Phone 202 839-5563
Cyber liability and Data Breach Consulting
Everyone says smalls businesses are important. There are over 28,000,000 of them in the US. We need to start paying attention to them.
A “‘proof of concept” to allow for incorporating results into improving instruments and processes.
America’s Small Business Development Centers (ASBDC) is supported by the Small Business Administration, state governments, colleges, universities, and local economic development organizations. The ASBDC utilizes over 4,500 business advisers located in nearly 1,000 Small Business Development Center (SBDC) locations throughout the US and its territories helping businesses to remain competitive in an ever-changing global economy. The SBDCs host over 20% of the DoD Procurement Technology Assistance Centers (PTAC).
The ASBDC is starting a new program called Cybersecurity First Steps to utilize their capability, capacity, relationships and footprint to aggressively secure our nation while promoting good overall business practices.
The program features standards “Cybersecurity First Steps” enabling small businesses to make informed business decisions. This makes it easier for product and service companies to qualify and serve small businesses including companies who can help them take deeper dives into assessments. Metrics will track activity triggered by the assessments along with the effectiveness of the activities triggered. Primes will more easily communicate and understand cyber postures of small partners. Governments will be able to communicate needs to them with the common lexicon established in standards utilized.
All assessments are located on a FedRAMP high cloud platform.
All artifacts are stored on the secure cloud with appropriate control to access.
Cybersecurity First Steps and advisement are available for no charge.
An affordable 800-171 assessment tool is available with free advisement to help businesses get to a point where they can complete it themselves or hire a local resource to help.
800-53, HIPAA, PCI, 800-161 and other assessment tools are available on the same secure cloud.
It is critical to incorporate cyber liability and data breach considerations in normal business risk/opportunity activity. SBDC advisers have a long history of helping with business risk. This will make it much easier to make this important connection with the over 2,000,000 businesses already served and future clients. With the support of the interested parties many other businesses will be reached soon.
Businesses of all sizes are vulnerable and must consider all options for sustainability including insurance coverage. This program helps small businesses understand what they need to look for in coverage and has negotiated affordable polices for those interested.
We must have a positive approach, with consistency to measure effectiveness/success and security to protect the processes of the approach. We must focus on the value of informed business decisions.
Efforts to help small business will identify opportunities for collaboration and improvement to share with federal, state, and local governments, and the private sector including supply chains.
Learn More about this effort. Contact us : email@example.com
Large public and private organizations are comprised of big, medium and small organizational components. Sharing a common understanding and unified messaging is critical to delivering business/mission value and security.
Small and mid-size businesses are the largest group of employers. Thinking of large organizations separately from this group ignores very important opportunities to increase business value and security because they are all connected and interdependent.
The Federal Trade Commission easy to follow guidance for small businesses.
Note: The FTC is going to update and release new guidance Oct 18th.
When an emergency strikes, your business’s most vulnerable asset may not be in the stockroom or warehouse. It could be the data that has been central to your success. The FTC has six steps you can take to help protect your company’s information from the unpredictable.
High-profile hackers grab the headlines. But some data thieves prefer old school methods – rifling through file cabinets, pinching paperwork, and pilfering devices like smartphones and flash drives. As your business bolsters the security of your network, don’t let that take attention away from how you secure documents and devices.
FTC law enforcement actions, closed investigations, and experiences we’ve heard from businesses demonstrate the wisdom of adopting a 360° approach to protecting confidential data. As Start with Security suggests, securing paper, physical media, and devices is an important part of that strategy.
Cyber Actors use Internet of Things devices as proxies for anonymity and pursuit of malicious cyber activities.
The National Institute of Standards announced the final public draft of Special Publication 800-37, Revision 2, Risk Management Framework for Information Systems and Organizations–A System Life Cycle Approach for Security and Privacy.
By clarifying that our standard is one of “reasonableness” rather than strict liability, we address one of the major concerns that providers—including small providers and their associations—raise in this proceeding.
The protection of Controlled Unclassified Information (CUI) resident in non-federal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its assigned missions and business operations.
NIST releases 1.1 Roadmap to the NIST Cybersecurity Framework
Product or service to help Business Risk Management including Cybersecurity
The National Association of Insurance Commissioners have released the “Insurance Data Security Law” The intent of this Act is to establish standards for data security and standards for the investigation of and notification to the Commissioner of a Cybersecurity Event applicable to Licensees. This Act may not be construed to created or imply a private cause of action for violation of its provisions nor may it be construed to curtail a private cause of action which would otherwise exist in the absence of this Act. Click to read Insurance Data Security Law
Definitions: “The critical starting point is to align to a common set of defined terminology. When companies are looking to implement compliance programs, starting with an understanding of the key terminology and definitions is a good place to start. For well-developed information security programs, starting over with defining terms may be wasteful…”
The purpose and intent of this act is to establish standards for data security and standards for the investigation of and notification to the director of a cybersecurity event applicable to licensees. This act may not be construd to create or imply a private cause of action for a violation of its provisions nor may it be construed to curtail a private cause of action which would otherwise exist in the absence of this act.
On Thursday, October 18, 2018, the National Institute of Standards and Technology (NIST), in coordination with the Department of Defense (DoD) and the National Archives and Records Administration (NARA), is hosting an informational workshop providing an overview of Controlled Unclassified Information (CUI), the Defense Acquisition Regulations System (DFARS) Safeguarding Covered Defense Information and Cyber Incident Reporting Clause, and NIST Special Publications 800-171 and 800-171A.
Phone 202 839-5563 – – email firstname.lastname@example.org
Phasellus sodal dictum dolor quis fringilla. Nunc accumsan velit sit amet enim maximus solsodales.
Help small businesses understand t
We look forward to connecting!