Protecting MSPs from Million Dollar Ransomware Attacks

by Amelia Lewis / June 14, 2023

The DarkSide Ransomware Attack on CompuCom On March 3, the IT managed service provider (MSP) announced they had fallen victim to a Darkside ransomware attack. The cybercrime group installed CobaltStrike beacons on several systems throughout the MSP’s environment. These beacons helped the threat actor steal data, spread the virus, and deploy ransomware payloads.  The MSP expects the incident to result in losses of $20 million and counting due to the…

Preparing for a CCPA Audit

by Sarah Harvey / November 20, 2023

The California Consumer Protection Act gives consumers more rights related to their personal data and requires businesses to be more transparent about the way personal data is used and shared. The law applies to certain businesses that collect, use, receive or transmit the personal data of California consumers. Specifically, this law applies to for-profit businesses that do business in California and have annual gross revenues of over $25,000,000, buy, sell,…

Using NIST 800-53 vs. NIST 800-171 in a FISMA Audit

by Sarah Harvey / June 13, 2023

When any organization engages in a FISMA audit, their information systems are organized according to FIPS 199 and FIPS 200 to determine security categories and impact levels. Then, those systems are tested against a tailored set of baseline security controls. Depending on whether an organization is a federal agency or a private sector entity, different NIST publications of security controls may apply to the FISMA audit. How can you determine…

How to Prepare for a FISMA Audit

by Sarah Harvey / November 20, 2023

FISMA is U.S. legislation enacted as part of the Electronic Government Act of 2002, intended to protect government information and assets from unauthorized access, use, disclosure, disruption, modification, or destruction. To comply with FISMA, organizations must demonstrate that they meet the standards set forth by NIST SP 800 series. Unique to a FISMA audit, organizations can tailor the relevant security control baseline so that it more closely aligns with their…

FISMA vs. FedRAMP

by Sarah Harvey / June 13, 2023

FISMA and FedRAMP audits are often confused because both involve compliance around government data. But, when you dive into the details of each audit, you’ll recognize the differences are stark. Let’s talk through each of these compliance audits and how you can tell them apart from one another. What is FISMA? The Federal Information Security Modernization Act, or FISMA, is U.S. legislation that requires government agencies to meet a standard…