FOR YOUR INFORMATION
Protecting Our Communities Through True Partnership
At the root of it all, cybersecurity is about community. It’s about working together to create a safer world. It’s about talking and building trust and creating solutions for growth. Kind of like a community garden—not enough would grow if you were the only gardener. But by working together, multiple gardeners can help get rid of the weeds and produce something fruitful.
Security is a public good. You don’t get as much of it if you try to only protect yourself as you do if you work to protect the whole community and others do the same.
—Tarah M. Wheeler
Since our founding, BARR has valued creating and nurturing a cyber-resilient community. Through the resources we’ve developed and partnerships we’ve established, we not only strive to provide the most up-to-date cyber information but also aim to work alongside organizations as true partners during their security and compliance journey.
As a partner, we value asking the right questions to deeply understand an organization’s specific needs. While we come with insight and expertise to guide you through the complexities of security and compliance, at the end of the day, it’s about working together to establish something that keeps us all protected.
Let’s take a closer look at how BARR serves as a true partner in the cybersecurity community through a few quarterly updates, recent findings, and the latest in cybersecurity best practices.
Upcoming Events
Service Line Spotlights: PCI DSS, HITRUST Assessments, Data Management Quarterly Highlights Hacker-Proof Headlines Verizon Data Breach Investigations Report Analysis BARR Belong Foundation A Word From Our Clients About Us
A cyBARR Quarterly Q2 2023 VOLUME 2
Work Smarter, Not Harder
HITRUST recently released CSF version 11, which added the e1 Assessment to its services and updated the i1 and r2 Assessments, allowing organizations to reuse work from lower-level HITRUST assessments and progressively achieve higher assurance by sharing common control requirements in inheritance. Now that’s something to put your (HI)TRUST in.
HITRUST Assessments Key Differences:
We’re All in this Together
Building and operating a data management plan can be time consuming and overwhelming. The good news is, you don’t have to go it alone. Here are some tips from Manager of Attest Services Dariek Howard on how he helps organizations build a data management plan.
Compliance doesn’t equal security.
We don’t mean to confuse you, but the two have important distinctions. Security is often defined as being safe from danger or threat. On the other hand, compliance is following standards and guidelines applicable to your organization—a way to communicate your security posture for others to understand.
Check out our recent blog on why compliance doesn’t equal security by Senior Associate Devin Olsen.
Swipe Away, Securely
Does your organization store, process, or transmit credit card information? In today’s business world, it only takes the swipe of a card or click of a button to process customer payments—and with any type of financial transaction lies the opportunity for cardholder data theft.
No matter the size of your business, if you deal with credit card information, you’ll want to comply with the Payment Card Industry Data Security Standard (PCI DSS) in order to avoid hefty fines, and most importantly, keep your customer’s data secure.
Learn how BARR’s PCI DSS services can help, and encourage your customers to swipe away!
Creating a Data Management Plan:
Understand what data you have and where that data lives.
Implement security controls in order of priority. Leverage the assets that process, store, or otherwise support the data within your environment. Understand your organization’s unique risks.
VOLUME 2 Service Line Spotlights
1
news you can use
[ICYMI] New SEC Requirements
The Securities and Exchange Commission (SEC) just adopted new rules to enhance and standardize cybersecurity risk management, strategy, governance, and incident reporting disclosure practices by public companies and other market entities The rules will have a sweeping impact on all public companies that are subject to the Securities Exchange Act of 1934 Read our whitepaper to learn more
[Hack of the Quarter] MOVEit Attacks
The mass hack of the file transfer tool, MOVEit, has impacted more than 200 organizations and up to 17.5 million individuals as of July 2023. Multiple federal agencies are among those affected, including the Department of Energy, Department of Agriculture, and Department of Health and Human Services. It’s believed the majority of schools across the U.S have also been targeted by the hack
[Some Good News]—Chat GPT’s New Privacy Feature
In March of 2023, OpenAI took ChatGPT offline for a few hours due to a breach that revealed the histories of direct personal identifiers Since then, OpenAI released a new privacy feature While issues like this are best avoided by addressing privacy risks during the design phase, creating new privacy features does signal to consumers the intent to do the right thing Read more about the new feature from Manager of Attest Services Julie Mungai.
barr's Verizon dbir analysis
In case you work in, say, education, retail, or even food services, the DBIR has you covered. Their industry-specific guides show top trends along with data that organizations can use to advocate for security and compliance solutions. Take a look to read more about your industry stats and cybersecurity patterns.
Business email compromised attacks have almost doubled and represent more than 50% of incidents in the social engineering pattern.
