Podcast: Do I Need A Compliance Framework?

Vivian Lee

Episode Summary

Meet Rob Carson, the Founder and CEO of Semper Sec, a cybersecurity consulting company. Rob, a Marine Corp Veteran, excels at assisting businesses in designing and implementing effective Information Security and Compliance Programs. He also hosts the highly regarded Blue Team Warriors podcast, which celebrates the remarkable work of IT departments.

Compliance Framework

In this episode, Rob dives into compliance frameworks like:

  • NIST (National Institute of Standards and Technology)
  • ISO (International Organization for Standardization)
  • SOC (Service Organization Control)
  • FedRAMP (Federal Risk and Authorization Management Program)
  • TX RAMP (Texas Risk Assessment and Management Program)
  • Arizona RAMP (Arizona Risk Assessment and Management Program)

Semper Sec takes pride in their expertise in guiding businesses through the complexities of these frameworks, tailoring them to meet specific organizational requirements. Although not all frameworks are mandatory for all companies, many companies choose to embrace them to meet customer expectations. Compliance frameworks enable companies to prioritize, manage risks, gain insights, and make informed security decisions.

Implementing a framework offers a key advantage by preventing impulsive decision-making based solely on marketing or sales pitches. It’s important to remember that what works for one company may not be applicable to another.

Government Framework

Various frameworks have emerged to address comprehensive security needs and establish standardized best practices. ISO and NIST frameworks, for example, offer flexibility and allow customization based on risk profiles. Commercial entities commonly adopt SOC 2 and ISO, while FedRAMP targets cloud service providers selling to the federal government. Additionally, state-based frameworks like TX RAMP and Arizona RAMP have gained prominence. Compliance with NIST 800-171 and CMMC is crucial for federal government vendors handling CUI or offering cloud services.

Tips to Keep In Mind

Throughout the discussion, Rob emphasizes a few important considerations for customers:

  • Secure leadership buy-in: The key to the success of moving framework implementation up in speed is top management commitment.
  • Tailor your message: When engaging with your executive team, focus on the business impact and financial aspects of security rather than getting lost in technical jargon.
  • Consider partnering up: Sometimes, seeking assistance from a reliable partner can be beneficial, particularly when IT teams face overwhelming challenges like employees misusing company devices or software.
  • Patience with implementation: Implementing a comprehensive program takes time. Organizations can only absorb a certain amount of change at a time, and initial perfection shouldn’t be expected when launching a program.

These tips from Rob provide valuable guidance for businesses aiming to enhance their compliance framework efforts. Keep them in mind as you navigate information security and regulatory requirements.

Video Version

Listen to more episodes at www.airiam.com/podcast, on Spotify, Apple Podcasts, Google Podcasts, Amazon Music, and other podcast platforms.

New Resources In Your Inbox

Get our latest cybersecurity resources, content, tips and trends.

Other resources that might be of interest to you.

Airiam and Cybereason Partnership

Airiam and Cybereason Partner to Offer Stronger Incident Response and Enhanced Cybersecurity Airiam, a managed IT and Digital Transformation company with a strong focus on cybersecurity, today announced a partnership with Cybereason that will enhance p
Avatar photo
Bill Bowman
>>Read More

Free Penetration Test

A penetration test, also known as a pentest, is an authorized simulated attack on a computer system that is performed in order to evaluate the security of the system. A penetration test gives companies information on what weaknesses exist in their IT a
Avatar photo
Bill Bowman
>>Read More

Strong Passwords Are Strong Defense Against Cybercrime

You may have seen the game show Password, where one partner gives clues and the other guesses the secret word. With the right hints, it’s easy for the guesser to get the password right. The same holds for cybercriminals trying to hack into your network
Avatar photo
Ryan Palermo
>>Read More