If you work for a company that deals with government agencies, you may have heard of the NIST, or The National Institute of Standards and Technology. The NIST has its own unique set of standards by which certain companies and organizations must comply.

These cybersecurity guidelines, implemented by the U.S. Department of Defense (DOD) and the Defense Federal Acquisition Regulation Supplement (DFARS) are a point of stress for many organizations, and rightfully so. In fact, ensuring compliance with current NIST standards is among the top priorities for a number of industries in the tech game today, including those in universities, consulting companies, research institutions, manufacturers, and others. If you work within one of these industries and are contracted in any capacity by the DoD, you may do well to familiarize yourself with the most recent NIST standards to ensure you are safe from the consequences of failure to comply.

What Do You Need to Know About NIST Guidelines?

Over time, the NIST, has worked to require additional standards for the processing, storing, and transmission of defense information. The new guidelines seek to promote the protection of “Controlled Unclassified Information,” or CUI, which is defined as government information that, while unclassified, still requires safeguarding. Therefore, the NIST has put into place a specific set of processes, listed in NIST Special Publication 800-171, to ensure government information is protected at all times.

If your company has plans to work with the DOD in the future, you’ll need to take the required steps to ensure you meet the guidelines of the NIST 800-171 mandate. Sections 3.1 through 3.14 of the guidelines contain 109 requirements that companies must meet to comply, though it may have proved difficult for many to meet all 109 by the December 31, 2017 deadline. To address this, the Federal Government typically expects companies to come up with a game plan to earn compliance within a reasonable time frame. Failure to comply may result in your company’s removal from the approved vendors’ list.

There are a few questions you may ask yourself if you’re concerned about whether or not your organization is subject to NIST standards. Simply put, if your company currently holds a United States federal contractor is currently listed as a supplier on a United States federal contract, you likely must answer to the NIST.

Here are a few additional questions that may serve as an indicator of whether or not your company should be concerned about compliance:

• Is your company’s access to CUI contained and reliably isolated?
• Is the CUI controlled? Things like the CUI’s physical location, internet network, authentication factors, and infrastructure all come into play when ensuring the CUI is accessible only to authorized parties.
• Does the site have substantial information technology practices?
• Are backups being maintained?
• Has credible antivirus software been installed?

These are the types of practices subject to the NIST’s guidelines.

What Are Some Common NIST Compliance Myths?

While NIST compliance is vital in a variety of different industries, there are some myths circulating that may make it difficult to know for sure whether compliance has been met. Here are some of the most common myths regarding NIST Compliance:

NIST Compliance Is Too Expensive.

There may be costs associated with becoming NIST compliant, but that doesn’t mean doing so has to cost a fortune. You may not require the help of a large consulting company. Make sure to do your due diligence before committing.

My Company Is Too Small To Worry About NIST Compliance.

Companies of all sizes may be subject to NIST compliance. These guidelines don’t just apply to direct manufacturers, but also any subcontractor currently selling to one of the government’s suppliers. Although your company may not depend on business with the DoD, you may not want to rule yourself out down the line. This is what makes NIST compliance so important for businesses both big and small.

There’s Not Enough Time For Us To Become NIST Compliant.

While there are consequences to not meeting compliance by the aforementioned deadline, it’s still not too late to strive for compliance.

What Steps Can My Business Take To Prepare for DFARS Compliance?

To meet the requirements set forth by DFARS, you’ll need to follow a few steps:

Create A Security Controls Traceability Matrix

If you’re hoping to demonstrate compliance, you’ll need to do it across the system and identify areas of weakness. It’s important to identify every component within your unique system that may be subject to guidelines. Each of these should be mapped out using a simple matrix to ensure accountability.

Pinpoint The Gaps

Your matrix should provide a valuable glimpse into where gaps in compliance may lie. Once you have it, it’s time to investigate where these may be affected in the system.

Visualize And Execute Your Game Plan

Once you’ve determined the gaps, you should develop a strong gap remediation plan that will explore how and when each gap will be fixed and what types of resources you’ll need to achieve this, then put your plan into play. Be sure to document how the gaps have been addressed, as well as be prepared to present data as evidence of your compliance.

Every business knows that getting hit by a data breach can have devastating results. Oftentimes, you lose business along with customer trust. There’s a costly impact to your reputation, and a lot of time is lost on recovering all your data – all translating to huge financial losses. A new report now puts these implications and hidden costs of data breach into perspective.

