Mission Delivery Through Improved Identity, Credential, and Access Management, opened the door for...

State governments understand that utilizing IT effectively is the key to delivering excellent customer service. For instance, in Ohio the current strategic plan forthrightly states that the “use of State technology assets to increase the wellbeing of Ohioans and their health, property, security, livelihood, and prosperity is essential.” Measures include improving information security and privacy, building on cloud-smart infrastruct...

In this CPE training event, we overview the principles and implementation of Zero Trust Architecture to enhance your organization's security posture. Zero Trust Architecture, based on the NIST SP 800-207 criteria, revolutionizes the traditional approach to cybersecurity. It challenges the assumption of implicit trust within networks and promotes a model where trust is never granted by default. Instead, it emphasizes continuous analysis and eva...

This 2 CPE training event "Protecting Controlled Unclassified Information" is based on NIST SP 800-171 R3." In this webinar, we will overview the essential strategies and guidelines outlined in NIST SP 800-171 Revision 3 (R3) to safeguard Controlled Unclassified Information (CUI). Our CPE training is designed to equip participants with the knowledge and tools needed to protect sensitive information from unauthorized access, disclosure, or los...

Join this event on using the National Institute of Standards and Technology (NIST) approach for creatin a comprehensive on Systems Security Plan (SSP). This overview event is designed to equip participants with the knowledge and skills needed start the process of development and implementation of an effective security plans for federal information systems. Key Topics Covered: Understanding the NIST security standards and guidelines Implementin...

Join us for a 2 CPE event that provides an overview of the NIST Cybersecurity Framework (CSF) 2.0. This framework is designed to help organizations better manage and reduce cybersecurity risks by utilizing existing standards, guidelines, and practices. During this event, participants will gain valuable insights into the key concepts and components of the CSF 2.0. Learn how the framework integrates lessons learned from recent technology advanc...

Join us for a highly informative and engaging 1 CPE event, where we will review the world of risk management through the lens of the ISO 31000 standard. This event is designed to provide participants with an overview of the ISO 31000 standard and its significance in the field of risk management. ISO 31000, also known as "Risk Management – Guidelines," is an internationally recognized standard that offers principles, a framework, and a p...