MNS Group, the trusted source for managed services, cybersecurity, and compliance services for government contractors, has announced today the achievement of both ISO 27001:2013 and ISO 9001:2015certifications. “We are proud of this achievement: it confirms that MNS Group maintains the highest standards for security information management and quality, and has been audited against the most rigid security and quality standards in the industry,” said Margaret Jacks, COO at MNS Group. ISO 27001:2013 is internationally recognized as the most stringent standard for information security management. Established by the International Organization for Standardization (ISO), 27001 is a comprehensive security management standard that specifies a set of best practices and controls. ISO 9001:2015 sets the criteria for quality management systems and is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach, and continual improvement. These certifications follow security best practices MNS Group previously adopted including SSAE 18 SOC2 controls. The newly-achieved ISO certifications further cement MNS Group’s ongoing commitment to the security, confidentiality, and high availability of its services. “These certifications provide an additional assurance to our valued clients when evaluating the quality, breadth, and strength of our security and business practices,” said Tobias Musser, CEO of MNS Group. “We consider the trust of our customers to be a critical success factor for the company. Adhering to the industry-leading security standard and quality management best practices makes us a better company in addition to building the confidence of our customers.” MNS Group’s certifications demonstrate that Information and Information Security requirements are aligned with MNS Group’s goals and strategic...Read More »
If you don’t have appropriate security systems in place, just a single employee can unwittingly undermine your best efforts in cybersecurity.
A comprehensive security system is vital to derail a potential attack vector, the path of a cyberattack. Good security control starts with understanding data security versus system security and how both help address security threats.
What Is Data Security?
Cybersecurity involves data protection, such as data privacy, integrity, and access control, according to the International Organization for Standardization (ISO).
Examples of Data Security
The international standard for information security, ISO 27001, lists fourteen domains to consider in the protection of sensitive information, such as financial data, intellectual property, or employee details. Some examples of data security include the following:
- Two-factor authentication
- Strong passwords
- Data encryption
- Biometric verification, such as fingerprint authentication
Core Elements of Data Security
You can think about data protection using the CIA triad. The letter C stands for confidentiality, meaning only authorized people can access sensitive data. The I stands for integrity, data consistency and accuracy. The A, for availability, refers to how easily authorized parties can access confidential data.
What Is System Security?
A system security plan includes network security with an eye toward cloud computing.
Common Types of System Security
A common device of system security is a firewall, which monitors network access and should thwart a potential network attack.
On a more complex level, public key encryption encodes two distinct digital keys that work together to prevent unauthorized access to information. Network users must have both keys to access information.Read More »
I admit it- I am spoiled by Amazon. While I purchase locally when I can (Instacart, Grubhub, Doordash, Shipt, and such when I cannot go out in person) I also appreciate being able to procure a hard-to-find item and have it delivered in sometimes only a few hours.
Other industries that compete with Amazon have worked hard in recent years to catch up with the fleet-footed fleet of smiling vans. All companies on the fulfillment- side of the tech supply chain are suffering since the advent of COVID-19, and so are the hope and dreams of all would-be technology buyers. Since the shutdowns of 2020, our clients have seen radical changes to how quickly machines arrive at their offices: what may have taken at most a week to fulfill now can take multiple months to deliver. Ouch.
Large scale organizations with immense buying power are even having trouble obtaining the technology items they need- the bottleneck at manufacturers has yet to move. What is the strategy for small and midsized businesses to procure laptops, docking stations, monitors, and, well, anything with a chip so they can keep working? We have a few thoughts.Read More »
MNS Group has been selected as a Candidate Cybersecurity Maturity Model Certification (CMMC) Third-Party Assessor Organization (C3PAO) by the CMMC Accreditation Body. Only C3PAOs are authorized to conduct CMMC assessments. MNS Group has the C3PAO Candidate designation until the DoD performs a Level 3 audit of our company. We will be able to conduct a CMMC Assessment as an Authorized C3PAO for the Organization Seeking Certification (OSC) after receiving our audit.Read More »
The US Government is urging organizations to mandate MFA (Multi-factor Authentication) to protect against threat activity by Russia’s Foreign Intelligence Service (SVR). The FBI, the Department of Homeland Security (DHS), and the Cybersecurity & Infrastructure Security Agency (CISA) have put out a special joint advisory warning government agencies, information technology companies and other policy analysis groups to prepare for against attacks from APT29, a threat group that they describe as working for the SVR. This notice comes on the heels of the Biden administration’s formal attribution of the SolarWinds attack and targeted attacks on COVID-19 research facilities to SVR.
MNS Group advises organizations to implement MFA as an integral part of a unified cybersecurity program. The increase in complexity and sophistication of cyber-attacks on businesses and organizations of all sizes warrants the analysis and expansion of cybersecurity policy to mandate MFA as a bare minimum. If you are curious about ways to implement MFA into your programing, join us on May 27 or June 22 in our Security Basics Webinar series, MFA: The Biggest Bang for your Security Buck. Sign up today.Read More »