Posts

Stay Informed, Stay Secure

Our team of experts are constantly working to stay up to date, ensuring you have the knowledge and tools to protect your organization. Subscribe to our posts and join our community to stay informed and empowered in the ever-evolving cybersecurity landscape.

Get a RISC Assessment

RISCPoint Achieves AWS Advanced Tier Services Partner Status

November 7, 2024

CLEVELAND, November 7, 2024 – RISCPoint Advisory Group, a leading cybersecurity and compliance services provider, proudly announces its elevation to AWS Advanced Tier Services Partner status within the AWS Partner Network (APN). This milestone reflects RISCPoint's demonstrated technical expertise and consistent delivery of successful client outcomes in cloud security and compliance.

Read More

RISCPoint announces Q2 of 2024 Promotions

September 12, 2024

RISCPoint Advisory Group, a leader in cybersecurity and compliance, is pleased to announce the promotion of several outstanding team members across our organization. These promotions reflect RISCPoint's commitment to recognizing talent and fostering a culture of growth and excellence for those who reflect our core values of Listening to Understand, Owning the Objective, Putting in the Work, and Aspiring to Greatness.

Read More

RISCPoint Unveils RADAR: A Revolutionary AI-Powered Cybersecurity Platform

August 28, 2024

RISCPoint Advisory Group, a leader in custom-tailored security and compliance services, today announced the launch of RADAR, an innovative all-in-one cybersecurity platform. Combining continuous threat discovery with expert-led Penetration Testing as a Service (PTaaS), RADAR represents a significant leap forward in proactive security and risk management. Launched at Blackhat, during one of the cybersecurity industry's most exciting weeks, RADAR has made an instant impact, leveraging artificial intelligence to provide real-time vulnerability detection across multiple attack surfaces. The platform offers continuous scanning and on-demand penetration testing by certified ethical hackers, ensuring comprehensive security assessments and compliance reporting.

Read More

I’m FedRAMP Authorized, Now What?! | FedRAMP Blog Series

July 16, 2024

Achieving FedRAMP authorization is just the beginning for Cloud Service Providers (CSPs). Maintaining this authorization requires continuous compliance with stringent security standards and regular assessments to ensure cloud environments remain secure. Key tasks include monitoring security incidents, conducting vulnerability scans, effective patch management, maintaining secure configurations, performing regular security control assessments, and managing Plans of Action and Milestones (POA&M). Notably, CSPs must transition their hardening standards to DISA STIGs or CIS Level 2 as per Revision 5 requirements to avoid losing authorization. Continuous diligence in these areas ensures ongoing authorization and the ability to serve federal agencies securely.

Read More

The RISCPoint Recap - AWS re:Inforce 2024

June 19, 2024

RISCPoint attended AWS re:Inforce 2024 to gain insights into the latest advancements in cloud security. Key highlights included AWS's new security features such as Amazon GuardDuty Malware Protection for Amazon S3 and passkey MFA for IAM users, emphasizing the integration of AI in security practices. Additionally, AWS CISO Chris Betz's keynote on the importance of a robust security culture and networking opportunities through the AWS Global Security and Compliance Acceleration Program underscored the collaborative efforts in driving industry standards forward.

Read More

Security and Compliance for SMBs: RISCPoint Shares their Expertise on the Cloudy with a Chance of AWSome AWS Podcast

May 1, 2024

Security and compliance are paramount concerns for businesses of all sizes, however, small and medium-sized businesses (SMBs), in particular, face unique challenges in navigating these complex topics while striving for innovation and growth. On the latest Cloudy with a Chance of AWSome podcast episode “Security & Compliance for SMBs”, RISCPoint’s CEO, Jake Nix, and COO, Matt Drewyor, explore how RISCPoint and AWS are reshaping the security and compliance landscape for SMBs with podcast hosts Hayden Chase Kuzma and Benjamin King, SMB Account Managers at AWS.

Read More

Five Things to Know About SEC Regulation S-K § 229.106 (Item 106)

April 16, 2024

Regulation S-K § 229.106 (Item 106) requires companies to proactively manage and transparently disclose their cybersecurity risks and countermeasures, recognizing that cyber incidents can significantly impact a company's financial health and investor trust. This SEC rule mandates comprehensive risk assessments and the engagement of external consultants, emphasizing cybersecurity as a crucial, immediate concern for regulatory compliance and protection against cyber threats.

Read More

RISCPoint announces strategic partnership with anecdotes

April 4, 2024

RISCPoint has partnered with anecdotes to offer enterprise-grade cybersecurity and compliance management solutions tailored for startups and SMBs, leveraging a data-driven approach and RISCPoint's expertise to enable rapid adoption of compliance frameworks and build trust-based security programs. This collaboration, which emphasizes flexibility, customization, and client-centric solutions, aims to empower businesses to meet regulatory requirements confidently and thrive in the digital landscape.

Read More

Navigating the New Frontier: Understanding FedRAMP's Red Team Requirement

April 2, 2024

New red team requirement introduced in FedRAMP Revision 5 and NIST SP 800-53 Rev 5 emphasize proactive defense mechanisms in cybersecurity. It explores the concept of red teaming, the challenges of implementing these exercises without explicit guidance, and suggests approaches for internal execution and partnering with external experts like RISCPoint. The post also speculates on future guidance from the FedRAMP Program Management Office, emphasizing the importance of integrating red team findings into continuous improvement processes for enhanced cybersecurity resilience.

Read More

Unlock the Secrets of Cybersecurity: RISCPoint's Exclusive Webinar Series

March 29, 2024

RISCPoint is thrilled to announce the launch of an upcoming webinar series focused on the latest trends, insights, and best practices in cybersecurity and compliance. The series will cover a wide range of topics including the intricacies of FedRAMP, securing cloud environments, navigating compliance challenges for frameworks like SOC 2, ISO 27001, HIPAA, and GDPR, understanding threat intelligence and incident response, and building a resilient security program. This is a valuable opportunity to expand your cybersecurity knowledge and enhance your organization's security posture with expert guidance from RISCPoint.

Read More

Safeguard Your Business: 5 Simple Steps to Boost Cybersecurity this Holiday Season

December 7, 2023

RISCPoint outlines five essential steps to bolster cybersecurity during the holiday season, emphasizing vigilance against phishing, securing remote work, being cautious of smishing, keeping devices updated, and the importance of continuous education to protect businesses from increased cyber threats.

