SBDC Virtual 2021

Sponsors / RightExposure


Excited to chat with you. 

Social Media

Contact

Charlie Tupitza

ctupitza@RightExposure.com

703 989-8777

 

https://www.RightExposure.com

RightExposure

Welcome Advisors!

We support you to help clients with cyber and data protection products and services aligned with the North Star CMM 

You have an important role to help businesses protect their data and the data entrusted with them by others.  We can help you.

UPDATE Thursday December 2021:  The information in the slide deck on the ASBDC website titled Level 1 North Star CMMC is not correct and misleading.  Please ignore it.  The information in the other slides that attempt to represent the CMMC are out of date.  Each may cause clients to do things that are not inline with the CMMC.

 

North Star CMM

As the original author of North Star CMM, I suggest there is some confusion.

The CMM associated with this should represent the clarifications associated with the Department of Defense CMMC.

Some have provided their own interpretation of the practices vs utilizing the clarifications found within it as I and others suggest.  Using personal intrepretations will confuse the client and could potentiall lead them to a misiterpretation of if.

Businesses and Advisors Need a Direction

Small businesses need a North Star, representing a direction to protect their critical information and information of others who entrust them with theirs. 

By taking advantage of the work of the Department of Defense articulated in the Cybersecurity Maturity Model Certification (CMMC), you can take advantage of the broad number of organizations set up to support it.  North Star CMM drops that last C to focus on the implimentation of the model.  Many businesses will not seek formal certifiction but having a path to it is important.

Scenario

Imagine your client standing in front of a judge after a breach of data or finding critical information unavailable from ransomware. The judge may be an angel investor, a senior member of management, a judge in court, or the market they serve.  They must be prepared to respond to what they did to protect the information entrusted to them.  The legal profession addresseses this as the duty to care for this information.  A good answer is "by following the Cybersecurity Maturity Model provided by the Department of Defense to protect critical information."

Caution

There are many voices.  Keep things simple for your client.  Put them on a path that is measuable vs a collection of good ideas from vendors.   By following the model you will find an entire industry of product and service organiations aligned to support you and your client.   Your client will be able to move at their own pace and see progress. 

How do we make this even easier to understand for you and the client?  

Ransomware and Phishing

Mapping has been compleated from the Ransomware and Phishing Guidance from a joint document by the FTC, DHS, NIST, and SBA to North Star CMMM.  Many business owners understand the impact of Ransomware, and some Phishing.  Leading with Ransomware and showing how it aligns with North Star CMM makes it easier for them to take advantage of North Star CMM to move them forward.

The FTC has given permission to add the ASBDC or your SBDC logo to this joint document.  Using this guidance and its mapping back to the North Star CMM provides clients with a clear direction to protect themselves. Product and service providers can map their offerings to this need reducing conversational friction between them and your clients.  See Ransomware download below.

 

Multifactor Authentication

During a recent hearing of the Small Business Committee of Congress, people testifying mentioned that Multifactor Authentication should be a priority for businesses.  I reserve judgment on this, but the above mapping to Ransomeware and Phishing gives the advisor a way to address Authentication as part of an overall Ransomeware protection plan mapped to North Star CMM. This gives the client the ability to move vertically with a more mature approach for Authentication and horizontally to be exposed to other important considerations. 

 

SBDC Advisors Have a Critical Role

Small businesses are confused and are at high risk.  Protecting critical information must be considered during their overall Risk and Opportunity management.  Opportunities are created when a business protects critical information.  Your clients need to have a North Star. To learn more about how you can help your clients and get related training please contact us soon for a brief discussion.

 

 

 

 

--------------------------------------------------------------------------------------------------------------

A little about Charlie Tupitza

 

Actively engaged with the federal government and private sector: 

An active member in the Critical Infrastructure Cybersecurity Forum for eight years representing small businesses. 

An active member of the Software and Supply Chain Assurance Forum hosted by the GSA, DHS, NIST, DoD for nine years.

Charter member of two of the US Presidential Policy Directive 21 Cybersecurity working groups.

Former lead consultant to Americas SBDC CEO for cybersecurity and lobbyest. The originator of ASBDC's North Star CMM and Secure Towns.

 

Charlie Tupitza ctupitza@RightExposure.com   703 989-8777 

 

 

 

 

Visit us at : RightExposure.com

https://www.rightexposure.com

Downloads

FTC, SBA, NIST, DHS Ransomware and Phishing Guidance