The latest information for media, analysts, and others interested in CMMI and process improvement.
The first post in our interview blog series based off of our Capability Counts 2020 Best Paper nominees! Learn about CMMI V2.0 and how it can help strengthen cyber compliance from Sara Deaton and Benjamin Luthy.
As CMMI V1.3 sunsets, this post looks back on why CMMI V2.0 was developed, and initial results from early V2.0 adopters.
Get an insider's perspective on the California Consumer Privacy Act (CCPA), and what has transpired in the short time it has been in effect.
In the height of the coronavirus pandemic, organizations are learning just how vulnerable their data is, and the need for data security. Read how your enterprise may be at risk and ways to solve the problem.
Experts base decisions and recommendations on the data and the trends that they reveal. A widely discussed issue lately is how to continue to allow businesses, public areas and other places to operate safely now that most are reopened or in the process of reopening? Decisions such as these should be driven by the most timely and reliable data.
Learn more about the DoD's CMMC and it's common activities in a way you've probably never heard before!
At what point do processes become persistent and habitual? We discuss this, and how the PAs II and GOV can help execute this in your organization.
In this post, you'll learn some insight into why we developed a new Practice Area for virtual delivery and dive into this PA's practices.
In this post, Ron Lear discusses learnings from virtual delivery of courses, appraisals, and more.
Introducing our new blog series "A Word from Our CMMI Chief Architect"! Click to read what to expect from this series written by Ron Lear, CHMLA, CMQ/OE, LSSGB, ISO Lead Auditor,
The global pandemic has impacted businesses on an unprecedented level. Five common cybersecurity dangers have gained greater importance since the start of the pandemic: cross-site-scripting attacks, phishing, subpar policy adherence, ransomware and denial of service attacks.
The worldwide pandemic has touched everyone at different levels. One of the challenges for organizations that has been underscored by the global pandemic is the increased need for a mature cybersecurity program, one which accounts for less controllable employee access, diverse platforms for business engagement and sundry hardware for operational access.
A recent Forrester report has identified that, in the last two years, more funding from security budgets has been dedicated to obtaining services over products. Further research supports that one of the main causes for the increase in service spending is lack of trained professionals and the ability to establish a proper framework in which to perform risk management. This trend may continue to grow as organizations scramble to address their deficiencies.
The cyber domain is a scary, yet necessary place for organizations and business to operate. Though threats lurk in every corner, security leaders can ensure that they are appropriately armored. Understanding that cybersecurity risk assessments and maturity measurements, not just simple compliance, are the piece of armor to which all other efforts connect will help organizations prepare for the eventual attacks they will face.
CISOs can benefit from thinking like successful venture capitalists. VCs are not looking at what has already happened in the market; they are trying to look ahead and anticipate what will come next.
Stop fighting the last battle instead of anticipating the ever-evolving cybersecurity threats most likely to come at them going forward.
What are the key organizational behaviors that support building a situationally aware, cyber-resilient culture?
What does it mean to be uncomfortable? It’s the hallmark of a forward-leaning culture of cybersecurity. It means habitually questioning, challenging and pushing your organization.
Compliance is only very good at solving one problem: compliance risk. Beyond that, it is informative but not very helpful when it comes to mitigating enterprise cybersecurity risk.
In today’s dynamic business environment, supply chains are more than just global and complex; they’re also continuously changing.
Successfully managing big services contracts is a juggling act. Make missteps and the jubilation over landing a big contract can quickly turn sour as the project degenerates into a money-losing nightmare.
Some performance-improvement challenges are universal, but each business is unique, with its own specific performance objectives—and obstacles.
Simply working with an agile coach to implement well-known ceremonies is not enough. Metaphorically, the leadership “operating system” needs an upgrade.
Five top challenges facing the realm of cybersecurity
This article includes an effective diagram that shows how cyber-risk management involves all parts of the organization.
How do you ensure alignment around your organization’s security needs and consistently build the capabilities needed to address the biggest risks?
The goal is to build cyber resilience: the ability not only to detect and block the threats that matter, but also to survive the attacks that prove unavoidable.
Understanding how to build organizational resilience is vital to deepening board confidence and support.
Even at the best-run companies, executives suffer sleepless nights wrestling with business performance issues. Oftentimes, the root cause is buried deep within their processes, or lack thereof.
2/3 of organizations that implemented a cybersecurity culture with employee buy-in said they reduced cyber incidents as a result.
Cybercrime is rising exponentially. And, taking a cold, hard, continual look at your organization’s capabilities is becoming a mission-critical imperative.
A data quality pilot project is a powerful opportunity for rapid capability building that can create lasting value for an organization.
Compliance is important, but it should be the natural by-product of a strong cybersecurity strategy, not the goal.
Bring structure and control to the chaotic and unpredicatable cybersecurity environment.
As high-profile breaches continue to hit the headlines, cybersecurity risk assessment remains a top concern for corporate boards.
In order to truly build cybersecurity resilience, organizations must continually evaluate their risks and capabilities.
Explore the organizational activities and changes that will give enterprise data management programs the best chance for success.
Data management programs can be hard to sell internally. How can you demonstrate the strategic value of data assets to leadership?
Patient demographic data quality issues are pervasive across the healthcare industry. The new Patient Demographic Data Quality provides the roadmap to improvement.