The Cybersecurity Maturity Model Certification (CMMC) framework breaks up cybersecurity technical controls and best practices into seventeen domains. Each domain contains capabilities, processes and practices that fall within the CMMC’s five maturity levels. US Department of Defense (DoD) suppliers must prove CMMC compliance at the maturity level their contract requires…

The Cybersecurity Maturity Model Certification (CMMC) framework categorizes information security best practices and technical controls into 17 domains. Each domain includes various capabilities, processes and practices spanning the CMMC’s five maturity levels. US Department of Defense (DoD) contractors and subcontractors will need to comply with CMMC at whatever maturity level…

Software-as-a-Service (SaaS) providers need to be alert to a uniquely broad and complex range of information security risks impacting every business area, from their hosted production environments to their application code to their project management tools to their networks to their people.

As a SaaS consumer, how can you assess a SaaS firm’s security and the vendor risk they present? What cybersecurity attestations, certificates and/or credentials should you be asking for?

On a recent episode of The Virtual CISO…

SaaS providers face information security risk from every direction: from their application code to their software development tools to their networks to their employees.

One of the areas with the biggest potential for risk to manifest is a data breach or other incident of the hosted product/service that SaaS customers consume.

SaaS security expert Ryan Buckley noted on a recent episode of The Virtual CISO Podcast that many SaaS providers have overlooked significant security vulnerabilities in their…

Whether the provider is in a startup mode or a well-established leader, cybersecurity is a challenge in the world of software as a service (SaaS). Companies often presume their SaaS environment is secure because it’s hosted on a robust public cloud platform like AWS or Microsoft Azure.

But is that really true? How good is security in the SaaS industry… really?

To get an…

Pivot Point Security

We are a trusted source of simple, practical, and actionable information security guidance.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store