Read More

What is the Difference Between Risk Management and Compliance?

December 4, 2023

RISCPoint highlights the critical roles of compliance and risk management in safeguarding organizations from cybersecurity threats, advocating for a nuanced understanding and application of both. It offers customized support to businesses in meeting diverse compliance standards and enhancing their risk management strategies, aiming for improved security and operational continuity.

Read More

RISCPoint Recognized by AWS for Cybersecurity & Compliance Expertise

November 28, 2023

RISCPoint joins the AWS Global Security & Compliance Acceleration Program, showcasing its cybersecurity and compliance expertise. Through specialized consulting services and innovative offerings, including a collaborative HITRUST initiative, RISCPoint aims to enhance AWS customers' compliance journeys and expand its impact in the cybersecurity domain.

Read More

Insightin Health Achieves NIST SP 800-171 Compliance to Enhance Service for Tricare Members

November 7, 2023

Insightin Health announces its population analytics platform, inGAGE™ on Microsoft Azure, as the first to achieve NIST SP 800-171 compliance, enhancing security for Tricare military members' data. This milestone, achieved in collaboration with RISCPoint, underscores their commitment to advanced cybersecurity standards, benefiting active and retired military families with secure, HIPAA-compliant healthcare solutions.

Read More

Three Pain Points of a FedRAMP Assessment

October 16, 2023

Exploring the challenges of achieving FedRAMP authorization: Unveiling the critical pain points faced by Cloud Service Providers (CSPs) in navigating the complex assessment process to unlock federal marketplace opportunities.

Read More

RISCPoint Welcomes Matt Wiese as our Director of Cybersecurity Operations Services

October 2, 2023

RISCPoint Advisory Group Welcomes Matt Wiese as Director of Cybersecurity Operations Services: Enhancing Cybersecurity Capabilities with Platform Security Expertise.

Read More

RISCPoint Awarded Prestigious FedRAMP® and StateRAMP 3PAO Status

September 19, 2023

RISCPoint proudly achieves FedRAMP® and StateRAMP 3PAO accreditation, reinforcing its commitment to cybersecurity excellence and serving as a trusted extension of FedRAMP's mission to secure the cloud. With this recognition, RISCPoint continues to elevate its advisory services, offering unparalleled expertise in compliance across various industries.

Read More

Cybersecurity Breaches at Las Vegas Resorts: Understanding the MGM and Caesars Incidents

September 18, 2023

Amid cyber breaches at MGM Resorts and Caesars Entertainment, RISCPoint delves into the details, exploring the culprits, methods, and potential aftermath of these high-profile attacks. With insights into the intricate workings of cybercrime and its ramifications, RISCPoint underscores the urgent need for robust cybersecurity measures in today's interconnected world.

Read More

The Issue with BYOD

September 11, 2023

Delve into the security challenges posed by the Bring Your Own Device (BYOD) model, citing the potential for compromised personal computers to leak sensitive data and open doors for cyber threats. RISCPoint offers strategic approaches like access restriction, education, and implementing a zero-trust architecture to navigate these risks and ensure a more secure organizational environment.

Read More

Understanding the New EU-U.S. Data Privacy Framework: Implications, Insights, and Compliance

August 28, 2023

The EU-U.S. Data Privacy Framework, endorsed by the European Commission on July 12, 2023, establishes a new standard for transatlantic data transfers, ensuring GDPR-compliant data protection. RISCPoint highlights the framework's impact, offering compliance guidance for organizations to navigate this revised data privacy landscape effectively.

Read More

NIST 800-171 Revision 3 Draft and What It Means for Federal Contractors

August 21, 2023

The draft of NIST SP 800-171 Revision 3 introduces crucial updates for federal contractors, aiming to enhance protection of Controlled Unclassified Information (CUI) in nonfederal systems. RISCPoint emphasizes the importance of understanding these changes, including new control families and refined security requirements, to ensure compliance and secure federal contracts effectively.

Read More

Penetration Testing vs. Red Teaming: Understanding the Differences

August 14, 2023

RISCPoint demystifies the differences between penetration testing and red teaming, crucial methodologies for assessing an organization's security posture. While penetration testing focuses on identifying technical vulnerabilities within a controlled environment, red teaming provides a comprehensive, real-world attack simulation, assessing both technical defenses and human factors. This article elucidates the importance of both approaches in forming a robust cybersecurity strategy, especially with new FedRAMP requirements emphasizing red teaming's role in security assessments.

Read More

Leveraging Outsourced Expertise for Enhanced Security, Risk, and Compliance Internal Audits

August 7, 2023

Outsourcing internal audits to third-party experts offers unparalleled value, objectivity, and specialized knowledge, enhancing an organization's risk management, security, and compliance. RISCPoint highlights how leveraging external expertise not only ensures a thorough and unbiased assessment but also optimizes resources, offering a cost-effective strategy for continuous improvement in today's evolving cybersecurity landscape.

Read More

Simplifying ISO/IEC 27001: The Benefits of Partnering for Implementation

August 3, 2023

Partnering with an implementation expert for ISO/IEC 27001 can transform the complex process into a streamlined, efficient, and customized journey, offering organizations expertise, cost savings, and a tailored Information Security Management System (ISMS) that meets specific needs and future challenges. RISCPoint emphasizes the value of such partnerships in overcoming implementation hurdles and achieving sustainable success in information security management.

Read More

RISCPoint Welcomes Adam Lubbert as Director of Cybersecurity Compliance Services

July 31, 2023

RISCPoint Advisory Group is excited to welcome Adam Lubbert as the new Director of Cybersecurity Compliance Services, bringing his extensive background in security and compliance leadership from Fortune 50 companies and startups to enhance RISCPoint's advisory services. Adam's expertise and leadership are set to make significant contributions to the firm's growth and client service excellence.

Read More

Getting Started with Your FedRAMP Rev. 4 to Rev. 5 Transition

July 24, 2023

RISCPoint offers essential guidance for Cloud Service Providers navigating the FedRAMP Rev. 4 to Rev. 5 transition, emphasizing the importance of identifying gaps by September 1, 2023, and outlining a clear, strategic approach to compliance with the new baselines. This move ensures CSPs maintain their FedRAMP authorization efficiently, reinforcing RISCPoint's commitment to supporting clients through complex cybersecurity and compliance challenges.

