Insights

The Cybersecurity Maturity Model Certification (CMMC) (Web Resource) is a program being developed to help ensure that specific types of unclassified data that exist outside of government systems remain adequately protected against cyber-attacks. The CMMC applies to Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) in non-government systems. This certification program is intended to replace the process of self-attestation to NIST SP 800-171 that many defense contractors and subcontractors performed over recent years. This program will significantly impact how a large portion of future defense contracts are awarded. The program requires external audits to be conducted by external parties such as Critical Path Security. Failure to comply and can lead to serious penalties. Therefore, many organizations in the Defense Industrial Base (DIB) are actively working to understand what the CMMC means for them. To alleviate some of the ongoing concerns, we are providing a short list of items. 15…

As an active and devoted contributor to the CTI League, the first Global Volunteer Emergency Response Community, Critical Path Security is providing its Threat Intelligence feeds to help combat the growing incidents of cybercriminal activity targeting the COVID 19 vaccine initiatives. Critical Path Security aligns its efforts with the CTI League in providing key security feeds, free of charge, to the medical services and emergency life saver organizations who are on the front lines combatting the pandemic. One of the CTI League Founders, Nate Warfield sent an email of appreciation to Critical Path Security's Founder, Patrick Kelley for the work toward the cause. "I'm Nate Warfield, one of the four founders of CTI League and I'm confirming that Patrick Kelley of Critical Path Security is an active member of CTI League. He & other colleagues from Critical Path donate their time, expertise and experience to the group, pro-bono, to defend…

Work From Home (or Anywhere) Our Response to Staying Cyber Safe Dec 8, 2020 12:00 PM Eastern Time (US and Canada) At Sentinel Benefits and Critical Path Security, we believe effective data security starts with awareness, training, and risk assessment. Today's world - often referred to as the "information age"- has seen people generate, store and exchange information at an unparalleled rate of frequency and volume. In light of the rapid expansion of remote working: How has this conversation changed? Are your employees exposed to greater risks by working from anywhere. How can organizations stay vigilant? Cyber experts, Todd Larson from Sentinel Benefits and Patrick Kelley from Critical Path Security, will answer crucial questions like: · What are the new risks as firms allow their employees to work remotely? · What are the best practices for onboarding people securely in a virtual world? · How are the "bad guys" looking…

"The words “threat intelligence” sound high-level, like an issue that might only concern the Department of Homeland Security or the security teams at Google or Amazon. In truth, anyone who connects to the internet or saves data in the cloud or on a hard drive should give threat intelligence some thought. Small businesses, in particular, need to understand the concept to make sure that, in their efforts to prevent cyberattacks, they adequately protect their assets without bankrupting themselves through overkill." - Patricia Staino   The 6 steps of the threat intelligence lifecycle The threat intelligence process is well-defined and complex. As you’ll see as you read through the steps, collecting and leveraging threat intelligence is a challenging endeavor and probably out of reach for most small business owners. If your data and systems do require this level of threat protection, it’s probably best to contract with outside security providers rather…