Category Archives: Uncategorized

Is your ePHI Protected?

HIPAA stands for the Health Insurance Portability and Accountability Act, a U.S. law enacted in 1996 that establishes federal standards for protecting sensitive health information from disclosure without patient consent. It includes rules for the privacy and security of protected health information (PHI) and applies to healthcare providers, health plans, and other entities that handle…

Read More

Common Weakness Enumeration (CWE)

The Common Weakness Enumeration (CWE) is a community-developed catalog of over 600 categories for hardware and software weaknesses and vulnerabilities, maintained by MITRE and sponsored by the U.S. Department of Homeland Security’s CISA. It provides a common language and taxonomy to help developers identify, fix, and prevent security flaws before deployment. Knowing the weaknesses that…

Read More

OWASP Top 10

If you develop web applications OWASP Top 10 is the leading list of security risks to be on top of. The below image depicts the OWASP Top 10 Web Applicaiton Security Risks to ensure you test for in your SAST or DAST code review efforts. If you don’t perform code review it’s an essential part…

Read More

FedRAMP and Who?

The Federal Risk and Authorization Management Program (FedRAMP), is a compliance program established by the U.S. government to standardize security assessments including but not limited to, authorization, and continuous monitoring of cloud products and services used by federal agencies. Any cloud service provider (CSP) offering services to federal agencies must be FedRAMP certified, including those…

Read More

3 Levels of CMMC Certification

The Cybersecurity Maturity Model Certification (CMMC) Program and model consist of 3 levels of certification designed to enforce the protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). Government contractors will have to determine which level of certification is needed based on the contracts they’re involved in. Below bullet points further describe the…

Read More

NIST 800-171 Compliance

The Defense Industrial Base (DIB) is a network of organizations, facilities, and resources that provide our government with materials, products, and services for defense purposes and particularly for our military. Being an Army Veteran myself understanding DFARS compliance is essential for our national security and military readiness. DFARS is a regulation that mandates defense contractors…

Read More

AI Security Taxonomy

I created the following AI Security Taxonomy image based off of Ciso’s Integrated AI Security and Safety Framework which is one of the most complete efforts I’ve seen. It will help you understand the evolving AI threat landscape using unified, lifecycle-aware taxonomy integrated with AI security and AI safety threats across modalities, agents, pipelines, and…

Read More

What is a Risk Dashboard?

A good Risk Dashboard will show you all the applicable risks to your organization consolidated into a central view that allows you to drill down into each area of concern. Below is a representation of a dashboard. They also allow for easier representation of risk to leadership and to the board of directors. Below are…

Read More