Read More

RISCPoint Welcomes Jason Kor, as Director of Cybersecurity Compliance Services

July 17, 2023

RISCPoint Advisory Group proudly welcomes Jason Kor as the new Director of Cybersecurity Compliance Services. With his extensive expertise in healthcare security, governance, and risk management, Jason is set to strengthen RISCPoint's commitment to delivering top-notch security and compliance solutions to its clients.

Read More

Preparing for Your First Penetration Test: Key Considerations for Success

July 10, 2023

RISCPoint highlights the importance of penetration testing as a cornerstone of cybersecurity, outlining essential steps for a successful first test. From defining the scope and securing permissions to choosing the right partner, this guide ensures your organization is well-prepared to identify vulnerabilities, evaluate security controls, and enhance your overall security posture.

Read More

RISCPoint Welcomes Bennett Warner as Cybersecurity Services Practice Leader

July 3, 2023

RISCPoint Advisory Group is thrilled to announce Bennett Warner as the new leader of our Cybersecurity Services Practice. With a rich background in offensive security, software development, and national defense, Bennett is set to enhance our offerings in penetration testing, vulnerability management, and security engineering, furthering our mission to safeguard organizations against evolving cyber threats.

Read More

FedRAMP Rev 5: What You Need to Know

June 20, 2023

RISCPoint breaks down the critical updates and transition plan for FedRAMP Revision 5 Baselines, highlighting the key considerations for Cloud Solution Providers. With a focus on alignment with NIST SP 800-53, Rev. 5, this guide outlines the phases of Planning, Initiation, and Continuous Monitoring to ensure compliance and enhance cybersecurity frameworks for federal government cloud services.

Read More

RISCPoint Welcomes Tony Bai as Executive Vice President for Public Sector

June 5, 2023

RISCPoint Advisory Group is excited to welcome Tony Bai as the new Executive Vice President for the Public Sector. With his extensive background in US Federal Cybersecurity and Compliance, and his experience as a military cyber professional, Tony is set to bolster RISCPoint's commitment to helping clients achieve their cybersecurity and compliance goals, particularly in areas such as FedRAMP, StateRAMP, and CMMC.

Read More

Why Every Organization Can Benefit from Penetration Testing

December 7, 2022

Penetration testing, or "pen testing," is an essential tool for safeguarding your organization's sensitive information and ensuring robust cybersecurity. By simulating real-world attacks, pen testing identifies vulnerabilities in your systems and evaluates the effectiveness of your security measures. RISCPoint's custom-tailored penetration tests offer a proactive approach to identifying and mitigating potential threats, ensuring your organization's security framework is as strong and resilient as possible.

Read More

Gone Phishing: Social Engineering and Cybersecurity

November 3, 2022

RISCPoint highlights the critical importance of understanding and preventing social engineering attacks in today's digital landscape. From phishing and vishing to smishing and whaling, these deceptive tactics exploit human trust to compromise sensitive information. Learn how to safeguard your organization against these increasingly sophisticated threats and consider the role of regular penetration testing in fortifying your cybersecurity defenses.

Read More

An Introduction to FISMA

October 20, 2022

RISCPoint demystifies the Federal Information Security Management Act (FISMA) for organizations involved with the federal government. Learn the key provisions, requirements, and benefits of FISMA compliance, and discover how partnering with a virtual CISO like RISCPoint can ensure your security and compliance needs are met, safeguarding sensitive federal information and enhancing your chances of securing federal contracts.

Read More

4 Key Benefits of Complying with the NIST CSF

September 13, 2022

RISCPoint explores the advantages of adopting the National Institute of Standards and Technology's Cybersecurity Framework (NIST CSF) for organizations of all sizes and sectors. Discover how this voluntary framework provides a structured approach to cybersecurity, offering benefits such as a common organizing structure, flexibility, privacy considerations, and workforce development, ultimately enhancing your organization's cybersecurity maturity and posture.

Read More

What is a vCISO, and Do I Need One?

September 5, 2022

RISCPoint explores the crucial role of a virtual Chief Information Security Officer (vCISO) in providing expert security and compliance guidance for organizations. Discover how a vCISO can offer flexible, on-demand expertise to enhance your security foundation, compliance posture, and overall cybersecurity hygiene, while also representing your company's best interests to customers and stakeholders.

Read More

4 Things to Consider When Choosing Your FedRAMP Consultant

August 20, 2022

RISCPoint outlines key factors to consider when selecting a FedRAMP consultant for your organization's authorization journey. From assessing the depth of expertise and communication skills to evaluating cost and experience with the Program Management Office, these considerations are crucial in ensuring a smooth and successful path to FedRAMP compliance.

Read More

Emerging Cybersecurity Threat Trends in 2022

August 1, 2022

RISCPoint identifies crucial cybersecurity threats in 2022, including ransomware and software supply chain attacks, emphasizing the importance of a strong defensive strategy. Learn about the financial and repetitional impacts of breaches and discover key practices like security awareness training, regular backups, and continuous penetration testing to safeguard your organization against these evolving threats.

Read More

Ransomware Attacks are on the Rise Worldwide – Here are Three Things You Can Do About It

July 21, 2022

RISCPoint highlights the alarming increase in ransomware attacks worldwide, emphasizing the critical need for organizations to stay vigilant. Learn three key strategies to enhance your cybersecurity defenses, including minimizing human vulnerabilities through continuous training, bringing in an expert like a virtual CISO, and staying informed about industry-specific threats, especially in sectors like healthcare where breaches are surging.

Read More

FedRAMP Adds Three New Control Families to Catalog

July 14, 2022

RISCPoint sheds light on the significant updates in FedRAMP Revision 5, including the addition of three new control families: Supply Chain Risk Management, Personally Identifiable Information Processing and Transparency, and Program Management. Understand the implications of these changes for your organization's cybersecurity and compliance needs and learn how to prepare for the upcoming shift in requirements.

Read More

FedRAMP Revision 5 Introduces Threat-Based Methodology - Here's What to Expect

June 2, 2022

RISCPoint outlines the significant changes in FedRAMP Revision 5, highlighting the shift to a Threat-Based Methodology aligned with MITRE ATT&CK Framework version 8.2. Understand how this update strengthens security, reduces the number of additional controls, and what it means for your organization's compliance programs as you prepare for the new standards.