Ponemon Institute’s 2018 “Cost of a Data Breach Study” presents some worrying figures on the financial impact of data breaches on the corporate world.

While the costs of data breaches are expected to vary depending on factors such as the nature of data lost, the size and nature of the organization whose data has been compromised, and the severity or extent of the attack, Ponemon Institute reports that the global average total cost of a data breach exceeds a whopping $3.8 million.

This represents a 6.4 percent increase from last year’s $3.62 million. What does this mean? The cost of a single data breach is on the rise even as technology continues to present businesses with better, more advanced ways to protect their records both online and offline.

What The Report Covered   

The researchers at Ponemon Institute interviewed nearly 500 companies that had experienced a data breach for the study and analyzed numerous costs and cost factors surrounding an attack. These included incident investigation, legal and regulatory activities, recovery, damage to company reputation, and lost business occurring through customer turnover.

Based on these in-depth interviews, the study established that a mega breach, which simply refers to an attack in the range of 1 million to 50 million lost records, could respectively cost anywhere from $40 million to $350 million on average.

This was the first time the Ponemon Institute study, which has been released annually for the past 13 years, covered calculations of the costs associated with such mega breaches. It, however, did not include huge incidents such as the 2017 Equifax data breach in calculating the averages, arguing that these are uncommon and not the type of breaches that most organizations experience.

According to the report, a company that suffers a mega-breach is bound to experience lost business as the most significant cost. Lost business can claim up to one-third of the total cost of such a breach involving the loss of at least one million records.

What Influences The Cost Of Data Breaches?

A host of factors come into play to determine the costs incurred by organizations that have suffered a breach.

While the knowledge of these factors could mean little by itself, there are some factors that have the potential to reduce these costs. One such factor is the length of time it takes a business to identify and contain an attack incident.

To put it simply, if an organization takes a long time to identify an attack, they would equally take longer to contain the incident – and this would inevitably translate to more extensive damages and bigger losses.

Identifying a breach sooner, on the other hand, allows the victim to address it sooner and be able to contain the problem before the damage spreads. This has the potential to minimize the cost of a data breach.

If the figures from the Ponemon Institute report are anything to go by, it can take up to 197 days (well over 6 months) to identify a data breach and another 69 days to contain it.

Direly, these figures have significantly gone up in the last year, ostensibly because of an increase in the severity of these attacks.

Anything Companies Can Do To Reduce Data Breach Costs?

There are quite a few strategies that, if properly implemented, can help businesses to significantly lower the potential of data breaches and their associated costs.

For starters, the report from Ponemon Institute provides a strong correlation between the time taken to identify and contain an incident of data breach and its related costs. The yearly study has established this same correlation for four consecutive years now – indicating that the quicker you identify a breach, the less it will cost you.

So then, all you have to do is remain vigilant and prepared for an attack at all times. How you wonder? Consider extensive use of encryption in your organization, as this can cut the cost by as much as $13 per capita.

The research also recommends putting in place an incident response team. This, according to the study, can decrease the cost of a data breach by up to $14 per compromised record from the $148 average per-capita cost.

Conclusion

Based on the data from the 2018 cost of a data breach study, being able to contain a breach in less than 30 days will save you more than USD 1 million compared to a company that does not. However, if you can combine vigilance with an automated, state of the art security system, there’s no reason why you can’t keep data breaches from happening in your organization in the first place.

Ticketfly, the California-based ticketing service owned by Eventbrite, hit the headlines in late May, 2018 for shutting itself down in a move to protect user data following a perceived “cyber incident.”

There’s no denying, this must have been tremendously inconvenient to eventgoers who, as part of the security breach, were treated to the message: “Your Security Down im Not Sorry,” in place of the usual login interface on the Ticketfly homepage.

Alongside this message was an image of the Guy Fawkes Anonymous and a Yandex email address belonging to the hacker; neither was of much help to the users.

The hacker had defaced the ticketing website with a picture of the V for Vendetta character plus a claim of responsibility that read: “Ticketfly HacKeD By IsHaKdZ.” This left the company with little choice but to take the site offline and throw itself into damage control.

Ticketfly went on to investigate the incident with the help of third-party forensic cybersecurity experts. The exact extent of the attack and the types of data that the hackers accessed remains yet to be established.

