Mining Technical Debt for Fun and Profit
Risk Advisory Alex Muentz Risk Advisory Alex Muentz

Mining Technical Debt for Fun and Profit

That old tech debt gets a hard crust of “don’t go there” and after a while only a few people understand how it actually works. Those few people know the system well enough to develop workarounds to meet new requirements, so you don’t get a mandate to replace it.

Read More
Initial Release of the DOD Cybersecurity Maturity Model Certification
Risk Advisory Shea Nangle Risk Advisory Shea Nangle

Initial Release of the DOD Cybersecurity Maturity Model Certification

There are five levels of CMMC certification, numbered Level 1 through Level 5 — with Level 5 being the highest, and most rigorous, standard. All vendors interacting with Federal Contract Information (FCI) will be required to meet Level 1 as a minimum, while all contracts involving accessing, transmitting, or processing Controlled Unclassified Information (CUI) will need to be at Level 3 or above.

Read More
Risk Advisory Shea Nangle Risk Advisory Shea Nangle

Getting Started With the Upcoming DOD Cybersecurity Maturity Model Certification

The United States Department of Defense (DoD) recently announced the Cybersecurity Maturity Model Certification (CMMC). All companies and subcontractors doing business or proposing to do business with the DoD must be assessed and certified against the CMMC starting in 2020, with the full CMMC slated for publication in January of 2020. This requirement follows a number of high-visibility security incidents involving DoD information.

Read More
Risk Advisory Guest User Risk Advisory Guest User

Dark Matter and Measuring Security

I am occasionally asked by our clients to measure how secure a thing is. That is perfectly reasonable to want to know. Is it secure enough? Do we need to spend more on security to make it secure enough? Are we getting better or worse? And so, managers are surprised, as well as disappointed, to learn that measuring security is nearly impossible.

Read More