Read More

CISA Issues New Warning Amid Russia-Ukraine Conflict

March 30, 2022

RISCPoint highlights the latest advisory from CISA and the Department of Energy, urging U.S organizations to secure their uninterruptible power supply (UPS) devices against potential cyberattacks in the wake of the Russia-Ukraine conflict. Learn about the recommended measures to protect internet-connected UPS devices and the importance of staying vigilant during these tumultuous times.

Read More

What the Strengthening American Cybersecurity Act Means for The Cybersecurity Industry

March 12, 2022

RISCPoint delves into the implications of the recently signed Strengthening American Cybersecurity Act, highlighting its focus on enhancing federal cybersecurity laws, increasing reporting requirements for critical infrastructure, and promoting secure cloud technology use. Understand the potential impact on your organization and the importance of preparing for the expanded cybersecurity and compliance requirements set forth by this landmark legislation.

Read More

What the Russian Invasion of Ukraine Could Mean for the Cybersecurity Landscape

March 1, 2022

RISCPoint addresses the potential cybersecurity implications of Russia's invasion of Ukraine, highlighting the urgent need for organizations to adopt a heightened security posture. Learn key measures recommended by the CISA to proactively protect your critical assets, including multi-factor authentication, regular patching, and having a mature incident response plan, in light of the increased cyber risk posed by potential Russian retaliation.

Read More

So, What's StateRAMP?

February 22, 2022

RISCPoint introduces StateRAMP, a consortium aimed at enhancing cybersecurity for state and local governments by vetting third-party vendors' security postures. Modeled after the federal FedRAMP framework, StateRAMP aims to protect citizen data, save taxpayer dollars, and promote cybersecurity best practices, addressing the unique needs of state and local governments not covered by FedRAMP.

Read More

3 Major Benefits of a HITRUST Certification

January 25, 2022

RISCPoint outlines the advantages of obtaining a HITRUST certification, a comprehensive framework that helps organizations in the healthcare sector and beyond to enhance their security posture, meet industry demands, and streamline compliance efforts. Discover how this certification can provide an in-depth assessment of your security framework, offer a competitive edge, and save time and resources by fulfilling multiple regulatory requirements with a single certification.

Read More

How To Achieve Compliance Across Multiple Controls Frameworks

January 10, 2022

RISCPoint offers a comprehensive guide to help organizations navigate the complexities of achieving compliance across multiple control frameworks like SOC 2, ISO/IEC 27001, HITRUST, and HIPAA. Learn how to define your compliance objectives, select an appropriate controls framework, implement controls effectively, and monitor their effectiveness to ensure a robust and efficient compliance program that meets the evolving demands of the cybersecurity landscape.

Read More

Passion Led Us Here

January 4, 2022

RISCPoint CEO Jake Nix reflects on the firm's growth in 2021, attributing success to the passion that drives the team, partners, and clients. He highlights the importance of meaningful work, autonomy, and deepened relationships in creating a thriving ecosystem. As RISCPoint continues to grow, the commitment to core values and the pursuit of passion remain central to delivering top-notch security and compliance services.

Read More

Key Considerations for StateRAMP Authorization

November 29, 2021

RISCPoint outlines essential factors for vendors aiming to achieve StateRAMP authorization, highlighting the inaugural class of approved vendors like BlackBerry, Cisco, and Microsoft. Understand the rigorous requirements, including compliance with NIST SP 800-53 Rev. 5, the need for a trusted advisor, a thorough security controls assessment, ongoing monitoring, and the determination of impact level categories, to successfully navigate the StateRAMP authorization process for state and local government contracts.

Read More

CMMC 2.0 What to Know, What to Do, and How to Prepare

November 15, 2021

RISCPoint breaks down the key changes and preparations needed for CMMC 2.0, the streamlined standard set to impact government contractors and the Defense Industrial Base. Learn about the reduction in levels, expanded self-assessment eligibility, and the importance of aligning with NIST 800-171 to ensure your organization is ready for the immediate implementation of CMMC 2.0 upon approval.

Read More

RISCPoint adds John Duda to the Advisory Board

November 7, 2021

RISCPoint Advisory Group welcomes John Duda, Chairman and CEO of Summit Exercises & Training®, to its advisory board, bringing his vast experience in federal preparedness programs to enhance the company's cybersecurity and compliance services. Duda's expertise will support RISCPoint's mission to provide high-quality advisory support and expertise in the rapidly evolving federal cybersecurity and compliance landscape.

Read More

RISCPoint hires Information Technology and SOX audit leader Matt Drewyor

November 1, 2021

RISCPoint Advisory Group proudly announces the addition of Matt Drewyor, a seasoned expert in IT SOX, cybersecurity, and IT risk assessments, to its expanding team. With a rich background from PwC, Deloitte, and First Solar, Drewyor is set to lead service delivery, further enhancing RISCPoint's commitment to providing agile, high-quality cybersecurity and compliance services to its clients.

Read More

3 Key Qualities of a Healthy Security Culture

October 29, 2021

RISCPoint emphasizes the importance of a strong security culture in today's cybersecurity landscape, highlighting three essential qualities: making security accessible to all employees, ensuring consistent training and compliance, and fostering a culture of accountability rather than punishment. Discover how these practices can empower your workforce and safeguard your organization against potential breaches.

Read More

RISCPoint Achieves RPO Status

June 8, 2021

RISCPoint Advisory Group proudly announces its new status as a Registered Provider Organization (RPO) within the CMMC ecosystem, further enhancing its commitment to serving the Defense Industrial Base. This accreditation enables RISCPoint to guide clients through the complexities of CMMC certification, adding to its comprehensive range of security and compliance services.

Read More

The Growing Importance Of A CMMC For Government Contractors

June 1, 2021

RISCPoint emphasizes the increasing significance of the Cybersecurity Maturity Model Certification (CMMC) for government contractors within the Defense Industrial Base. With the integration of CMMC into the Defense Federal Acquisition Regulation Supplement (DFARS), it's crucial for suppliers and contractors to comply with the new provisions to protect sensitive information and maintain eligibility for DoD contracts. Learn about the requirements for obtaining a CMMC and how it impacts your business in the defense sector.

