insights

Business insights and articles written by our team of world-class professionals

Your SPRS Score Is Probably Wrong, and That Matters More Than It Used To

How the NIST 800-171 self-assessment scoring methodology works, why most SPRS scores are inflated, and how to fix yours before a prime or assessor checks.

Every defense contractor handling Controlled Unclassified Information has, somewhere in the Supplier Performance Risk System, a number between negative 203 and positive 110. That number is the organization’s self-assessed posture against NIST SP 800-171, and for years it functioned as paperwork: submitted once, rarely revisited, almost never checked

Read more...

The HIPAA Requirement Most Practices Get Wrong Is the First One

Ask a healthcare practice whether it is HIPAA compliant and the answer usually references the visible artifacts: the notice of privacy practices, the training video, the business associate agreements, maybe an encrypted email product. Ask the Office for Civil Rights what organizations get wrong, and the answer has been consistent across a decade of enforcement: the security risk analysis.

Read more...

Why Security Awareness Training Fails, and What Actually Changes Behavior

Nearly every framework requires security awareness training, nearly every organization buys some, and phishing remains the front door for a large share of breaches anyway. The uncomfortable conclusion is not that training does not work; it is that the training most organizations buy was designed to produce completion records, and completion records are what it produces.

Read more...

ready to take your business to the next level?

Get in touch today and receive a complimentary consultation.