For Cloud Service Providers (CSPs) with dreams of seeing their Cloud Service Offering (CSO) in use by all federal agencies, FedRAMP Ready will be essential. We've put some thoughts together on what organisations need to consider when taking on a FedRAMP Readiness assessment.
In light of the current COVID-19 pandemic and current travel restrictions, the PCI Security Standards Council has lightened the on-site restrictions to be something a bit more pragmatic.
As the CyberUp Campaign launches to continue the quest for reform of the UK’s Computer Misuse Act 1990, NCC Group’s Head of Public Affairs, Kat Sommer, reflects on the journey towards legislative reform and why, despite any obstacles, the progress to date is creating a sense of momentum to build on and carry forward.
Where organisations provide contact centre services, the move to remote working has posed particular challenges to both ensuring that the right tools are available and managing the risks associated with agents who will be handling cardholder data. We’ve outlined some of the key considerations to help you navigate this change.
A FedRAMP Authority to Operate (ATO) is a must-have for any company offering cloud services to Federal Agencies in North America. To get there, you need a solid plan that includes top-down support for funding and process changes, a good understanding of your company’s internal processes, and of course, the right partner.
How too much security can actually lead to too little and how by finding your Goldilocks Zone you can get it "just right".
"Within NCC Group and the broader cyber security sector, neurodiversity is common to see. I am one of several people at NCC Group who have a form of autism and there are many more that make up our own neurodiverse community." An article written by a NCC Group colleague about life and work as part of a neurodiverse community.
Your Qualified Security Assessor (QSA) may come across new findings while conducting an annual Payment Card Industry (PCI) assessment. Shifting industry trends, requirements changes, and the "the human factor" are just a few of the reasons why this might happen.
"When I was diagnosed at 15 years and nine months with Asperger’s Syndrome it was hard to conceive the ways in which my ‘Individual Needs Assessment’ would go on to play a role during my Higher Education and how it still continues to shape how I live and work today." An article written by a NCC Group colleague about living and working with Asperger's Syndrome.
Are you ready for the Cybersecurity Maturity Model Certification (CMMC)? In a recent webinar, our very own Jeff Roth provided details around the CMMC, its maturity models, and how it’s likely to evolve in the coming months.
In conducting due diligence during a Merger & Acquisition (M&A) transaction, cyber security considerations often take a backseat to evaluating revenue multipliers, cost synergies, and operating efficiencies.
Part 2 of “The Zero Trust Model: Security Inside and Out” provides guidance around how to gain stakeholder support to adopt the Zero Trust security model.
Could trusting no one be the key to data security? In this two-part series, we’ll examine how a Zero Trust model removes implicit trust in the traditional “trust but verify” model, as well as give insight into: • Advantages of the Zero Trust model • Guidance around implementing Zero Trust within your organization • Potential roadblocks and how to secure stakeholder support
January is a time for reflection, which most companies try to tap into by spamming you with predictions for the upcoming year, New Year’s resolutions and new solutions to old problems. My marketing department have convinced me to jump on the bandwagon, however ...
One of the problems that cyber security stakeholders face is the overabundance of tools and processes. Just Google “firewall providers” and you are deluged with information; replace firewall with any other tool (anti-virus, phishing simulation, intrusion detection system, and the like) and the results are similar.
Few things capture the imagination like movies. From epic dramas to tearful romances, from everyday travails to futuristic science fiction, from chilling horror to feel-good comedy, Hollywood is our great escape into the land of make believe. Here are some of my favorite movies, the lessons they taught us as moviegoers, and the lessons that translated for me as a cyber security consultant.
For a company focused on core operations and meeting the needs of its stakeholders, it makes financial sense to handover non-core functions to third-party vendors. Unfortunately, this introduces a whole new element of risk in the company’s ecosystem – third party risk, of which cybersecurity is a critical component.
Matt Lewis explains more on the assessment undertaken for the consumer choice organisation Which? to assess the security of seven popular electronic and connected toys in the run up to Christmas 2019.
With increased demand for virtual card capabilities from Australian businesses, merchants and service providers, we keep being asked by our customers whether virtual payment cards are subject to Payment Card Industry Data Security Standard (PCI DSS). If they are, what would be the impact and their obligation against the payment standard? Mohammad Daneshvar explores...
As anyone working in cyber security knows, 100% threat prevention/mitigation is a myth. One question we hear time and time again is, “how much security is enough?” Sourya Biswas explains why there are so many different ways to answer this...