Read More

RISCPoint Sponsors Team Row4Hope

April 19, 2021

RISCPoint Advisory Group is thrilled to support Team Row4Hope in their endeavor to compete in the Talisker Whisky Atlantic Challenge, aiming to raise awareness and funds for the Make-A-Wish® foundation of Central and Northern Florida. As the team embarks on this challenging 3,000-mile ocean rowing race, RISCPoint's sponsorship reflects their commitment to community involvement and charitable causes, aligning with their mission to integrate cybersecurity solutions with business goals.

Read More

RISCPoint Announces Apprenticeship Program

March 8, 2021

RISCPoint is proud to launch the RISCPoint Apprenticeship Program, aimed at fostering the growth of future Compliance and Cybersecurity professionals. The program offers hands-on experience, mentorship, and exposure to various practice specialties, embodying the company's commitment to employee development and community investment in the cybersecurity field.

Read More

FedRAMP vs. StateRAMP: A Guide

February 26, 2021

RISCPoint breaks down the differences between FedRAMP and StateRAMP, two frameworks designed to standardize security assessments for cloud services. While both are modeled after NIST standards, FedRAMP applies to federal government vendors, whereas StateRAMP caters to state and local government entities. Learn about the paths to authorization for each and how existing FedRAMP authorizations can benefit from reciprocity agreements with StateRAMP.

Read More

Decoding the Five SOC 2 Trust Services Criteria

February 15, 2021

RISCPoint highlights the importance of understanding the five SOC 2 Trust Services Criteria—Security, Availability, Confidentiality, Processing Integrity, and Privacy—for organizations looking to conduct business securely and competitively. Learn how each criterion addresses specific aspects of information security and how to determine which criteria to include in your SOC 2 audit for a robust and relevant report.

Read More

Cross Platform Segregation of Duties: The Next Key Report Crisis

February 2, 2021

RISCPoint highlights the increasing scrutiny on Segregation of Duties (SoD) controls, particularly as organizations continue to automate business processes. As cross-platform functions grow, ensuring proper SoD becomes more complex and critical. Learn how to prepare for the anticipated challenges by reviewing key business processes, developing process flowcharts, and creating comprehensive SoD and Sensitive Access inventories to maintain a robust control environment.

Read More

Navigating The Paths To FedRAMP Authorization

December 15, 2020

RISCPoint guides organizations through the complex journey to FedRAMP authorization, offering strategic advice on choosing the right path, whether it's through Joint Authorization Board (JAB) or Agency Sponsorship. Learn about the importance of FedRAMP for Cloud Service Providers working with the federal government, the key steps to prepare for authorization, and the ongoing responsibilities of maintaining FedRAMP compliance with RISCPoint's expert advisory services.

Read More

SOC for Supply Chain, Explained

November 30, 2020

RISCPoint delves into the importance of the SOC for Supply Chain standard, introduced by the AICPA to address increasing supply chain risks. This report provides a strategic advantage by offering transparency and assurance about the security of controls and processes in place, ultimately protecting business relationships from cyber threats and ensuring the integrity of the supply chain.

Read More

Avoiding the Pitfalls of Turnkey Compliance Solutions

November 17, 2020

RISCPoint highlights the challenges of relying on turnkey compliance solutions for achieving SOC 2 and other certifications. These platforms may offer quick fixes but often lack customization, scalability, and long-term value. RISCPoint advises organizations to take a strategic approach to cybersecurity and compliance, considering both short and long-term goals, and selecting partners that can provide tailored solutions and support throughout the compliance journey.

Read More

The Hidden Costs of Ineffective Cybersecurity and Compliance Functions

November 7, 2020

RISCPoint emphasizes the importance of a well-defined cybersecurity and compliance function to balance operational costs and potential risks. Ineffective controls can lead to data loss, operational failures, reputational damage, and financial penalties. The article advises on identifying and remedying common characteristics of ineffective IT compliance functions, including lack of executive support, skill gaps, inadequate policies, and recurring audit findings. RISCPoint suggests a thorough examination by experienced professionals to address these issues and improve security posture.

Read More

Your SOC 2 Checklist

October 14, 2020

RISCPoint presents a comprehensive SOC 2 compliance checklist to help organizations navigate the complexities of meeting SOC 2 requirements. Key steps include determining applicable Trust Services Criteria, deciding on the type of report needed (Type 1 or Type 2), planning and budgeting for the audit, and avoiding common pitfalls like relying on template policies or inexperienced audit facilitation. RISCPoint emphasizes the importance of conducting internal assessments, hiring industry experts, and optimizing processes for a successful SOC 2 assessment.

Read More

In Search Of (ISO) AI Security & Compliance

April 10, 2024

Join us at Finders Keepers Bar, SF, on May 8 for "In Search Of AI Security & Compliance" with AWS & partners A-LIGN, InfusionPoints, RISCPoint, Thoropass, and Vanta! Expect expert talks, networking, giveaways, and happy hour in a night of learning and fun. Don't forget to register!

Read More

Elevate Your Trust Program: HITRUST Community Extension Event

April 1, 2024

Join RISCPoint and leaders in healthcare for an exclusive HITRUST Community Extension Program at Schellman's Ohio office, where seasoned professionals will share insights on maximizing HITRUST certification for effective risk management. Enjoy a catered lunch, engaging discussions, and a guided happy hour with expert-led tastings, while earning four CPE credits.

Read More

Passion Led Us Here

January 4, 2022

RISCPoint CEO Jake Nix reflects on the firm's growth in 2021, attributing success to the passion that drives the team, partners, and clients. He highlights the importance of meaningful work, autonomy, and deepened relationships in creating a thriving ecosystem. As RISCPoint continues to grow, the commitment to core values and the pursuit of passion remain central to delivering top-notch security and compliance services.

Read More

RISCPoint adds John Duda to the Advisory Board

November 7, 2021

RISCPoint Advisory Group welcomes John Duda, Chairman and CEO of Summit Exercises & Training®, to its advisory board, bringing his vast experience in federal preparedness programs to enhance the company's cybersecurity and compliance services. Duda's expertise will support RISCPoint's mission to provide high-quality advisory support and expertise in the rapidly evolving federal cybersecurity and compliance landscape.

Read More

RISCPoint hires Information Technology and SOX audit leader Matt Drewyor

November 1, 2021

RISCPoint Advisory Group proudly announces the addition of Matt Drewyor, a seasoned expert in IT SOX, cybersecurity, and IT risk assessments, to its expanding team. With a rich background from PwC, Deloitte, and First Solar, Drewyor is set to lead service delivery, further enhancing RISCPoint's commitment to providing agile, high-quality cybersecurity and compliance services to its clients.

