resources

FAQ, white papers, industry news, interviews and other information from the world of cybersecurity, governance and compliance.
Frequently asked questions
What would you like to know?

Still have questions? We've got answers. Email us or give us a call.

  • What's unique about Baran Agency?

    We are an organization comprised of Veterans with extensive military backgrounds, specially trained security agents and compliance officers. Our Compliance as a Service (CaaS) business model delivers Military Grade Tactical Cybersecurity Solutions and Cybersecurity Personnel for hire.

    We provide solutions and services to align businesses with cyber compliance based on the U.S. Department of Defense Cybersecurity Maturity Model Certification (CMMC) or other federal, state or industry standards like DFARS, NIST 800-171, HIPPA, CPPA, PCI, SOC or others.

  • What is CUI?

    CUI stands for Controlled Unclasified Information and is information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls.

    A CUI Registry provides information on the specific categories and subcategories of information that the Executive branch protects and includes such organizational index groups as:

    • Critical Infrastructure
    • Defense
    • Export Control
    • Financial
    • Immigration
    • Intelligence
    • International Agreements
    • Law Enforcement
    • Legal
    • Natural and Cultural Resources
    • NATO
    • Nuclear
    • Privacy
    • Procurement and Acquisition
    • Proprietary Business Information
    • Provisional
    • Statistical
    • Tax

    Each agency must create a public registry of CUI categories and subcategories for handling all sensitive, unclassified information and defining why it is considered CUI. 

  • What is CMMC?

    CMMC stands for “Cybersecurity Maturity Model Certification”. The CMMC will encompass multiple maturity levels that ranges from “Basic Cybersecurity Hygiene” to “Advanced”. The intent is to identify the required CMMC level in RFP sections L and M and use as a “go / no go decision.”

  • Why is the CMMC being created?

    The DoD is planning to migrate to the new CMMC framework in order to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB). The CMMC is intended to serve as a verification mechanism to ensure appropriate levels of cybersecurity practices and processes are in place to ensure basic cyber hygiene as well as protect controlled unclassified information (CUI) that resides on the Department’s industry partners’ networks.

  • What is NIST SP 800-171

    NIST 800-171 refers to the National Institute of Standards and Technology Special Publication 800-171, which governs Controlled Unclassified Information (CUI) in Non-Federal Information Systems and Organizations. It is essentially a set of standards that define how to safeguard and distribute material deemed sensitive but not classified.

  • What is the releationship between NIST SP 800-171 and CMMC?

    The intent of the CMMC is to combine various cybersecurity control standards such as NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 27032, AIA NAS9933 and others into one unified standard for cybersecurity. In addition to cybersecurity control standards, the CMMC will also measure the maturity of a company’s institutionalization of cybersecurity practices and processes.

  • How will CMMC be different from NIST SP 800-171?

    Unlike NIST SP 800-171, CMMC will implement multiple levels of cybersecurity. In addition to assessing the maturity of a company’s implementation of cybersecurity controls, the CMMC will also assess the company’s maturity/institutionalization of cybersecurity practices and processes.

Industry news, articles, announcements and intelligence

We strive to stay up-to-date with the latest industry news and insights from mulitiple reputable sources.

  • 'Wartime' Security Mentality Revisited
    SOURCE: Information Media Group and InfoRiskToday.com

    Five years ago, cybersecurity executive Dave Merkel called upon business enterprises to shed their "peacetime" mindsets and adopt a "wartime" stance against persistent cybercriminals and nation-state actors. How have they risen to that challenge?

    In this recorded interview about the cyber wartime mindset, Merkel discusses:

    • The evolution of threats and threat actors;
    • How enterprises have become better educated and prepared;
    • How defenses MUST continue to evolve with the shifting threat landscape.
  • Average Ransom Payment Has Increased by 104%

    The average ransomware payment more than doubled in the fourth quarter of 2019, jumping from $41,198 in the third quarter to $84,116, making these already damaging cyber events even more devastating for organizations, according to new research from Coveware.

    The firm’s Fourth Quarter Ransomware Marketplace report, which collects anonymous ransomware data from cases handled by its Incident Response Platform, found that the average ransom payment increased by 104 percent to $84,116, up from $41,198 in the third quarter.

    Smaller firms also continued to be at risk, with ransomware as a service variants such as Dharma, Snatch and Netwalker blanketing the small business space with a high number of lower demands

  • Why Penetration Tests Are So Essential
    SOURCE: Info RIsk Today

    Most data breaches (are costly to remediate and expose a company to lawsuits and regulatory fines) are frequently the result of vulnerabilities that could have been fixed for a relatively low cost if they had just been indentified early. One of the most effective ways to identify vulnerabilities is to conduct a risk assessment and penetration testing.

    Steven King, Director, Cybersecurity Advisory Services, Information Security Media Group addresses why spending a relatively small amount to ensure that known vulnerabilities and protection gaps are addressed is, indeed, a good investment.

  • Small business group launches cyber certification classes based on Pentagon's proposed model

    The Amercia's Small Business Development Centers (powered by the Small Business Adminstration) introduces Cybersecurity First Steps program. SBDC's are helping small businesses prepare for the CMMC and secure thier business. The effort will include contractors from the defense industrial base but will be also be focused on assisting all types of small businesses in the USA. This article from Inside Cybersecurity provides an overview of this important program to help secure the U.S. supply chain and help protect all U.S. small businesses.

  • Welcome to 2020 - the Decade of Cyber Disorder

    The Wall Street Journal describes the next 10 years as the upcoming "Decade of Cyber Disorder".

    " ... 2020 rushes in the decade of dissemination of false and damaging information, rising inequality between the digital haves and have-nots, and the growing number of cyberattacks, theft of personal data and identity fraud."

  • Fake Coronavirus Messages Spreading Emotet Infections
    SOURCE: Data Breach Today

    Cybercriminals are using fake email messages about the coronavirus to spead the Emotet Trojan and other malware, according to reports released this week by IBM and Kaspersky.

White papers and reports

Published by Industry Vendors, Cybersecurity Companies, Associations, the Goverment and others

  • AT&T Cybersecurity Insights™ Report: Security at the Speed of 5G

    Security leaders understand 5G technology is on the horizon. Are you prepared for the cybersecurity implications from the new technologies and explosion of IoT devices 5G will bring?

    The AT&T Cybersecurity Insights Report: Security at the Speed of 5G is well positioned to explore these questions and challenges.

    Download this free report to learn the current posture and plans of the cybersecurity industry as they relate to the impact of 5G.

  • National Defense Industrial Association (NDIA) Paper RE: "The Role of Cyber and Data Breach Insurance for DoD Contractors."

    A new paper was recently published examining the role of cyber and data breach insurance in the current regulatory conversations surrounding cybersecurity.

    This document is for small and mid-sized businesses who are considering acquiring cyber and data breach liability insurance to protect themselves against the increasing velocity and complexity of cyber and data breach attacks.

    It is also for larger businesses and governments to help them understand the value of the insurance for their contractors and extended supply chain members.

Free Consultation

We would love to hear from you!