Josh Brewton operates as a security consultant, specializing in risk management and compliance, IT operations, and information assurance. Josh has been specializing in security for the last 10 years honing his craft via local, state, federal, and private sectors supporting various initiates.
The Payment Card Industry – Data Security Standard or PCI-DSS is a set of standards created to help organizations provide a secure environment for cardholder data. PCI-DSS compliance is not an easy task for any organization, but it is especially hard for small businesses and enterprises. The problem with PCI-DSS is that it requires a lot of time and effort without giving much in return – which means that the costs are high. The PCI-DSS …
RMF: The Basics The risk management framework (RMF) is designed to help organizations understand the risks to their information and information systems and manage those risks in order to maintain their security.ย The RMF helps organizations identify, assess, protect and monitor their information and information systems. It also helps organizations determine how well they are managing risk.ย NIST provides a variety of resources for implementing the RMF including guidance on developing an authorization to operate (ATO) process, …
In this post, we will discuss how organizations can grow with cyber security compliance. In a world where data breaches and cyber attacks are happening every day, it is essential for organizations to take the necessary steps to protect their data and information from these threats. To do so, they must implement a cybersecurity compliance program that is tailored to their needs. This program should cover all the areas of their business, from IT infrastructure …
The Cybersecurity Maturity Model Certification (CMMC) is a security framework implemented by the US Department of Defense (DoD) to improve protection of the defense industrial base. Like other security frameworks, the CMMC has a collection of controls for processes and practices with the goal of achieving a certain level of cybersecurity maturity. The main purpose of the CMMC is to provide assurance to the DoD that a company holding federal contracts has the appropriate measures …