Reports emerged that the Eventbrite-owned ticketing company was supplying venues with lists of ticket buyers, who were required to carry their photo IDs and a printout of their tickets (for those who had the tickets) to the show(s).

The outage was, however, definitely going to present a more serious challenge to those who had bought tickets for an approaching show and didn’t already have the tickets.

The affected ticket buyers would have to sit tight; the company would give them more information as it became available.

Fast Forward To Date

The date is June 2, 2018 – Ticketfly just resumed its normal ticketing operations. Details emerge that the company has been the target of a malicious cyberattack that has led to the compromise of up to 27 million user accounts hosted on its servers.

This is the official communication from the company itself. It clears the air on the earlier reports going around speculating that about 26 million user accounts have been compromised from the Ticketfly attack.

The company, which handles ticket distribution for events like Riot Fest, Celebrate Brooklyn, and a series of venues across Canada and the US, has since confirmed that there was indeed a cyberattack that compromised some event venue and customer data.

It is relieved to confirm, however, that the breached data is limited to people’s names, email addresses, physical addresses, and phone numbers connected to the approximated 27 million Ticketfly accounts. More sensitive information including payment and login data such as credit card numbers and passwords were thankfully not part of the stolen data.

As part of the leak, the compromised names, email addresses, phone numbers, and home addresses were posted on a public server – with some reports indicating that the hacker intended to make public even more data should his demands fail to be met.

Too Early To Celebrate?

The question that now lingers in the minds of many is with regards to the nature of the data that is still in the hands of the hacker who has threatened to release this data to the public.

These threats cannot be taken lightly by any chance. There are reports indicating that the hacker had notified Ticketfly of a security fault ahead of the “cyber incident,” asking the company for a one bitcoin ransom in exchange for repairing the fault. Apparently, Ticketfly did not take the deal, leading to the eventual uploading of the data to the public server. The current value of one Bitcoin is $8,095.

Like any users involved in a major data breach, the primary fear for the victims in this Ticketfly data breach is the idea that the hackers could impersonate them in various instances of identity fraud or consider using their information to access their financial records.

This kind of fear may be unfounded as Troy Hunt, the guy who owns and runs the website named, Have I Been Pwned, feels that this breach is not as ominous as most, given the fact that the perpetrator apparently did not get his hands on people’s passwords or payment information.

The Have I Been Pwned website allows people to check whether their email addresses have been compromised in incidents of data breaches. If your info is included on a public server somewhere, you can find out at this site.

Wrap Up

Right now, it remains to be seen whether the dark hours have passed for Ticketfly or if there are still enough vulnerabilities for the attacker to exploit. By now, there’s no doubt that Ticketfly has improved their security to ensure that all credit card information and user logins are stored in an encrypted database that is cordoned off.

The Microsoft Inspire 2018 partner conference is now behind us, but the new dawn that it marked for the company’s cloud computing service, Azure, has just begun.

Of course, there was a lot that transpired from this partner conference, especially the new opportunities, resources, and incentives that are now available for partners.

In this write-up however, we focus on the wide range of updates – not in all of Microsoft’s partner programs and products that span Microsoft 365, Dynamics 365 and other business apps, but its cloud computing service known as Azure.

Here’s a roundup of the tech giant’s biggest updates and additions to Azure from the Inspire 2018 conference.

New Cloud Apps And Technologies

The number of cloud apps and technologies that are available through Azure just multiplied. The first amazing addition to this channel is the Azure Data Box Disk, an SSD-disk based version of the Azure Data Box appliance rolled out in 2017.

With the Azure Data Box Disk, businesses can move data into Azure with much ease regardless of where the data lives. The new offering allows for the transfer of up to 35 terabytes of data from multiple remote locations such as offices or branches – whether on a recurrent basis or once.

The other interesting Azure addition from Microsoft Inspire 2018 is Azure Virtual WAN, a networking service that provides users (businesses) with automated, optimized branch-to-branch connectivity through Azure using last mile internet. It also allows businesses to build a spoke-hub network in Azure that can route traffic to virtual appliances such as Azure network security services and firewalls.

The Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. The Firewall-as-a-Service (FWaaS) is highly available and fully functional, with unrestricted cloud scalability.

The high availability being built-in means that there are no additional load balancers, nor anything that requires configuring. The unrestricted cloud scalability, on the other hand, means that your Azure Firewall can scale up as much as needed to accommodate fluctuating network traffic flows. Ultimately, you won’t need to budget for any peak traffic – which translates to significant cost savings.

