Good athletes know that records were made to be broken. That is why they train and constantly improve their performance.
When it comes to protecting computer systems and the sensitive data they contain, the competition is just as fierce. Furthermore, it is easy to become the target of sinister forces both outside and inside the organization. In fact, the threat from within the organization can be greater than from outside forces after one considers bad actors as well as unwitting mistakes like configuration errors, monitoring oversights, and falling for phishing or social engineering compromises.
Frankly, computer security is not just an issue of good technology. In fact, good technology will not even be effective if an organization does not have good processes that are followed by well trained personnel. Remarkably, many organizations do not even have good fundamentals, much less good technology, good processes, or well trained personnel.
In addition, computer security is no longer just a good business practice for defense contractors. Since December 2017 computer security has been a regulatory requirement as well, at least when it comes to safeguarding Controlled Unclassified Information (CUI) under DFARS 4.7300, the contract clause at DFARS 52.204-7012, and the security controls at NIST SP 800-171.
When It Really Matters CDI Founder Greg Fordham has over 30 years experience interpreting federal procurement rules and regulations like the Federal Acquisition Regulations (FAR) and the Defense Federal Acquisition Regulation Supplement (DFARS) as well as having performed over 500 computer forensic projects just since 2001 on issues involving computer security and the exfiltration of company sensitive data. He is the perfect resource for helping contractors protect their sensitive computer data as well as meeting the requirements of the new DFARS requirements for safeguarding controlled unclassified information (CUI).
CDI forensic and computer security services include both proactive and reactive services. Our proactive services help contractors assess the strength of their data security policies, procedures, practices and controls for preventing, detecting and responding to data breaches, resource impairments and system compromises by both external and internal threats. In the process, we assess defense contractor compliance with the DFARS requirements for safeguarding CUI..
Having good policies, procedures, practices and controls is particularly important. They are not only essential for preventing a loss but also for ensuring that, if there is a loss, it can be detected, its scope determined and then prevail in an effort to recover damages, if available. This latter aspect can be very important, since part of prevailing in any kind of legal action can be showing that reasonable steps were taken to protect sensitive data. Perhaps more important for some is that contract awards could be withheld in situations where contractors fail to meet the new CUI requirements.
Our reactive services help contractors to assess and respond to system breaches, compromises, impairments, potential cyber incidents, and exfiltration of sensitive data. In addition, under the new DFARS requirements, contractors have certain windows within which to preserve data related to a potential cyber breach, conduct any in-house assessment of the cyber breach and to report the incident and findings to DoD. Our reactive services help contractors to comply with these reporting requirements.
Learn more about computer security from our article, 10 Steps to Protect Your Company from Employee Based Computer Compromise.
Learn more about intrusion and data breach analysis from our article, Four Reasons Why You Need Celestial Defense to Investigate Your Intrusion and Data Breach.
Celestial Defense of Atlanta Georgia is a highly skilled and experienced provider of expert consultant computer security and computer forensic services involving
Is your computer data safe from abuse or compromise by forces inside as well as outside the organization? CDI's Data Security Survey is an introductory assessment of an organization's systems for compliance with the DFARS requirements for safeguarding Controlled Unclassified Information (CUI) and preventing, detecting and responding to data breaches, resource impairments and system compromises by both external and internal threats.
CDI's Breach Scan forensically examines a computer or network resource and lets management know if they are a victim of an outside penetration, data compromise, or unauthorized use.