How we’re making sense of CMMC 2.0

On November 5, 2021, the Office of the Secretary for the Department of Defense produced a document outlining updates for the Cybersecurity Maturity Model Certification (CMMC) program. We’ve been following the program since its inception, and we were eager to find out what’s coming next. In short, some of the changes help reduce the burden…

The post How we’re making sense of CMMC 2.0 appeared first on TrustedSec.

Continue reading How we’re making sense of CMMC 2.0

How I Retained My QSA Certification

In 2019, the Payment Card Industry (PCI) Security Standards Council (SSC) modified the Qualification Requirements for Qualified Security Assessor (QSA) employees. Prior to the modification, the requirements stipulated that QSA employees must hold either an Information Security certification or an audit certification, but now QSA employees must have a minimum of two (2) industry certifications:…

The post How I Retained My QSA Certification appeared first on TrustedSec.

Continue reading How I Retained My QSA Certification

Using Effectiveness Assessments to Identify Quick Wins

An organization’s overall security posture can be viewed from multiple different angles, such as technical assessments, program assessments, controls assessments, and risk assessments. A number of different frameworks for each of these assessment types exist, intended to help both technical teams as well as leadership organize security program building activities. Some of these include: Penetration…

The post Using Effectiveness Assessments to Identify Quick Wins appeared first on TrustedSec.

Continue reading Using Effectiveness Assessments to Identify Quick Wins

20 Tips for Certification Success

Over the years, it has been my experience that industry certifications have become standard for job consideration and/or advancement for many technical positions. This is, of course, in addition to having experience in the particular field. I obtained my first (modern-day) technical certification in 2014. It was the System Security Certified Practitioner (SSCP) offered by…

The post 20 Tips for Certification Success appeared first on TrustedSec.

Continue reading 20 Tips for Certification Success

Understanding New York’s SHIELD Act

While General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) get a lot of attention, New York should not to be left out. In effect beginning on March 21, 2020, the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act (https://www.nysenate.gov/legislation/bills/2019/s5575) places additional security and privacy requirements on organizations that possess…

The post Understanding New York’s SHIELD Act appeared first on TrustedSec.

Continue reading Understanding New York’s SHIELD Act

Working With the Department of Defense in 2020? Start Planning for the New Certification.

In what is certain to be a wakeup call for many organizations involved in Department of Defense contracts, The Cybersecurity Maturity Model Certification (CMMC) is set to become a part of life in 2020. Much like previous requirements, the CMMC requirements will also apply to subcontractors, and all Requests for Proposal (RFPs) will require CMMC…

The post Working With the Department of Defense in 2020? Start Planning for the New Certification. appeared first on TrustedSec.

Continue reading Working With the Department of Defense in 2020? Start Planning for the New Certification.