Microsoft Is Expanding Private Offers In The Azure Marketplace

As part of Microsoft’s 2019 development plans for its partner network, the company is expanding its private offers in the Azure marketplace. This means that partners will be able to deliver a better buying experience to their customers by confidentially sharing with them solutions that meet their unique buying needs. This way, Microsoft partners are getting a new means to boost their sales with the corporation.

With the private offer feature, partners are also able to offer discounts to select customers on the Azure channel, rather than having to put up with the standard pricing approach, which can be less appealing.

Vetted & Approved By Microsoft: Azure Expert Managed Service Providers

Microsoft just took its Azure Expert Managed Service Provider program, started as a pilot program at the beginning of the year, to another level. The Azure Expert MSP program is a brand-new platform designed to help those select partners who have demonstrated the greatest level of skill and capabilities with regards to delivering consistent managed services on Azure. This helps them to stand out from the pack.

For a partner to join the new Azure MSP group, they have to be carefully vetted by Microsoft. One of the key qualifications for entering the program is to obtain references from multiple customers and pass a rigorous two-day third-party audit, which is repeated every year.

The idea, according to Microsoft, is to ensure that partners in the Azure Expert Managed Service Provider program are prepared to facilitate customer migrations to the cloud and help them with their cloud projects.

Azure IoT Central Gets New Updates

Azure IoT Central, Microsoft’s Software-as-a-Service IoT (internet of things) solution experienced nothing short of a facelift. These updates are introducing support for the business analytics service, Power BI, and task automation tool Microsoft Flow, as a way to make visualization of real-time intelligence possible.

Additionally, partners on the Cloud Solution Provider program are now able to include management and provisioning of Azure IoT Central applications in their subscription offerings.

Customers seeking to migrate their Windows Server and SQL Server 2008/2008 R2 workloads to Azure have also been assured of a time extension and free security updates even as Microsoft is winding down its support for the former.

Beyond Microsoft Gold: New Apps And Infrastructure For Azure

As part of its mission to boost profitability for partners, Microsoft is launching advanced specializations going beyond Microsoft Gold competencies to help partners with differentiation.

Apps and Infrastructure will include SAP on Azure, cloud migration, Azure Stack, Linux on Azure, backup & disaster recovery, as well as high-performance computing and networking.

Conclusion

Microsoft is clearly pushing positive outcomes on its partner network. And judging from the revelations from the Inspire 2018 conference, the company is determined to see this network prosper. They’re making the most of the opportunities that have since come to light and forging ahead for a brighter future.

Physical face-to-face meetings are on a sharp decline and this decline is attributed to a corresponding rapid growth of video conferencing technology. The last few years have seen immense development in telecommunications, especially on the teleconferencing front.

First, watch the funny video below that pokes fun at conference calls in real life.  Enjoy!

With company staff becoming increasingly remote and many employees opting to work at home, conference calls are the best shot at enhancing collaboration between workers. Physical meetings take time, effort, and money to set up, yet they are often marred with distractions. On the other hand, conference calls are very efficient when setting up properly.

Video Conferencing Can Get Messy If Not Properly Set Up

Despite the outstanding benefits of conference calls, many companies are still reluctant to embrace them and they have valid reasons for their reservations. Being part of an improperly set up conference call can be an awful experience, which might give your company staff a negative impression of conference calls (More so if you are trying it out for the first time).

The PTZ Pro 2

If you’ve ever been part of one before or hosted one, you know how disorderly they might get. That’s where PTZ PRO 2 comes in handy. It’s a conferencing camera built to optimize all aspects of a conference call. PTZ PRO 2 is a solution which enhances the quality of both video and audio to give your conference calls dignity.

What’s PTZ Pro 2 All About?

The PTZ Pro 2 is a state-of-the-art camera technology which has brought new enhancements to video conference calls. The technology was developed with conferencing calls in mind. The camera has a 10X high definition optical zoom with a 2,600 pan and 1,300 tilt.

If you are looking for camera technology with top-notch optics to transmit videos in real time and create the experience of sharing a room with your colleagues, then this might be the perfect fit.

Its adjustable camera controls are efficient and offer more convenience for conference call organizers. The remote control gives the host more functionalities to control the cameras even if they are thousands of miles away. Other impressive enhancements that come with the PTZ Pro 2 include a sharp video resolution, colorful reproduction of images, and a high optical accuracy.

