Over the past two months we’ve been hearing a lot of buzz about CMMC, both with active customers and security partners. In this post, we will talk about our initial high level reaction to the significant new standard. We’re doing a webinar on March 4 at 1:00 PM CST with a customer, CalcuQuote, to talk […]
It’s a trap. You know it’s a trap. But you don’t know how to avoid the trap. It is budget season. You need to start defining your budget for 2019. There are two main ways I’ve seen this play out. Wants You take a look at your program, think about a couple of tools you […]
I’ve seen policies from lots of companies big and small. Generally, I’m a techie engineer so I don’t love policy. I’ve also seen a fair number of companies that clearly don’t follow their policy. I’ve also seen companies that get certifications like SOC2 and ISO that are meaningless because they systematically lie and their auditors […]
Here’s a deep dark secret: I don’t particularly like security policy. I don’t always follow policy. Goodness knows that with the 50-250 page policies I’ve seen, I didn’t even understand the whole policy at a legal level – and if you don’t understand them at a legal level can you really say you’re following them? […]
