Today, CYBERONE SECURITY is delighted to share this post about the re-emergence and importance of SOC 2 Certification for business, from Cheri Hotman-MBA, CPA, CISSP, Owner Principal of Hotman Group. In this article, Cheri discusses the impact of SolarWinds on cybersecurity practices and the subsequent value and affordability of SOC 2 Certification to accelerate the sales pipeline and demonstrate comprehensive security and privacy practices. #AICPA #SOC2 #compliance #cyberattack #cybersecurity #grc #CyberOne

The Hotman Group and CyberOne Security have more than 50 years combined experience delivering risk and compliance management and SOC 2 Certification to companies of all sizes. Trust your…

for achieving Certification at some point in the future…

Read it here or below

Whether you’re a Formula 1 expert or Learner driver on the Information Security Certification Super Highway (!), you should be aware of the Cybersecurity Maturity Model Certification — CMMC. If you are a Federal Prime or Sub-contractor, and, more to the point, if you are a DIB (Defense Industrial Base) Contractor, you might be lost on that Highway right now! Never fear! No need to download anymore “free guides to CMMC Certification” (like, errr. this one!)

Here is your map to CMMC Certification!

Step 1: Take The Shortcut

For you Netflix addicts (who isn’t after this year?)…

Privacy versus Security is a trust versus zero trust game! CyberOne says, there can be no privacy without security. So, trust starts with zero trust, obviously…

In a time where privacy has been elevated to a Royal topic, I spent the day/week/month perusing articles about privacy to see what, if any, common themes arose. By far the all-pervading subject of choice can be boiled down to a single, one-syllable, mighty word…


A principal objective for B2C and B2B customers, “Trust” is the pot of gold at the end of the privacy rainbow. Without trust, consumers are lost and companies will not share or fulfill valuable data requirements. Meanwhile, outside of the privacy circles, where the SolarWinds blow, the government is moving hastily towards a “Zero Trust” security posture. Are they really opposites?

At CyberOne, we freely bandy the phrase “ there is no privacy without security”. In the world of Privacy, Trust and Zero Trust might just mean the same thing!

Yes, you are living in an episode of Alias!

As a consumer-human, or company that has or uses personal information, you may be surprised/skeptical/afraid (opt-in or opt-out accordingly — that’s a privacy joke!) to hear this… Have no fear, or, actually have fear, and from fear there will come no fear, if this is done right! Fear is healthy. It prompts caution, which is the path to security. For example, if you have read the latest from Mr. …

CyberOne now offers integration with Nexpose for a full vulnerability management lifecycle.

Choose CyberOne for fast easy, affordable integration with Nexpose (Rapid7).

Build your Vulnerability Management program on CyberOne’s modern Saas full suite GRC platform.

Identify, Assess, Report, Remediate, Verify.

Implement controls to prevent recurring issues.

Choose CyberOne with Nexpose for Vulnerability Management. CyberOne is a full suite GRC automation platform offering integrated risk management for teams of all-sizes from 1+. We specialize in the SMB market, companies with up to $500 million annual revenue, and those who aspire to get there!

Start Now for just $350 per month!

It’s so easy with CyberOne

Have you completed and submitted your CMMC required 800–171Control Self Assessment and SSP to the SPRS?

Federal contractor or subcontractor? Are you currently exploring, or getting lost among the CMMC Certification landscape?

Today, we provide a step-by-step guide, and, affordable solution for each step in the process.

Who’s (Whose?) on CMMC First?

Let’s begin with the landscape…

Who requires and who needs CMMC Certification?

How do we get it?

How do we maintain it?

How do we build a budget for it?

What is the CMMC required NIST 800–171 Control Self Assessment and SSP for SPRS?


CyberOne Security — Modern SaaS GRC Automation

Author: Steven (Ryan) Corbin, Software Engineer at Virescit Tactical Systems


“Ransomware” and “data breach” have quickly become common terms throughout the realm of Cyber Security, and data is becoming the currency of the 21st Century. Companies’ data storage is constantly under attack by bad actors, looking to turn vulnerabilities into profit. Recently we have seen attacks that have resulted on losses of data and intellectual property through misconfigured databases and Virtual Private Networks (VPNs). Kraken group, a cyber-crime threat actor, has been selling a script to exploit misconfigured databases1.

On July 1, 2020, Zero Day reported, 23,000 misconfigured…

The Department of Defense (DoD) recently released an interim rule concerning implementing its Cybersecurity Maturity Model Certification (CMMC) framework. The rule announces two major updates of interest to DoD suppliers (DIBS — Defense Industrial Base Suppliers).

CyberOne can help you automate and achieve and maintain CMMC Certification with complete confidence. We can provide you and/or your supply chain with a NIST 800–171 Assessment, and our best in class SaaS GRC automation platform comes with policy templates mapped to CMMC, control build and implementation guidance, and the CMMC regulatory controls pre-crosswalked to NIST 800–171, 800–53, CSF and CIS v7.0. Contact us for more information.

CMMC Requirement Added to DoD contracts

The interim rule also includes a clause for adding CMMC as a requirement in a DoD contract beginning on November 30, 2020.

NIST 800–171 Assessment

DoD’s increased requirements for confirming that contractors are currently in compliance…

Today CyberOne discusses the difference between a risk and a finding, or issue, and the need for both a risk register, issue management, and continuous monitoring… You got Issues? We’ve got you covered!

It seems like it’s that time of year again, or should I say, “when isn’t it that time of year” for auditors. My team has been busily working with a number of clients on readiness and surveillance audit preparation for SOC 2, ISO 27001 and in some cases both — not for the faint of heart, unless you have a tool like CyberOne of course (forgive the shameless plug)!

Your audit requirement for a risk management program is that it provides a comprehensive evaluation of risk and issue management, requiring you to demonstrate management of all known risks and issues…

ISO Certification made easy with CyberOne GRC

CyberOne SaaS GRC Automation

Are you either planning or already in the throes of ISO Certification?

More and more companies are turning towards ISO or AICPA’s SOC certifications to meet the security requirements of their customers and global commerce today.

This article will help you meet the integral step of developing the required Risk Treatment Plan. Whether it’s a priority for your company to build a strong security program or you’re driven by external forces, ultimately, the sooner you start creating your risk treatment plan, the better off you’ll be in front of regulators, customers, or even investors. So, read on…

Your Risk Treatment plan documents your organization’s response to identified threats and your methodology or process behind making those decisions. It is, therefore, different or specific to each organization, but here are some keys to implementation that should work for all of us.

When correctly implemented, your plan will both help you identify which battles to fight (first). It is highly unlikely that you will be able to implement controls for every identified risk to your organization. Rather, you will need to prioritize and to do this, here are the key steps to follow:

Step 1…

CyberOne Security

CyberOne is modern SaaS GRC automation for all-size companies. For CMMC, SOC 2, ISO, HIPAA compliance, risk, vendor, issue, incident management and more.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store