In a nutshell, PTZ Pro 2 is about ease of use and capturing the motion in high definition using better controls.

The PTZ Pro 2 is the ideal camera for large meeting rooms and auditoriums. The lens has a wide field of view, a sharp focus for detailed images, and the camera is free to pan and tilt. The powerful 10x zoom lens has an autofocus which delivers astounding image clarity to participants of the meeting regardless of the distance.

Like other Logitech cameras, the PTZ works for both small and large group meetings. It is compatible with many types of video conferencing software so you don’t have to worry about application compatibility. There’s a good chance that every video conferencing app you’ve used before will work well with the PTZ Pro 2.

Easy To Use

The USB plug-and-play connectivity makes the device so easy to set up and use, you’ll be amazed. All you need to do is connect it to the meeting room computer through a USB port and you will be good to go. PTZ Pro 2 is compatible with most conferencing call software on Macs and Windows devices.

Remote Control

You can operate the PTZ Pro 2 when near it or thousands of miles away. When near the camera, you can use a hand-held remote to tilt, pan, and zoom. The hand-held remote control works if you are operating the camera while in the meeting room. If you have to control it when thousands of miles away, all you need is a downloadable remote control application. The application will give you all the functionalities that the hand-held remote does.

High-Grade Premium Camera Lens

PTZ Pro 2 is decked out with a premium camera lens. Here is what’s special about this lens; it gives you crystal clear images with colorful rendition, sharpness, balanced brightness, and it maintains clarity even when the lens is zoomed in.

You Get To Choose From Different Mounting Options

Unlike many video conferencing cameras, the PTZ Pro 2 gives you multiple mounting options to choose from. It comes with mounting hardware for table top and for wall mounting. For additional flexibility, you have the option of mounting the camera on a tripod thread.

Certified For Business

Not all video conferencing cameras are certified for business. Cameras certified for business have many functionalities which make them ideal for professional purposes. The PTZ 2 camera is certified for use with a number of types of video conferencing software like Skype for Business, Broadsoft, LifeSize Cloud, Vidyo, Zoom, Cisco WebEx, and BlueJeans.

When looking to buy a camera with high definition video and clear audio, the PTZ Pro 2 is worth considering.

What is SNMP?

If you are a new network professional in the field of Information Technology, SNMP is an acronym you will come across often. Or you may have heard of it at some point during IT training. SNMP means “Simple Network Management Protocol.” It is an application layer protocol integrated with an internet protocol suite to help with the management of online communication protocols.

SNMP was first used in the late 80’s, a time when companies were investing heavily in internet networks. SNMP effectively aids the monitoring of network infrastructures such as data stations, printers, servers, hubs, routers, WINS, and host configurations.

Today, it is still one of the most widely used layer protocols for simple networks. Many networking specialists love it because it offers a consistent and reliable way of monitoring many devices on a network simultaneously. It also allows for sharing of information between the components of the network even if the devices run on different operating systems.

Why is SNMP important?

Network management protocols like SNMP have made identification and management of network devices easy and convenient. The protocol keeps track of changes in the network and relays the status of all network devices in real time.

SNMP architecture

As the name hints, SNMP has a simple architecture which is based on the client’s server technology. Basically, the server is the network manager; it measures different variables and processes data relayed from different devices on the internet network. Client devices on SNMP networks are referred to as “Agents.” The agents are either computing devices or peripheral devices connected directly or indirectly to the network. They include computers, phones, printers, and network switches, among other devices.

SNMP data Hierarchy

Even though the SNMP network protocol is based on a simple architecture, its philosophy of data hierarchy is a little complicated or at least will seem complex if you are not familiar with it. Fortunately, the data hierarchy is easy to understand once you grasp the concept behind it.

The SNMP data hierarchy works on a tree-shaped format whereby the branches at different heights represent data available for managers at different management levels to collect. These branches are referred to as Management Information Bases (MIBs) and every level represent of MIBs embodies a group device or peripheral device components. Each MIB is identified using either a unique number or a string. The numbers and strings work on the same concept as hostnames or IP addresses and can be interchanged.

All the management information bases have one or multiple nodes. These nodes represent the devices or device components on the MIB. The nodes are marked using Object identifiers (or simply OIDs) which are also denoted using either numbers or strings.

