The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP® is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


 

DoD Testing A Secure Cloud For Its SMB Contractors

See Article Here

When I read this article, I thought this is a great idea! Securing the supply chain is something that all companies struggle with, but now if the government is going to create a possible solution for SMB’s ability to secure their data this will only aid with competition for government contracts. Most SMB’s that go after government contracts say yes to practically everything, including the questions about whether they are compliant with the cybersecurity requirements spelled out in NIST Special Publication 800-171. Yes, I do it! When in actuality they do not as they hedge their bets hoping that nothing bad happens. But then it does, and the company is in jeopardy. 

The government, like companies, really don’t have any repercussions, other than the contractual language, the breach belongs to the biggest name.

This plan by the DoD strives to use a risk-based approach, because not all contractors are created equal. However, if you have an innovative SMB that developing a patented widget for your company, it would be a good idea to help them secure everything relating to that widget. By developing a secured cloud-based space to help their contractors store, access and transmit sensitive data the DoD is helping find a solution. This represents a partner-based approach to 3rdParty Risk that could just work.