Read More

RISCPoint Achieves RPO Status

June 8, 2021

RISCPoint Advisory Group proudly announces its new status as a Registered Provider Organization (RPO) within the CMMC ecosystem, further enhancing its commitment to serving the Defense Industrial Base. This accreditation enables RISCPoint to guide clients through the complexities of CMMC certification, adding to its comprehensive range of security and compliance services.

Read More

RISCPoint Sponsors Team Row4Hope

April 19, 2021

RISCPoint Advisory Group is thrilled to support Team Row4Hope in their endeavor to compete in the Talisker Whisky Atlantic Challenge, aiming to raise awareness and funds for the Make-A-Wish® foundation of Central and Northern Florida. As the team embarks on this challenging 3,000-mile ocean rowing race, RISCPoint's sponsorship reflects their commitment to community involvement and charitable causes, aligning with their mission to integrate cybersecurity solutions with business goals.

Read More

RISCPoint Announces Apprenticeship Program

March 8, 2021

RISCPoint is proud to launch the RISCPoint Apprenticeship Program, aimed at fostering the growth of future Compliance and Cybersecurity professionals. The program offers hands-on experience, mentorship, and exposure to various practice specialties, embodying the company's commitment to employee development and community investment in the cybersecurity field.

Read More

I’m FedRAMP Authorized, Now What?! | FedRAMP Blog Series

July 16, 2024

Achieving FedRAMP authorization is just the beginning for Cloud Service Providers (CSPs). Maintaining this authorization requires continuous compliance with stringent security standards and regular assessments to ensure cloud environments remain secure. Key tasks include monitoring security incidents, conducting vulnerability scans, effective patch management, maintaining secure configurations, performing regular security control assessments, and managing Plans of Action and Milestones (POA&M). Notably, CSPs must transition their hardening standards to DISA STIGs or CIS Level 2 as per Revision 5 requirements to avoid losing authorization. Continuous diligence in these areas ensures ongoing authorization and the ability to serve federal agencies securely.

Read More

Navigating the New Frontier: Understanding FedRAMP's Red Team Requirement

April 2, 2024

New red team requirement introduced in FedRAMP Revision 5 and NIST SP 800-53 Rev 5 emphasize proactive defense mechanisms in cybersecurity. It explores the concept of red teaming, the challenges of implementing these exercises without explicit guidance, and suggests approaches for internal execution and partnering with external experts like RISCPoint. The post also speculates on future guidance from the FedRAMP Program Management Office, emphasizing the importance of integrating red team findings into continuous improvement processes for enhanced cybersecurity resilience.

Read More

Three Pain Points of a FedRAMP Assessment

October 16, 2023

Exploring the challenges of achieving FedRAMP authorization: Unveiling the critical pain points faced by Cloud Service Providers (CSPs) in navigating the complex assessment process to unlock federal marketplace opportunities.

Read More

RISCPoint Awarded Prestigious FedRAMP® and StateRAMP 3PAO Status

September 19, 2023

RISCPoint proudly achieves FedRAMP® and StateRAMP 3PAO accreditation, reinforcing its commitment to cybersecurity excellence and serving as a trusted extension of FedRAMP's mission to secure the cloud. With this recognition, RISCPoint continues to elevate its advisory services, offering unparalleled expertise in compliance across various industries.

Read More

NIST 800-171 Revision 3 Draft and What It Means for Federal Contractors

August 21, 2023

The draft of NIST SP 800-171 Revision 3 introduces crucial updates for federal contractors, aiming to enhance protection of Controlled Unclassified Information (CUI) in nonfederal systems. RISCPoint emphasizes the importance of understanding these changes, including new control families and refined security requirements, to ensure compliance and secure federal contracts effectively.

Read More

Penetration Testing vs. Red Teaming: Understanding the Differences

August 14, 2023

RISCPoint demystifies the differences between penetration testing and red teaming, crucial methodologies for assessing an organization's security posture. While penetration testing focuses on identifying technical vulnerabilities within a controlled environment, red teaming provides a comprehensive, real-world attack simulation, assessing both technical defenses and human factors. This article elucidates the importance of both approaches in forming a robust cybersecurity strategy, especially with new FedRAMP requirements emphasizing red teaming's role in security assessments.

Read More

Getting Started with Your FedRAMP Rev. 4 to Rev. 5 Transition

July 24, 2023

RISCPoint offers essential guidance for Cloud Service Providers navigating the FedRAMP Rev. 4 to Rev. 5 transition, emphasizing the importance of identifying gaps by September 1, 2023, and outlining a clear, strategic approach to compliance with the new baselines. This move ensures CSPs maintain their FedRAMP authorization efficiently, reinforcing RISCPoint's commitment to supporting clients through complex cybersecurity and compliance challenges.

Read More

FedRAMP Rev 5: What You Need to Know

June 20, 2023

RISCPoint breaks down the critical updates and transition plan for FedRAMP Revision 5 Baselines, highlighting the key considerations for Cloud Solution Providers. With a focus on alignment with NIST SP 800-53, Rev. 5, this guide outlines the phases of Planning, Initiation, and Continuous Monitoring to ensure compliance and enhance cybersecurity frameworks for federal government cloud services.

Read More

An Introduction to FISMA

October 20, 2022

RISCPoint demystifies the Federal Information Security Management Act (FISMA) for organizations involved with the federal government. Learn the key provisions, requirements, and benefits of FISMA compliance, and discover how partnering with a virtual CISO like RISCPoint can ensure your security and compliance needs are met, safeguarding sensitive federal information and enhancing your chances of securing federal contracts.

Read More

4 Key Benefits of Complying with the NIST CSF

September 13, 2022

RISCPoint explores the advantages of adopting the National Institute of Standards and Technology's Cybersecurity Framework (NIST CSF) for organizations of all sizes and sectors. Discover how this voluntary framework provides a structured approach to cybersecurity, offering benefits such as a common organizing structure, flexibility, privacy considerations, and workforce development, ultimately enhancing your organization's cybersecurity maturity and posture.