Using the numbers and strings, managers can troubleshoot or run a query on an agent and to find out the status of network devices in real time. For instance, if a manager needs to know the status of an interface, he will start by querying the MIB then narrow down to the OID value which represents the operational status of the interface.

Are the OIDs important?

MIBs and OIDs are data hierarchies on SNMP systems. They may seem confusing at first but there are many advantages to them. The most outstanding advantage is that you can pull down the exact information you need without necessarily sending explicit requests to the client device to collect it. This significantly reduces pressure on network resources and ensures that all data pertaining to the status of the network is readily available to managers on request.

The architecture is also easy to understand, flexible and can incorporate many devices at different parts of the network. The simplicity makes it possible to pull up large chunks of data from the devices quickly without jamming the network system. The data is usually available in its simplest form and in real time, which makes decision making easy and fast.

Versions of SNMP

SNMP has undergone numerous developments over the years. With every new version comes more features and functionalities than the previous version. In addition, each version has different network protocols so you have to be keen on a version that will serve your network management needs best.

One remarkable attribute that makes a big difference between the versions is the security feature. Various network systems have different security requirements, so you must find a version that best serves your unique needs. Below is a highlight of the versions:

• SNMPv1─The very first version of SNMP. Has very weak security properties. Still widely used today, especially by companies which have not updated their SNMPs to more recent versions.
• SNMPv2- First used in 1993. It had more enhanced security features compared to SNMPv1.
• SNMPv3-Released in 1998. It is the most recent version and most secure version.

SNMP Wrap Up

Simple Network Management Protocol (SNMP) offers easier identification and management of network devices. It makes real-time monitoring of the status of your network accurate and dependable. It also makes the management of online communication protocols possible. SNMP evolves and develops with every new version to deliver better features and functionalities.

With the escalating cyber threats that affect the U.S. Government, the U.S. Department of Commerce issued a Defense Federal Acquisition Regulation Supplement (DFARS) to safeguard the U.S. Department of Defense’s (DoD) unclassified information. The regulation now requires all aerospace and defense companies to be compliant.

Roadmap to DFARS Compliance

In order to be considered DFARS compliant, organizations need to pass a readiness assessment according to the NIST SP 800-171 guidelines.

On average, it will take an organization about six to ten months to become compliant, depending on the organization’s current security status and the available resources they have at their disposal.

Planning is the key to ensure success in your DFARS compliance expedition. It is essential to treat this as a major project, with the mindset of having the needed resources and funding set ahead of time. Many companies hire specialists and consultants and this can really expedite the process, plus it can help an organization to avoid common errors.

Let’s look at an action plan or roadmap to guarantee your cloud environment is safe and compliant according to the DFARS mandate.

Step 1: Calculate Your Organization’s Applicability

Key Question: How can your organization stay relevant?

Using the controls listed in NIST SP 800-171, document the gaps between your current position and the expected end goal.

To ensure your organization is applicable, check off these essentials for Step 1:

• Review all contracts to pinpoint important DFARS clauses and provisions.
• Review DFARS to determine the type of CDI or CUI (see Clause 252.204-7012) that applies.
• Check your applicability with the Contracting Officer as needed.
• Define what systems, processes, programs, applications, hardware, software, people, etc. fall under the scope of your NIST 800-171 compliance.

Step 2: Build a Remedial Plan to Safeguard against Non-Compliance

Key Question: What is your current Security Status?

In order to stay NIST SP 800-171 compliant, make sure you can put a check next to these measures:

• Conduct a control gap analysis against NIST SP 800-171.
• Develop solutions for the identified defects that you find.
• Meet with your subcontractors and other business partners to make sure you are both on track and in step for compliance.

Step 3: Implement Your Remediation Plan to Ensure Compliance

Key Question: Have you developed a plan of action to track your progress?

Developing a system security plan will give you the peace of mind in knowing that you are going to be compliant. You won’t have to worry about fines and penalties.

• Develop or revise controls as needed to remedy the control gaps with NIST SP 800-171.
• Organize your validation testing after remediation is completed to confirm controls are designed and operating effectively (You then need to make sure you have the agreement of your Contracting Officer).

Step 4: Continuously Monitor and Follow-Up

Key Question: How do you maintain constant monitoring to ensure compliance?

