We launched It’s Just Results in an era of accelerating technological advancement where all the rules are changing.
Technology is pervasive in our businesses. The Internet of Things is embedding itself across the enterprise. Artificial intelligence is being applied to solve problems in health and complex systems like weather. There is much good in all of this. It is exciting.
Each day we continue to hear of a breach here or there (Sears, Delta, Location Smart). A hack here or there that has reached out from the dark web again and again. It is becoming harder and harder to keep up and devise approaches to security that will ensure that the positive gains that are just at our finger tips are not lost.
We joined the fight in September 2017. We want a better world where organizations of all types each focus on improved security and collaborate to solve problems so that the digital future is secure. Risk Management and Compliance are important mechanisms and paths towards improved security.
Our zone is business and the mid-size and emerging small businesses. We work across industries including government, finance, health, technology, and manufacturing. We work across frameworks including NIST Standard Publication (SP) 800–171, NIST SP 800–53, NIST CSF, 23 NYCRR 500, ISO 27001, Federal Financial Institutions Examination Council (FFIEC), and the General Data Protection Regulation (GPDR) and wait for the next iterations. We work across supply chains.
Our job is made easier by the great companies that share this vision and are ready to implement and embrace better approaches towards security. It is also made much easier by the technology partners in the trenches creating innovations in the ability to deliver on the promise of increased security.
Now What?
We all recognize that the work continues. We can’t rest. We are on a mission.
We are also faced with several recent deadlines that have been crossed and industry members continue in their gap closure initiatives:
NIST 800–171 — The Department of Commerce’s National Institute of Standards & Technology (NIST) has developed standards for government information systems. NIST SP 800–171 provides guidance for federal agencies and their contractors to ensure that Controlled Unclassified Information (CUI) is protected. Defense Department Businesses required to attest to their compliance by December 31, 2017. No ifs or buts. If you are found in violation of compliance or attested inaccurately you are under a penalty to lose your contracts. In 2018 System Security Plans (SSPs) and Plans of Actions and Milestones (POA&Ms) may be reviewed by the Government Acquisition Authorities. Other agencies are expected to follow suit.
More can be found here:
GDPR — Over in Europe privacy concerns abound. The EU General Data Protection Regulation was put into law by the EU Parliament on 14 April 2016. It established an enforcement date of 25 May 2018. If you are not compliant you will face heavy fines as Europe seeks to protect the privacy of all EU citizens by extending to all organizations who process or store personal data — regardless of where the organization is located.
More can be found here:
· European Commission's Data Protection Rules
23 NYCRR 500 — The New York State Department of Financial Services (DFS) that establishes cyber security requirements for financial services companies. The regulation draws from the NIST CSF. The regulation has been in effect since March 31st, 2017. It applies to financial services companies and their vendors. The “Covered entities” are expected to submit their first annual attestation of compliance was due on February 15, 2018.
More can be found here:
· http://www.dfs.ny.gov/legal/regulations/adoptions/dfsrf500txt.pdf
· http://www.dfs.ny.gov/about/cybersecurity_faqs.htm
These efforts and deadlines are the tip of the iceberg. Risk Management and Compliance are not the end game. Improved security and improved privacy will ensure that innovations continues and is not brought down by nefarious actors who steal assets or seek fame.
We have developed solutions and processes and tools to help companies improve security faster, at lower cost, and with greater sustainability, regardless of the compliance framework they are working to address.
2018 brings more changes in security and compliance. Our launch timing was just right so that we can play our role in helping improve security so that you can go about doing your business and solving the problems that need to be solved.
Corporate compliance isn't just a box-ticking exercise—it's a crucial component of maintaining the integrity and security of your organization. For large-scale corporations, understanding and implementing effective compliance practices is essential for protecting data, managing risks, and enhancing overall business operations.
At It's Just Results, we strive to educate our clients on the legal and technical aspects of our services so they can make informed choices for their businesses. Here are five key things to know about corporate compliance:
Compliance begins with a thorough understanding of the legal and regulatory frameworks that impact your organization. Whether it's DFARS 252.204-7012 in the aerospace and defense industry or the GDPR for companies operating in or with Europe, each set of regulations has specific requirements and implications. It's Just Results helps businesses navigate these complex regulations, ensuring that compliance is not only met but integrated seamlessly with your business operations.
At the heart of compliance is risk management. Identifying potential risks—whether they are in data security, vendor relationships, or operational processes—is crucial. At It's Just Results, we specialize in comprehensive risk assessments that scope systems and frameworks, helping organizations understand where they are most vulnerable and how these vulnerabilities can impact their business. By creating detailed risk registers, our experts prioritize risks and aid in developing mitigation strategies that are tailored to the organization's specific needs and resources.
Compliance isn't only about preventing security issues; it's also about how effectively your organization responds when something goes wrong. Developing a robust incident response plan is critical. It's Just Results supports businesses in crafting customized incident response strategies that not only handle the immediate effects of a security breach but also aid in recovery and post-incident analysis to prevent future occurrences. This includes everything from initial detection to recovery and legal notifications. Being proactive and establishing a strategy of this kind is an excellent way to maintain professionalism and provide a sense of security among stakeholders.
Compliance is not a one-time event but a continuous process. Regular testing of security measures like penetration testing is vital to ensure that defenses are effective and that no new vulnerabilities have emerged. It's Just Results performs deep dives into your security architecture, using the latest methods and frameworks to simulate attacks, uncover vulnerabilities, and ensure that your defenses are up to date. These ongoing assessments help organizations stay ahead of potential threats and ensure compliance with evolving regulations.
Human error is often the weakest link in the compliance chain. Regular training for all employees is essential to maintain compliance. It's Just Results provides training that covers the latest phishing tactics, social engineering ploys, and other security threats. Educating your staff not only helps prevent potential breaches but also fosters a culture of security awareness throughout the organization.
Corporate compliance is a dynamic and integral part of modern business operations. With regulations constantly evolving and new threats emerging, organizations need a proactive and knowledgeable partner to navigate these challenges. It's Just Results specializes in helping businesses with limited resources or experience to not only meet their compliance obligations but to integrate these practices into a broader strategy that supports their business goals and protects their operations.
Whether you're looking to refine your security policies, respond to incidents, or ensure that your vendors meet your security standards, understanding these five aspects of compliance can significantly enhance your organization's security and compliance posture. Contact us today to learn more about our corporate compliance services and how they benefit your organization.
