Tungsten Group LLC

Some good info from our friends at Conpass IT Compliance.

We will be conducting a February ICS 705 Introductory Course. This is an online course that provides students with an understanding of the ICS 705 requirements, key players, and terminology used in SCIF/SAPF construction. This course is designed for novices, experienced professionals wanting a refresher, and anyone leading a team building a SCIF or SAPF. For more information please visit us at tungstengroupllc.com.

Handling insider threats can be complex, and organizations often make several common mistakes. Here are some to watch out for: 1. Lack of Awareness and Training Mistake: Not providing adequate training to employees about the risks and signs of insider threats. Solution: Regularly conduct training sessions to educate employees on recognizing and reporting suspicious activities. 2. Inadequate Access Controls Mistake: Allowing employees access to more information than necessary for their roles. Solution: Implement strict role-based access controls (RBAC) and regularly review access permissions. 3. Ignoring Behavioral Indicators Mistake: Failing to monitor and analyze user behavior for anomalies. Solution: Use behavioral analytics tools to detect unusual activities that could indicate an insider threat. 4. Poor Incident Response Planning Mistake: Not having a clear, actionable incident response plan in place. Solution: Develop and regularly update an incident response plan that includes specific steps for handling insider threats. 5. Overlooking the Human Element Mistake: Focusing solely on technological solutions and neglecting the human factors. Solution: Foster a positive organizational culture where employees feel valued and are less likely to become insider threats. 6. Failure to Conduct Regular Audits Mistake: Not performing regular security audits to identify vulnerabilities. Solution: Schedule regular audits to ensure compliance with security policies and identify potential weaknesses. 7. Inconsistent Enforcement of Policies Mistake: Inconsistently applying security policies and disciplinary actions. Solution: Ensure that security policies are consistently enforced and that any violations are addressed promptly and fairly. 8. Neglecting Post-Incident Reviews Mistake: Failing to conduct post-incident reviews to learn from past incidents. Solution: After an incident, perform a thorough review to understand what went wrong and how to prevent similar issues in on. Tungstengroupllc.com

We still have availability in our ICS 705 Basic Course 28-29 Oct 2024. This course is 100% online and provides an overview of the ICS 705 Tech Specs. Students will gain an understanding of why we build SCIFs and SAPFs, the key personnel required, what the ICS 705 is and its contents, along with the workload associated with taking on these projects. We gear this course towards security professionals from the novice to the experienced professional needing a refresher and is also beneficial for leaders supervising security personnel. For more information: https://lnkd.in/ejpiuuH2

All organizations can attribute inadequate password behavior to poor SETA or improper practices. Both issues can be resolved through self assessments and building first class SETA programs. https://lnkd.in/gp7P6_uh

This isn’t good… https://lnkd.in/eskZuxwN

SECDEF Memo on WIDS Systems: A memo from the Secretary of Defense (SECDEF) issued on June 30, 2023, has significant implications for SCIFs and SAPFs. The memo mandates the implementation of Wireless Intrusion Detection Systems (WIDS) to enhance security. By September 30, 2023, users of SCIFs and SAPFs were required to certify compliance with policies prohibiting the use of electronic devices in these spaces. Systems for detecting and countering potential breaches must be in place by September 30, 20241. Is your facility compliant? https://lnkd.in/ekP7w29p

Supply chain integrity is becoming more and more important. Electronics are smaller & cheaper than in the past. We all are much more dependent on them. RMF assessments are now taking this into consideration and we must be able to answer in order to obtain ATOs. But keep in mind, this shouldn’t be just a federal government concern. Businesses need to understand where their equipment came from and the risks associated with it. We should all ask who is watching us? Who is listening to us? https://lnkd.in/d_KcYrGz

How safe is your supply chain? https://lnkd.in/gDjPHbvn

We still have availability in our ICS 705 Basic Course 28-29 Oct 2024. This course is 100% online and provides an overview of the ICS 705 Tech Specs. Students will gain an understanding of why we build SCIFs and SAPFs, the key personnel required, what the ICS 705 is and its contents, along with the workload associated with taking on these projects. We gear this course towards security professionals from the novice to the experienced professional needing a refresher and is also beneficial for leaders supervising security personnel. For more information: https://lnkd.in/ejpiuuH2