Establishing a plan to effectively monitor your compliance can be achieved by doing the following:

• Use tools, templates, reports, and metrics to develop an ever-flowing monitoring program.
• For accountability, organize monitoring activities and provide status updates to significant investors on your performance and progress.

Conclusion:

To Be DFARS Compliant, it is important to remember to set controls in place for current systems and data, while remembering the need to cover new systems and data as they are created. If you fail to keep this in mind, you will assuredly find yourself falling short of compliance.

There is a propensity within organizations to place an emphasis on the controls during the implementation phase, but once the system is up and running, they tend to take their foot off the gas and eyes off the road. Sustaining constant compliance is a never-ending process. You must continuously make sure that new data and systems are effectively classified and that the correct controls are applied. Once DFARS is running and business returns to normal, a high level of attentiveness must be maintained to guarantee the safety and compliance of your organization.

Microsoft’s New Surface Go Tablet: Will It Stand the Test of Time?

The latest new tablet being released by Microsoft is the Surface Go. So, what does it have that older predecessor’s lack? Though it does share some commonalities with its Big Brother, the Surface Pro, there are a few major differences. Let’s take a look at those and see whether the new Surface Go tablet will be a winner or a loser with users. After all, the users are the ones who decide whether a new tablet will make it in the big leagues or be thrown out with the trash by next year.

One: The Price

If you’re a struggling student on a tight budget, then the Surface Go might be just what you’ve been searching for. It has many of the cool features of the Surface Pro without the hefty price tag. For instance, the latest version of the Surface Pro has an Intel Core m3 processor, 5GB of ram and 128GB SSD. It is ultra-lite but has a battery that can last all day. It transforms from a tablet to a laptop by opening the built-in kickstand, then adding Microsoft’s Signature Cover built especially for the Surface Pro. However, at around $799, it’s hardly budget-friendly.

You can get the new Surface Go for about half that much and it will include many of the features above. At around $399, this tablet computer is perfect for most tasks. It performs like a laptop and features a stunning touchscreen. You can enjoy most of the perks of a Surface Pro at half the cost. It can run all your favorite programs or play your favorite games. It’s small, lightweight, and affordable: a triple hitter. The low price will make it very attractive to anyone on a budget.

Two: Display & Processor

With a 10-inch PixelSense display, the Surface Go is a bit smaller than the Surface 3, but it still offers pretty good screen resolution. At 1,800 x 1,200 pixels, the Go gives you 217 PPI (pixels per inch), which is actually higher (201 PPI) than the Surface Laptop, but lower than the Surface Pro (267 PPI).

Microsoft is betting on the 10-inch size of the Surface Go and its smaller price tag to make it highly sought by students everywhere.

The processor on the Surface Go features the Intel Pentium Gold 4415Y chip. Although it is much slower than Intel’s Core i5 and Core i7, this is one of the major reasons for the smaller price tag. Since processors are usually one of the priciest components of most computers, Microsoft was able to slash the price of the Surface Go by installing this slower processor. Though it may be a big tradeoff, many users will be willing to overlook slow processor speed for the lower price to get such a charming tablet computer.

Three: Keyboard & Pen

The keyboard on the Surface Go has keys the same size as the Surface Pro so it won’t be hard to make the switch for typing enthusiasts. The Go tablet also features 2-in-1 keyboard functionality. You can connect to a Type Cover keyboard (sold separately). In addition to the standard version, users can pay a little extra for a keyboard with the Signature Type Cover with Alcantara fabric. The Surface Pen (digital stylus) works the same as the Surface Pro and is sold separately.

Four: Size

With computers, size does matter. Though we might all love a big 17.3 inch screen when viewing our favorite Pinterest projects, those big bulky laptops are not made for a busy lifestyle. The Surface Go is being advertised by Microsoft as the smallest, lightest Surface computer ever made. It weighs only 1.15 pounds and is a mere 10 inches across. It should fit easily into any bag. You can carry it all day and barely know it’s there.

Five: Battery Life

More and more users are looking closely at the battery life of smart phones and computers. There are even new gadgets on the market that promise to extend the battery life of your device. The Lenovo Yoga 920 tops the list with over 22 hours of battery life. However, the price is well above $1,400 for this powerful perk. If you’re talking about tablet computers in the $400 range, then Microsoft’s promise of 9 hours of battery life with the Surface Go seems like a bargain. The Surface Pro only offers 13.5 hours of battery life and it’s twice the price. Nine hours seems like plenty of time to find a power outlet and recharge.

