The Department of Defense (DoD) has officially published version 1.0 of its Cybersecurity Maturity Model Certification (CMMC) approach. DoD contractors are now trying to figure out what comes next. Since all DoD contractors will need to obtain a CMMC certification at some point, all of them must spend time to create a strategy and develop/implement a plan to get there. To help you jumpstart the process, we've put together the five steps you’ll need to follow. These can be used as milestones as part of an implementation project plan.
As the looming deadline approaches, we’ve decided to answer six general (but important) questions you likely have when it comes to the Department of Defense's Cybersecurity Maturity Model Certification.
As security leaders kick off the New Year with fresh perspectives and goals aimed at measurably reducing cyber risk within their respective organizations, it may be time to revisit data protection strategies. Here, Nick Ellsmore, director of consulting and professional services, APAC, at Trustwave, highlights five key areas to focus on to take an adaptive approach to cybersecurity as our lap around the sun once again begins.
But before you jump into any conclusions on the tensions with Iran, we decided to touch base with Trustwave’s own incident response expert who provided us with a breakdown of what’s occurring, but most importantly, what may occur in the coming days or months.
Knowledge is power when it comes to cybersecurity, which is why members of the Global Telco Security Alliance have provided businesses and other organizations with 10 key insights they should know about the state of cybersecurity.
As 2019 is behind and the road to 2020 seems like a far stretch ahead, we once again checked back in with some folks from the elite SpiderLabs team at Trustwave to get their thoughts on what’s taken place, but most importantly, what 2020 could have in store for us.
After a slew of big events in 2019, we’ve decided to compile a list of the top nine SpiderLabs posts of the year that feature insights on malware, penetration testing tools and techniques and one major vulnerability disclosed.
A discussion on the primary resource constraints that security organizations are facing and how security leaders can determine when it’s time to seek supplemental assistance for their teams.
Data-driven privacy regulations are being enacted by governments across the globe, providing protection for consumers but making it more difficult for businesses to be compliant globally. But are these rules making organizations more or less secure?
The Trustwave SpiderLabs experts are known for the open-source security projects they release throughout the year. We caught up with the creator of the latest tool, dubbed CrackQ, for a breakdown of what it is and what it offers for Red Teams.
As modern-day organizations continue to increase their workloads in the cloud, attackers are taking aim and shifting their tactics to compromise them. This Q&A features insights on what cybercriminals prefer to target in cloud environments.
A discussion on the differences between MDR and MSSP services and how some of the overlaps may be causing confusion for security leaders in search of assistance in protecting their organizations.
The list of obstacles security leaders experience to reach an ideal state of cyber resiliency in a multi-cloud environment is long, but important steps and decisions need to be made when it comes to the following three areas.
The Department of Defense previously had an honor-system in place for contractors and subcontractors to meet cybersecurity compliance. This is all about the change with the introduction of the Cybersecurity Maturity Model Certification. Here are five important facts that you need to know and prepare for as the requirements are baked into RFIs and RFPs in 2020.
As business email compromise attacks continue to rise, impacting organizations across sectors, one can help but think what could be on the horizon as cybercriminals continue to leverage emerging technology. Here, we explore how deepfake technology may be a future asset for threat actors.
A discussion on the capabilities that would make a hybrid SOC partner most successful and key items organizations should focus on if they’re thinking of embarking on a hybrid SOC journey.
Digital crooks won’t start off their attack campaigns by spending hours on developing custom file payloads or trojans. They’re looking for the path of least resistance, and most of the time, that’s by exploiting a misconfiguration in their target’s network.
Security organizations that embrace adaptive security are both agile when it comes to the threat landscape, but also continue to evolve proactively through the threat research and intelligence sharing it consumes. Here are steps you should take to point the security organization in the direction of becoming an agile and proactive function.
Far too much information that either carries too little or too much value is stored in databases, making it difficult to manage at times from an information security standpoint. Trustwave Senior Product Manager Thomas Patterson discusses how security leaders can minimize the value in their databases and provides a good rule of thumb to follow when it comes time to decide what should and shouldn’t be kept in the database.
By now, you’re likely familiar with the terms “penetration testing” and “red teaming,” but if it’s time for you to decide which option is best for your organization, we’ve provided a concise breakdown with the help of some of our Trustwave SpiderLabs experts.
Sign up to receive the latest security news and trends from Trustwave.