Read More

4 Things to Consider When Choosing Your FedRAMP Consultant

August 20, 2022

RISCPoint outlines key factors to consider when selecting a FedRAMP consultant for your organization's authorization journey. From assessing the depth of expertise and communication skills to evaluating cost and experience with the Program Management Office, these considerations are crucial in ensuring a smooth and successful path to FedRAMP compliance.

Read More

FedRAMP Adds Three New Control Families to Catalog

July 14, 2022

RISCPoint sheds light on the significant updates in FedRAMP Revision 5, including the addition of three new control families: Supply Chain Risk Management, Personally Identifiable Information Processing and Transparency, and Program Management. Understand the implications of these changes for your organization's cybersecurity and compliance needs and learn how to prepare for the upcoming shift in requirements.

Read More

FedRAMP Revision 5 Introduces Threat-Based Methodology - Here's What to Expect

June 2, 2022

RISCPoint outlines the significant changes in FedRAMP Revision 5, highlighting the shift to a Threat-Based Methodology aligned with MITRE ATT&CK Framework version 8.2. Understand how this update strengthens security, reduces the number of additional controls, and what it means for your organization's compliance programs as you prepare for the new standards.

Read More

So, What's StateRAMP?

February 22, 2022

RISCPoint introduces StateRAMP, a consortium aimed at enhancing cybersecurity for state and local governments by vetting third-party vendors' security postures. Modeled after the federal FedRAMP framework, StateRAMP aims to protect citizen data, save taxpayer dollars, and promote cybersecurity best practices, addressing the unique needs of state and local governments not covered by FedRAMP.

Read More

3 Major Benefits of a HITRUST Certification

January 25, 2022

RISCPoint outlines the advantages of obtaining a HITRUST certification, a comprehensive framework that helps organizations in the healthcare sector and beyond to enhance their security posture, meet industry demands, and streamline compliance efforts. Discover how this certification can provide an in-depth assessment of your security framework, offer a competitive edge, and save time and resources by fulfilling multiple regulatory requirements with a single certification.

Read More

How To Achieve Compliance Across Multiple Controls Frameworks

January 10, 2022

RISCPoint offers a comprehensive guide to help organizations navigate the complexities of achieving compliance across multiple control frameworks like SOC 2, ISO/IEC 27001, HITRUST, and HIPAA. Learn how to define your compliance objectives, select an appropriate controls framework, implement controls effectively, and monitor their effectiveness to ensure a robust and efficient compliance program that meets the evolving demands of the cybersecurity landscape.

Read More

FedRAMP vs. StateRAMP: A Guide

February 26, 2021

RISCPoint breaks down the differences between FedRAMP and StateRAMP, two frameworks designed to standardize security assessments for cloud services. While both are modeled after NIST standards, FedRAMP applies to federal government vendors, whereas StateRAMP caters to state and local government entities. Learn about the paths to authorization for each and how existing FedRAMP authorizations can benefit from reciprocity agreements with StateRAMP.

Read More

Decoding the Five SOC 2 Trust Services Criteria

February 15, 2021

RISCPoint highlights the importance of understanding the five SOC 2 Trust Services Criteria—Security, Availability, Confidentiality, Processing Integrity, and Privacy—for organizations looking to conduct business securely and competitively. Learn how each criterion addresses specific aspects of information security and how to determine which criteria to include in your SOC 2 audit for a robust and relevant report.

Read More

Cross Platform Segregation of Duties: The Next Key Report Crisis

February 2, 2021

RISCPoint highlights the increasing scrutiny on Segregation of Duties (SoD) controls, particularly as organizations continue to automate business processes. As cross-platform functions grow, ensuring proper SoD becomes more complex and critical. Learn how to prepare for the anticipated challenges by reviewing key business processes, developing process flowcharts, and creating comprehensive SoD and Sensitive Access inventories to maintain a robust control environment.

Read More

Navigating The Paths To FedRAMP Authorization

December 15, 2020

RISCPoint guides organizations through the complex journey to FedRAMP authorization, offering strategic advice on choosing the right path, whether it's through Joint Authorization Board (JAB) or Agency Sponsorship. Learn about the importance of FedRAMP for Cloud Service Providers working with the federal government, the key steps to prepare for authorization, and the ongoing responsibilities of maintaining FedRAMP compliance with RISCPoint's expert advisory services.

Read More

Understanding the New EU-U.S. Data Privacy Framework: Implications, Insights, and Compliance

August 28, 2023

The EU-U.S. Data Privacy Framework, endorsed by the European Commission on July 12, 2023, establishes a new standard for transatlantic data transfers, ensuring GDPR-compliant data protection. RISCPoint highlights the framework's impact, offering compliance guidance for organizations to navigate this revised data privacy landscape effectively.

Read More

RISCPoint Unveils RADAR: A Revolutionary AI-Powered Cybersecurity Platform

August 28, 2024

RISCPoint Advisory Group, a leader in custom-tailored security and compliance services, today announced the launch of RADAR, an innovative all-in-one cybersecurity platform. Combining continuous threat discovery with expert-led Penetration Testing as a Service (PTaaS), RADAR represents a significant leap forward in proactive security and risk management. Launched at Blackhat, during one of the cybersecurity industry's most exciting weeks, RADAR has made an instant impact, leveraging artificial intelligence to provide real-time vulnerability detection across multiple attack surfaces. The platform offers continuous scanning and on-demand penetration testing by certified ethical hackers, ensuring comprehensive security assessments and compliance reporting.

Read More

The RISCPoint Recap - AWS re:Inforce 2024

June 19, 2024

RISCPoint attended AWS re:Inforce 2024 to gain insights into the latest advancements in cloud security. Key highlights included AWS's new security features such as Amazon GuardDuty Malware Protection for Amazon S3 and passkey MFA for IAM users, emphasizing the integration of AI in security practices. Additionally, AWS CISO Chris Betz's keynote on the importance of a robust security culture and networking opportunities through the AWS Global Security and Compliance Acceleration Program underscored the collaborative efforts in driving industry standards forward.

Read More

Security and Compliance for SMBs: RISCPoint Shares their Expertise on the Cloudy with a Chance of AWSome AWS Podcast

May 1, 2024

Security and compliance are paramount concerns for businesses of all sizes, however, small and medium-sized businesses (SMBs), in particular, face unique challenges in navigating these complex topics while striving for innovation and growth. On the latest Cloudy with a Chance of AWSome podcast episode “Security & Compliance for SMBs”, RISCPoint’s CEO, Jake Nix, and COO, Matt Drewyor, explore how RISCPoint and AWS are reshaping the security and compliance landscape for SMBs with podcast hosts Hayden Chase Kuzma and Benjamin King, SMB Account Managers at AWS.

