Artwork

Sisällön tarjoaa Nisos, Inc.. Nisos, Inc. tai sen podcast-alustan kumppani lataa ja toimittaa kaiken podcast-sisällön, mukaan lukien jaksot, grafiikat ja podcast-kuvaukset. Jos uskot jonkun käyttävän tekijänoikeudella suojattua teostasi ilman lupaasi, voit seurata tässä https://fi.player.fm/legal kuvattua prosessia.
Player FM - Podcast-sovellus
Siirry offline-tilaan Player FM avulla!

Data Governance and Threat Intelligence Converge with Egnyte’s Chief Governance Officer Jeff Sizemore

26:25
 
Jaa
 

Manage episode 342537107 series 3331602
Sisällön tarjoaa Nisos, Inc.. Nisos, Inc. tai sen podcast-alustan kumppani lataa ja toimittaa kaiken podcast-sisällön, mukaan lukien jaksot, grafiikat ja podcast-kuvaukset. Jos uskot jonkun käyttävän tekijänoikeudella suojattua teostasi ilman lupaasi, voit seurata tässä https://fi.player.fm/legal kuvattua prosessia.

Topic: Title: Data Governance and Threat Intelligence Converge

In Episode 83 of TheCyber5, we are joined by our guest, Egnyte’s Chief Governance Officer, Jeff Sizemore.

We discuss the Cybersecurity Maturity Model Certification (CMMC) and the impact on Department of Defense (DOD) contractors to mature their cybersecurity hygiene in order to compete for US government contracts. CMMC was based on NIST Standards 800-71.

Here are 4 topics we discuss in this episode:

  • Why Does CMMC Matter?

In the near future, contracts are going to be rated L1-3 and if contractors are not certified up to a certain level, they cannot bid on the contract. This is more focused on the smaller defense contractors who up to now, have generally disregarded compliance measures yet are major targets for nation state cyber attacks.

  • Failure to Comply with CMMC Could Mean Perjury

Compliance for DOD contractors is not new and companies were previously allowed to self-attest. When DOD regulatory bodies did the research, 75% of companies were found to be not in compliance. For enforcement, the Department of Justice is now involved and if contractors lie, it’s considered perjury.

  • Compliance Cybersecurity Controls Contractors Can Implement
  1. Before choosing an email provider, cloud environment, or file share, be sure they are FedRamp compliant.
  2. Automate the search capability within secure enclaves so CUI is detected in an environment.
  3. Automate the ability to be audited so contractors aren’t wasting time in spreadsheets.
  • Incident Response and Threat Intelligence Controls Needed

Threat intelligence is in an evolutionary stage for larger contractors to monitor their subcontractors to determine if they have vulnerabilities and/or if they have been breached. Third party risk score cards are generally not actionable for defense contractors because the vulnerabilities are not put into context to a business risk. The key is to bring together a threat intelligence picture that can alert on actionable data leaks.

  continue reading

91 jaksoa

Artwork
iconJaa
 
Manage episode 342537107 series 3331602
Sisällön tarjoaa Nisos, Inc.. Nisos, Inc. tai sen podcast-alustan kumppani lataa ja toimittaa kaiken podcast-sisällön, mukaan lukien jaksot, grafiikat ja podcast-kuvaukset. Jos uskot jonkun käyttävän tekijänoikeudella suojattua teostasi ilman lupaasi, voit seurata tässä https://fi.player.fm/legal kuvattua prosessia.

Topic: Title: Data Governance and Threat Intelligence Converge

In Episode 83 of TheCyber5, we are joined by our guest, Egnyte’s Chief Governance Officer, Jeff Sizemore.

We discuss the Cybersecurity Maturity Model Certification (CMMC) and the impact on Department of Defense (DOD) contractors to mature their cybersecurity hygiene in order to compete for US government contracts. CMMC was based on NIST Standards 800-71.

Here are 4 topics we discuss in this episode:

  • Why Does CMMC Matter?

In the near future, contracts are going to be rated L1-3 and if contractors are not certified up to a certain level, they cannot bid on the contract. This is more focused on the smaller defense contractors who up to now, have generally disregarded compliance measures yet are major targets for nation state cyber attacks.

  • Failure to Comply with CMMC Could Mean Perjury

Compliance for DOD contractors is not new and companies were previously allowed to self-attest. When DOD regulatory bodies did the research, 75% of companies were found to be not in compliance. For enforcement, the Department of Justice is now involved and if contractors lie, it’s considered perjury.

  • Compliance Cybersecurity Controls Contractors Can Implement
  1. Before choosing an email provider, cloud environment, or file share, be sure they are FedRamp compliant.
  2. Automate the search capability within secure enclaves so CUI is detected in an environment.
  3. Automate the ability to be audited so contractors aren’t wasting time in spreadsheets.
  • Incident Response and Threat Intelligence Controls Needed

Threat intelligence is in an evolutionary stage for larger contractors to monitor their subcontractors to determine if they have vulnerabilities and/or if they have been breached. Third party risk score cards are generally not actionable for defense contractors because the vulnerabilities are not put into context to a business risk. The key is to bring together a threat intelligence picture that can alert on actionable data leaks.

  continue reading

91 jaksoa

Kaikki jaksot

×
 
Loading …

Tervetuloa Player FM:n!

Player FM skannaa verkkoa löytääkseen korkealaatuisia podcasteja, joista voit nauttia juuri nyt. Se on paras podcast-sovellus ja toimii Androidilla, iPhonela, ja verkossa. Rekisteröidy sykronoidaksesi tilaukset laitteiden välillä.

 

Pikakäyttöopas