Search
Close this search box.

Podcast: Do I Need A Compliance Framework?

Vivian Lee

Episode Summary

Meet Rob Carson, the Founder and CEO of Semper Sec, a cybersecurity consulting company. Rob, a Marine Corp Veteran, excels at assisting businesses in designing and implementing effective Information Security and Compliance Programs. He also hosts the highly regarded Blue Team Warriors podcast, which celebrates the remarkable work of IT departments.

Compliance Framework

In this episode, Rob dives into compliance frameworks like:

  • NIST (National Institute of Standards and Technology)
  • ISO (International Organization for Standardization)
  • SOC (Service Organization Control)
  • FedRAMP (Federal Risk and Authorization Management Program)
  • TX RAMP (Texas Risk Assessment and Management Program)
  • Arizona RAMP (Arizona Risk Assessment and Management Program)

Semper Sec takes pride in their expertise in guiding businesses through the complexities of these frameworks, tailoring them to meet specific organizational requirements. Although not all frameworks are mandatory for all companies, many companies choose to embrace them to meet customer expectations. Compliance frameworks enable companies to prioritize, manage risks, gain insights, and make informed security decisions.

Implementing a framework offers a key advantage by preventing impulsive decision-making based solely on marketing or sales pitches. It’s important to remember that what works for one company may not be applicable to another.

Government Framework

Various frameworks have emerged to address comprehensive security needs and establish standardized best practices. ISO and NIST frameworks, for example, offer flexibility and allow customization based on risk profiles. Commercial entities commonly adopt SOC 2 and ISO, while FedRAMP targets cloud service providers selling to the federal government. Additionally, state-based frameworks like TX RAMP and Arizona RAMP have gained prominence. Compliance with NIST 800-171 and CMMC is crucial for federal government vendors handling CUI or offering cloud services.

Tips to Keep In Mind

Throughout the discussion, Rob emphasizes a few important considerations for customers:

  • Secure leadership buy-in: The key to the success of moving framework implementation up in speed is top management commitment.
  • Tailor your message: When engaging with your executive team, focus on the business impact and financial aspects of security rather than getting lost in technical jargon.
  • Consider partnering up: Sometimes, seeking assistance from a reliable partner can be beneficial, particularly when IT teams face overwhelming challenges like employees misusing company devices or software.
  • Patience with implementation: Implementing a comprehensive program takes time. Organizations can only absorb a certain amount of change at a time, and initial perfection shouldn’t be expected when launching a program.

These tips from Rob provide valuable guidance for businesses aiming to enhance their compliance framework efforts. Keep them in mind as you navigate information security and regulatory requirements.

Video Version

Listen to more episodes at www.airiam.com/podcast, on Spotify, Apple Podcasts, Google Podcasts, Amazon Music, and other podcast platforms.

New Resources In Your Inbox

Get our latest cybersecurity resources, content, tips and trends.

Other resources that might be of interest to you.

Podcast: Staying Resilient During the Tech Industry Turmoil

Episode Summary Tech layoffs and banking failures have made the headlines recently. In this episode we cover how people in Silicon Valley and beyond can stay resilient in the face of stress. The episode first explores the human perspective of resilienc
Avatar photo
Bill Bowman
>>Read More

Defend Your Business During an Attack: Threat Actors Webinar

Defend Your Business: Webinar Summary Airiam and Eviden wrapped up the second of our Threat Actors webinar series! Art Ocain and Dwayne Robinson were great hosts walking us through a ton of information. Scenario On a normal Tuesday morning, you start u
Vivian Lee
>>Read More

Beware of Phishing Attacks via Microsoft Teams

Microsoft Teams Phishing Attempts Unfortunately, researchers at AT&T Cybersecurity recently uncovered a concerning trend: attackers are leveraging Microsoft Teams, a widely used communication platform, to execute phishing attacks. While many users