Cybersecurity Archives | Forensic Blogs

The U.S. Department of Defense released the highly anticipated Cybersecurity Maturity Model Certification (CMMC) version 1.0 on January 31, 2020. This model serves as a unified standard for implementing cybersecurity controls across the defense industrial base which applies to over 300,000 entities across the country. With the increasing amount of supply chain attacks disrupting and compromising sensitive information concerning national security, the CMMC seeks to rectify major malpractice via this uniformed model.

From the official CMMC Government Portal: “The Cybersecurity Maturity Model Certification framework includes a comprehensive and scalable certification element to verify the processes and practices associated with the achievement of a cybersecurity maturity level. CMMC can adequately protect sensitive unclassified information, accounting for flow down to subcontractors in a multi-tier supply chain.”

The current CMMC framework is based on a variety of pre-existing standards including the highly influential ISO 27001 and NIST SP 800-171, which both pertain to the protection of controlled unclassified information in non-federal organizations as well as general best practices when handling sensitive information of any kind that does not belong to you or the organization you may represent. The idea of a maturity model stems from the tier-based approach to compliance in which 5 total levels of maturity can be reached, each broken up into a variety of best practices and controls:

These best practices make up a total of 17 Capability Domains including Access Control, Risk Management, Media Protection, Incident Response, and more. The CMMC Accreditation Board breaks down these domains into the 171 best practices depicted in the graph I’ve created above.

With the topic of supply chain risk becoming increasingly relevant, and with the new Biden Administration revisiting and amplifying current Cybersecurity controls and measures, such as the CMMC, we will continue to explore the topic of federal compliance over the coming weeks, breaking down these aforementioned controls even further and helping you to understand where you may fall into this complex framework.

STAY UP TO DATE WITH TWITTER, INSTAGRAM, FACEBOOK, AND LINKEDIN SO YOU KNOW WHAT WE’RE UP TO!

Written By: Austin Grupposo'23 // Digital Forensics & Cybersecurity

The post AMSec Project Introduction appeared first on The Leahy Center for Digital Forensics & Cybersecurity.

For Women’s History Month, we wanted to highlight some of the wonderful women working at the Leahy Center! First up is Katie Hopkins, a second-year Computer Networking and Cybersecurity major, with a minor in Business Administration. She is from Pembroke, New Hampshire, and is currently working on the Vermont Privacy Project at the Leahy Center. In the past, she has worked on the NMap Scanner team for the Leahy Center as well.

What made you choose to major within the information technology field?

I originally wanted to be a criminal justice or computer science major, but then after some research my junior year of high school, I learned that cybersecurity was a major and then ultimately chose to pursue a career in cybersecurity.

What was your first experience with technology?

One of my very first experiences with technology was playing around in the settings of my family’s shared computer and helping my family with a lot of their small daily tech troubles.

Are there any females in tech that you look up to?

I look up to and respect all of the women currently at Champlain and any alumni in tech majors that have ultimately carved the way for me to be where I am today.

What are the pros and cons of being a woman in tech?

The best part about being a woman in tech is that other women in tech are very supportive of one another, but the con of being a woman in tech is that you always have to work way harder than your male colleagues to work for the goals you have.

What advice would you give to younger women who are interested in getting into the tech field?

Simply put, don’t underestimate yourself.

Why is it important to have women in the tech field?

Representation of women is essential in the tech field. The more women that are making the often tough decision to try and get a job in the tech field will create a domino effect that will ultimately shrink the huge disproportion of women to men that currently exists.

What would you like to achieve in the tech field in the future?

My current goal is to become a cybersecurity consultant.

STAY UP TO DATE WITH TWITTER, INSTAGRAM, FACEBOOK, AND LINKEDIN SO YOU ALWAYS KNOW WHAT WE’RE UP TO!

The post Katie Hopkins On Getting Into Tech And Advice To Other Women Interested In Cybersecurity appeared first on The Leahy Center for Digital Forensics & Cybersecurity.