Wrap Up

The Surface Go will be available in August of 2018, but you can expect a backorder from the get-go. Many schools and students are lining up to take advantage of the attractive, low-priced Go tablet. Since it’s made by Microsoft, there’s a very good chance that it may well be every student’s favorite tablet computer by next year. And, it should wind up on a number of Christmas lists this year.

Security for your automobile is so important today due to the current rise in car theft. It is necessary to protect your transportation from this threat.  Your car represents a hefty financial investment, not to mention that it provides transportation for your whole family.

However, many people take auto security for granted. If you’ve ever had your car stolen, then you understand how traumatic it can be. This article will help you better understand how to perform some basic safety precautions to keep your car safe. Many insurance companies offer lower rates if you install extra protection to keep your car safe from thieves. Sit down and relax, so that you can learn how Fob systems work.

How Key Fobs Work

The main Fob systems include electronic devices. These devices function by reading a key Fob when placed in close proximity. If the key Fob is authorized, the reader sends a signal to the door and the user can gain access. Key Fob entry systems offer greater ease of use, enhanced security, and more control.

Once the key Fob is within short range to the access device reader, the system opens the car door to permit entrance only for the owner. The Fob has a special recognition number and the right-to-use system can be programmed to limit or block entry at any time. The biggest advantage of key Fobs and keyless access in general is that a Fob can be instantly blocked in case it’s stolen or lost.

Because of the uniqueness of each car’s key Fob, billions of codes are created so that each one is exclusive.  But hackers have ways of intercepting the wireless signal and then narrowing down the numerical combinations. Within minutes, a hacker’s computer program can figure out the code to unlock your car. This poses a challenge to the security of everyone’s automobile.

Why You Should Wrap Your Keys In Aluminum Foil

Unlocking your car wirelessly is a convenient technology, but it comes with limitations. Thugs have come up with easy ways to intercept the FOBs signal and seize it, locking out alarm signals. The unique key Fob code is sent to the car’s security system using a computer chip. The car has a chip that uses the same algorithm in order to generate codes. Once the codes match, then the car doors open.

Car thieves have figured out how to hack the access codes of your Fob even if it’s not in the car. By capturing and manipulating signals from Fob keys, they can steal your car in just minutes. They use products that assist in intensifying the signal from the key Fob and this allows the car to be stolen effortlessly.

One simple solution to preventing a car thief from stealing this information is to wrap your key Fob in aluminum foil when the key Fob is not in use. The foil blocks the signal, preventing thugs from being able to decode it. Though this is pretty low-tech, it does work and it isn’t hard or expensive to do. Just a bit inconvenient.

How Criminals Attack

Criminals have come up with a way of detecting key Fob signals from a distance of 300 feet away using an amplifier. Signal theft is becoming a much larger problem that even experts can’t deal with. High-powered RFID readers make it all possible. This technology is relatively inexpensive and very accessible to thieves.

Steps To Stop Car Thieves

It is possible to block these amplified signals from reaching your key Fob. One method involves buying a signal-blocking purse or wallet to hold your keys. While this is a simple remedy, it’s important to make sure your keys are properly stored so signal blocking works all the time and correctly. If you can’t afford a purse or wallet with this technology, then try lining your purse with aluminum foil. You can also line only the pouch that holds your keys with foil. Many people keep their keys in the same pocket or area of their purse, so just line that specific area with the foil and remember to place the key Fob there when not in use.

Wrap Up

These days, it’s important to make sure you’re doing everything possible to keep your home and car safe. Though there are many new types of security systems to use, it can be expensive or difficult to install and use them. If your budget won’t allow it, look for easy, low-cost ways like using aluminum foil to protect your key Fob. Make it as hard as possible for thieves to steal from you. They’re often lazy folks who are searching for the easiest targets, so each layer of protection you add, makes you less of a target for car thieves.

Are you using an iPhone or iPad?  It may be worth it to hold off a few days before hitting that update button.

Why?

Reports are surfacing that after updating to #IOS 11.4.1 there are issues with app updates. The App store shows many apps that need to be updated, but when you press ‘update‘ or ‘update all’ the apps updates are failing.

Click Here To Learn More

We recommended holding off until Apple fixes these update issues.

Have any questions regarding the recent iPhone/iPad update?  We welcome you to reach out to us at {phone} or {email}.