Singapore's Operational Technology Cybersecurity Masterplan 2024: Key Points for Everyone
Chris Wolski Chris Wolski

Singapore's Operational Technology Cybersecurity Masterplan 2024: Key Points for Everyone

Singapore's Operational Technology (OT) Cybersecurity Masterplan 2024 aims to protect critical systems that power essential services like electricity, water, and transportation from evolving cyber threats. Building on the achievements of the 2019 plan, the updated strategy focuses on enhancing cybersecurity training, fostering information sharing, strengthening policies, and promoting innovative technologies. A key feature is the "Secure-by-Deployment" principle, which ensures security is integrated into OT systems from design through deployment. By expanding its scope to include non-critical sectors and small businesses, the plan seeks to create a more resilient and secure OT ecosystem for Singapore.

Read More
Strengthening Maritime Cybersecurity
Chris Wolski Chris Wolski

Strengthening Maritime Cybersecurity

The U.S. Coast Guard's recent Notice of Proposed Rulemaking (NPRM) aims to strengthen cybersecurity across the Marine Transportation System (MTS) by introducing mandatory requirements for U.S.-flagged vessels, facilities, and Outer Continental Shelf (OCS) facilities. Building on the Maritime Transportation Security Act (MTSA), this NPRM outlines comprehensive cybersecurity measures, including the development of Cybersecurity Plans, designation of Cybersecurity Officers, regular cybersecurity assessments, and incident reporting protocols. The proposed regulations align with national cybersecurity policies and emphasize the importance of protecting critical infrastructure from cyber threats. As cyber risks in the maritime industry continue to rise, these regulations are essential for ensuring the security and resilience of the MTS. This blog post explores the key components of the NPRM and the critical need for maritime stakeholders to comply with these evolving cybersecurity standards.

Read More
Strengthening Cybersecurity Compliance: What You Need to Know About the Proposed DFARS Changes
Chris Wolski Chris Wolski

Strengthening Cybersecurity Compliance: What You Need to Know About the Proposed DFARS Changes

The Department of Defense (DoD) is implementing significant changes to the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate Cybersecurity Maturity Model Certification (CMMC) 2.0 requirements. These changes aim to enhance cybersecurity compliance across the defense supply chain by requiring contractors and subcontractors to meet specific CMMC certification levels. Key updates include the phased rollout of CMMC 2.0, the introduction of new procedures and clauses, and the requirement for continuous compliance throughout contract performance. As cybersecurity threats evolve, these proposed DFARS changes underscore the DoD's commitment to securing its supply chain and ensuring that all contractors are prepared to protect sensitive information.

Read More
The Third-Party Paradox: Your Guide to Mastering Risk Management
Chris Wolski Chris Wolski

The Third-Party Paradox: Your Guide to Mastering Risk Management

Third-party partnerships are essential for growth in the dynamic business world, offering advantages like cost savings, specialized knowledge, and expanded market reach. However, these relationships can also bring potential risks that could disrupt your operations if not managed effectively. This blog post, presented by a leading authority in risk management, unpacks the key third-party risk factors - including cybersecurity, compliance, operational, financial, and reputational risks - providing you with a comprehensive understanding and actionable strategies to navigate these challenges. With our guidance, you can transform these potential risks into opportunities for growth, securely leveraging third-party partnerships to their full potential.

Read More
Managing Third-Party Risk with FAIR Methodology
Chris Wolski Chris Wolski

Managing Third-Party Risk with FAIR Methodology

The FAIR (Factor Analysis of Information Risk) framework can be employed to manage risks associated with external vendors, partners, and service providers. We discuss the process of identifying potential risks and assets, assessing the probability and impact of adverse events, deeply analyzing the factors contributing to risk, and finally, implementing and monitoring risk mitigation strategies. The FAIR methodology offers a robust structure to quantify risk in financial terms and aids in informed decision-making; it is essential to use it correctly and understand its limitations to handle third-party risks effectively in today's business environment.

Read More