Search

Insight

Debunking Common Myths Around the DoD’s CMMC Certification

Which of these statements is true? Bananas grow on trees. The Great Wall of China can be seen from space. CMMC compliance won’t impact your work with the Department of Defense. The answer: none of them. The Cybersecurity Maturity Model Certification (CMMC) is the DoD’s new cybersecurity standard, and certification will be required for all contractors before they can bid on government projects. There are five levels of certification, which are earned based on the security safeguards in place to protect sensitive government information. The DoD is still developing the full compliance process for the CMMC, but requests for proposals (RFPs) requiring certification will roll out in September. This has created a lot of confusion among contractors, leading to several misconceptions about the CMMC and its certification process. In this blog, we’ll take a look at some of the most common myths about the CMMC to help you understand this new framework and prepare for certification. 
Insight

Internal Audit and Cybersecurity: A Guide to Working Together

In this three-part webinar series, our Internal Audit team will sit down with leading cybersecurity experts to explore the different facets of a cybersecurity program and practical ways internal audit can work alongside cybersecurity teams to manage risk.
Insight

How to Get Started on the DoD’s CMMC Certification

Updated July 15, 2020 With more than 300,000 Department of Defense (DoD) companies and subcontractors essential to military operations, the defense industrial base (DIB) is a frequent and valuable target for malicious cyberattacks. Potential breaches of intellectual property in this sector could weaken U.S. defense capabilities and become a matter of national security. In an attempt to increase the security and resiliency of the DIB, the U.S. Department of Defense launched Version 1.0 of the Cybersecurity Maturity Model Certification (CMMC) in January 2020. Adapted from industry-recognized frameworks, the CMMC represents a unified cybersecurity standard required for all contractors hoping to do work with the DoD. In this post, we’ll take a closer look at the CMMC framework and how your company can start preparing now for CMMC certification.
Service

Privacy Staffing Support

Support When You Need It Focal Point’s privacy experts can drop into your privacy program to address specific needs or…
Insight

Building Operational Agility in Healthcare: Focus on your Non-Employees

If the past few months have taught us anything, it’s that healthcare organizations need to be able to scale – quickly, securely, and with patient care at the forefront. The key is operational agility. Operational agility is the ability to respond quickly to changing external conditions, without compromising long-term objectives. In a healthcare context, this means being able to respond to rapid swings in public health conditions, new regulatory guidance, or emerging security threats without compromising on patient care, data protection, or research goals. Fundamentally, developing operational agility is about building a core set of processes and capabilities and enabling your people to operate dynamically within that environment.
Insight

The Name of Your SOC Matters: Tips for Picking a Name that Fits

Focal Point has worked with a number of security operations teams, helping them advance their capabilities, execute on their strategies, and strengthen their skills. More often than not, we’re brought in because stakeholders don’t feel like their security operations are meeting the needs of the organization. When we dive into it, we often find that this “failure” is driven by a misalignment between what security operations does and the expectations of the leadership team. Left to fester, many security operations teams find them on the short end of the long-term leadership support they need.  There are a few ways that this breakdown occurs, but one of the simplest to fix and most commonly overlooked is the name.
Service

PCI Compliance in the Cloud

Striking the Balance As more organizations embrace cloud computing, the divide between cloud autonomy and compliance becomes greater. Your organization…
Insight

The Countdown to CCPA Enforcement

The Covid-19 pandemic brought much of the world to a standstill, but one thing it has not impacted is the enforcement date for the California Consumer Privacy Act (CCPA). The CCPA, which went into effect on January 1 of this year, grants California residents new privacy rights for their personal information and is considered the most robust state privacy law in the U.S. Enforcement of this landmark privacy law begins on July 1, 2020, but Covid-19 has increased concerns over whether companies have the time and resources necessary to be ready by then. Despite dozens of requests for a delay due to Covid-19 pandemic, the California Attorney General Xavier Becerra declined to extend the July 1 deadline, stating that privacy concerns have increased during this time. In this post, we’ll take a closer look at these extension requests, recent CCPA lawsuits, and steps your business can take to prepare for life after July 1.
Insight

An Interview with Cisco’s Mike Scheck: Cyber Workforce Development

Mike Scheck, Sr. Director of Incident Command at Cisco Systems, graciously sat down with Focal Point's Justin Avery to discuss his strategy on hiring, training, and retaining employees on his cybersecurity team.
New Search