Read More

Navigating the New Frontier: Understanding FedRAMP's Red Team Requirement

April 2, 2024

New red team requirement introduced in FedRAMP Revision 5 and NIST SP 800-53 Rev 5 emphasize proactive defense mechanisms in cybersecurity. It explores the concept of red teaming, the challenges of implementing these exercises without explicit guidance, and suggests approaches for internal execution and partnering with external experts like RISCPoint. The post also speculates on future guidance from the FedRAMP Program Management Office, emphasizing the importance of integrating red team findings into continuous improvement processes for enhanced cybersecurity resilience.

Read More

Safeguard Your Business: 5 Simple Steps to Boost Cybersecurity this Holiday Season

December 7, 2023

RISCPoint outlines five essential steps to bolster cybersecurity during the holiday season, emphasizing vigilance against phishing, securing remote work, being cautious of smishing, keeping devices updated, and the importance of continuous education to protect businesses from increased cyber threats.

Read More

RISCPoint Welcomes Matt Wiese as our Director of Cybersecurity Operations Services

October 2, 2023

RISCPoint Advisory Group Welcomes Matt Wiese as Director of Cybersecurity Operations Services: Enhancing Cybersecurity Capabilities with Platform Security Expertise.

Read More

Cybersecurity Breaches at Las Vegas Resorts: Understanding the MGM and Caesars Incidents

September 18, 2023

Amid cyber breaches at MGM Resorts and Caesars Entertainment, RISCPoint delves into the details, exploring the culprits, methods, and potential aftermath of these high-profile attacks. With insights into the intricate workings of cybercrime and its ramifications, RISCPoint underscores the urgent need for robust cybersecurity measures in today's interconnected world.

Read More

The Issue with BYOD

September 11, 2023

Delve into the security challenges posed by the Bring Your Own Device (BYOD) model, citing the potential for compromised personal computers to leak sensitive data and open doors for cyber threats. RISCPoint offers strategic approaches like access restriction, education, and implementing a zero-trust architecture to navigate these risks and ensure a more secure organizational environment.

Read More

NIST 800-171 Revision 3 Draft and What It Means for Federal Contractors

August 21, 2023

The draft of NIST SP 800-171 Revision 3 introduces crucial updates for federal contractors, aiming to enhance protection of Controlled Unclassified Information (CUI) in nonfederal systems. RISCPoint emphasizes the importance of understanding these changes, including new control families and refined security requirements, to ensure compliance and secure federal contracts effectively.

Read More

Penetration Testing vs. Red Teaming: Understanding the Differences

August 14, 2023

RISCPoint demystifies the differences between penetration testing and red teaming, crucial methodologies for assessing an organization's security posture. While penetration testing focuses on identifying technical vulnerabilities within a controlled environment, red teaming provides a comprehensive, real-world attack simulation, assessing both technical defenses and human factors. This article elucidates the importance of both approaches in forming a robust cybersecurity strategy, especially with new FedRAMP requirements emphasizing red teaming's role in security assessments.

Read More

RISCPoint Achieves AWS Advanced Tier Services Partner Status

November 7, 2024

CLEVELAND, November 7, 2024 – RISCPoint Advisory Group, a leading cybersecurity and compliance services provider, proudly announces its elevation to AWS Advanced Tier Services Partner status within the AWS Partner Network (APN). This milestone reflects RISCPoint's demonstrated technical expertise and consistent delivery of successful client outcomes in cloud security and compliance.

Read More

Security and Compliance for SMBs: RISCPoint Shares their Expertise on the Cloudy with a Chance of AWSome AWS Podcast

May 1, 2024

Security and compliance are paramount concerns for businesses of all sizes, however, small and medium-sized businesses (SMBs), in particular, face unique challenges in navigating these complex topics while striving for innovation and growth. On the latest Cloudy with a Chance of AWSome podcast episode “Security & Compliance for SMBs”, RISCPoint’s CEO, Jake Nix, and COO, Matt Drewyor, explore how RISCPoint and AWS are reshaping the security and compliance landscape for SMBs with podcast hosts Hayden Chase Kuzma and Benjamin King, SMB Account Managers at AWS.

Read More

RISCPoint announces strategic partnership with anecdotes

April 4, 2024

RISCPoint has partnered with anecdotes to offer enterprise-grade cybersecurity and compliance management solutions tailored for startups and SMBs, leveraging a data-driven approach and RISCPoint's expertise to enable rapid adoption of compliance frameworks and build trust-based security programs. This collaboration, which emphasizes flexibility, customization, and client-centric solutions, aims to empower businesses to meet regulatory requirements confidently and thrive in the digital landscape.

Read More

Insightin Health Achieves NIST SP 800-171 Compliance to Enhance Service for Tricare Members

November 7, 2023

Insightin Health announces its population analytics platform, inGAGE™ on Microsoft Azure, as the first to achieve NIST SP 800-171 compliance, enhancing security for Tricare military members' data. This milestone, achieved in collaboration with RISCPoint, underscores their commitment to advanced cybersecurity standards, benefiting active and retired military families with secure, HIPAA-compliant healthcare solutions.

Read More

Unlock the Secrets of Cybersecurity: RISCPoint's Exclusive Webinar Series

March 29, 2024

RISCPoint is thrilled to announce the launch of an upcoming webinar series focused on the latest trends, insights, and best practices in cybersecurity and compliance. The series will cover a wide range of topics including the intricacies of FedRAMP, securing cloud environments, navigating compliance challenges for frameworks like SOC 2, ISO 27001, HIPAA, and GDPR, understanding threat intelligence and incident response, and building a resilient security program. This is a valuable opportunity to expand your cybersecurity knowledge and enhance your organization's security posture with expert guidance from RISCPoint.

Read More

Stay Informed, Stay Secure

Subscribe to our newsletter and get the latest cybersecurity insights, updates, and event invitations delivered straight to your inbox. Join our community and empower your security journey with RISCPoint's expert knowledge.

Thank you! We'll keep you up to date!
Oops! Something went wrong while submitting the form.

Join our newsletter for updates. Terms.

TOP