Proactive IT Risk Management: Building Resilience in an Evolving Digital World
R. Shawn Elliott President and LLC Manager IPKeys Technologies, LLC | Chickasaw Nation Industries (CNI) 2024 brought some harsh cybersecurity lessons for everyone working in U.S. government cybersecurity. One major wake-up call came when Chinese hackers broke into several U.S. telecom networks in an attack dubbed Salt Typhoon. Then came an unexpected hit. CrowdStrike, which […]
NIST Security Controls Explained (with Examples)
Art Clomera Vice President, Operations Federal agencies would be paralyzed without the data centers and software systems that store and process data. But many cyberattacks aren’t politically motivated. Government agencies worldwide are often targeted for the vast quantities of personal information they keep about citizens. The market for this stolen data is more lucrative than […]
Key Insights from the NIST AI Risk Management Framework
Art Clomera Vice President, Operations The AI RMF is an extension of the NIST Risk Management Framework (RMF), tailored for artificial intelligence (AI) systems. It provides organizations with a structured approach to identify, assess and manage risks related to AI technologies throughout their lifecycle. The new battlefield is dominated by software and hardware. To navigate […]
What is DoD Impact Level 5 (IL5)?
Don’t let data breaches compromise your mission. The DoD IL5 standards protect information systems handling data that could devastate national security if breached.
How to Create a Comprehensive Access Control Policy: Template & Example
Art Clomera Vice President, Operations Granting access to a valuable resource is a question of trust (conditional authorization) and necessity (continuous authentication). For example, consider a company office building. Some areas are publicly accessible, while others are restricted to specific personnel. These restricted areas may have confidential information or sensitive equipment and therefore are limited […]
How to Conduct Cybersecurity Compliance Risk Assessments in 4 Steps
Shawn Elliott, Vice President, Federal Solutions In an organizational context, “being in compliance” refers to an organization conforming to the applicable standards and rules set by governing entities. These standards and rules can be both external (e.g. laws, industry standards, regulations) or internal (e.g. company policies). Failure to adhere to applicable standards can lead to […]
RMF Continuous Monitoring: How to Keep Your Cybersecurity Program Up to Date
Art Clomera Vice President, Operations In today’s fast-paced digital landscape, cybersecurity threats are constantly evolving, making it crucial for Federal agencies to keep their defenses current. Risk Management Framework (RMF) Continuous Monitoring is a process that enables organizations to keep a watchful eye on their cybersecurity program and respond to emerging threats in a timely […]
The Top 9 Cybersecurity Tools and Software for 2025
Art Clomera Vice President, Operations 2025’s cybersecurity landscape demands a new breed of cybersecurity tools, ones that blend cutting-edge technology with predictive intelligence, advanced analytics, and adaptive strategies. Deep learning algorithms and comprehensive data analysis empower these tools to be proactive and predictive, seamlessly integrating into cloud, on-premises, and hybrid environments. This year’s challenges are […]
How to Write a Security Assessment Report (SAR) Using a Template
Art Clomera Vice President, Operations Implementing effective security controls for information systems is a vital and complex undertaking. All Federal agencies require cybersecurity control measures in one form or another – and assessing their effectiveness is a challenge. Due to the complex and quickly evolving nature of cybersecurity threats, it can be difficult to accurately […]
How to Build Your System Security Plan (SSP) with Examples and Template
Art Clomera, Vice President Operations Information system development, use, and eventual decommissioning requires a lot of paperwork – reports, signatures, manuals, approvals, and more. Amongst this mountain of documentation, the System Security Plan (SSP) may well be the granddaddy of them all. It is the encyclopedia and guidebook of all security aspects related to the […]