74% of all breaches involve human error.
83% of breaches involve external actors.
Financial motive is the reason for 95% of breaches.
24% of reported breaches involve ransomware, which remains a significant threat.
More than 32% of all Log4j scanning activities occurred within just 30 days of its release.
2
Read our summary of the 2023 Verizon Data Breach Investigations Report (DBIR)—an annual report examining trends in cyberattacks.
The DBIR has industryspecific guides.
You Belong with BARR
A Word From Our Clients
“Five million stars for BARR.”
Zingly, the customer relationship building platform, said, Not just five, but five million stars for BARR’s personal, professional, consultative approach to our SOC 2 engagement. BARR connected very well with our business and team. They collaborated with us in a way that not only made our SOC 2 activities enjoyable but also invaluable for our company and customers."
“We plan to stick with BARR.”
The corporate cloud performance management software, Solver, said, "We’ve always had a great experience working with BARR. We find everyone extremely knowledgeable, friendly, and professional. One of our largest partners has an audit division, and they’ve asked if they can partner with us on our audit. I’ve told them year after year, we plan to stick with BARR.
“BARR created a sense of partnership.”
OnRamp, a B2B onboarding customer platform, noted that "BARR created a sense of partnership, where everyone was very professional, courteous, and patient, making the entire process very comfortable. During the audit, follow-up questions were concise, and the overhead process was incredibly low for us given BARR’s experience and ability to interface with our compliance automation partner."
BARR’s about more than audits We also like to give back to our communities And when we say “we exist to create a more secure world,” we mean it in every way possible We want everyone to feel secure in who they are and where they live, which is why we created the BARR Belong Foundation
This year, BARR took our commitment to mental health awareness a step further Together, the BARR Belong Foundation and BARR’s Resource Groups joined the national movement to raise awareness about mental health, and during May, we challenged all BARR associates to move “One Mile a Day to Keep the Stress Away.” This year, associates logged nearly 400 miles collectively!
Jonnae Hill, director of associate experience and community engagement said, “We challenged our team to log one mile of movement every day in May—through walking, running, biking, roller skating—whatever activity that makes associates want to get out and move.”
Women represent 57% of BARR.
While the average representation of women in the cybersecurity workforce is 20%, at BARR, women make up over half of our team. We’re pretty proud of that!
#WomenInCybersecurity
associate spotlight
VOLUME 2
i would walk 400 miles
3
Upcoming Events
ISO virtual Open House
Typically,wehearoneofthreequestionswhentalkingto peopleaboutISOcertification:
“HowcanIhelpmyorganizationachieveISO certificationforthefirsttime?”
“WhataretheISOrequirementsandoptionsIhave formyorganization’sspecificneeds?”
“IhaveISOcertificationbutwillneedtore-certify Whatdoesthatprocesslooklike?”
WhileISOisoneofthemostthoroughcertificationsan organizationcanachieve,BARRisheretoguideyou throughtheprocess We’llbeansweringthesequestions andmoretohelpyougetstarted,gainclarity,and continuetheISOjourney.
Registertodaytosaveyourseat,andaskyourown questionsonAugust2
happy hour with anecdotes
BARRAdvisoryisteamingupwithanecdotestohosta summerwinetastingandin-personnetworkingeventin NewYorkCity
Hostedbytwoleadingcybersecuritycompliance solutionsproviders,theHappyHourwillconnect professionalswithaninterestinsecurityand compliance.Attendeeswillhavetheopportunityto connectwithlike-mindedprofessionalswhileenjoyinga selectionofwinesatthenationallyacclaimedOcean PrimerestaurantinManhattan
“Eventslikethesearejustonepieceofthelongstanding partnershipbetweenBARRandanecdotes,”saidBARR AdvisoryHeadofBusinessDevelopmentVinceMaduri. “Together,weareproudtobeleadingthechargetoward greaterautomationincybersecurityandcompliance.”
PleaseRSVPtothiseventasspaceislimited!
4
VOLUME 2
1. 2 3
About Us
At BARR, we build trust through cyber resilience. Our mission is to protect the world's data, people, and information networks through a human-first approach to cybersecurity and compliance.
We specialize in cybersecurity and compliance for companies with high-value information in cloud environments like AWS, Microsoft Azure and Google Cloud.
How We Do It
By providing unparalleled service, following the data, and focusing on security first, we take a comprehensive approach for every client we serve.
BARR's Services
ATTEST CONSULTING
SOC Examinations
Healthcare Compliance (HITRUST, HIPAA)
Certification to ISO Standards
Privacy Assessments (i.e. GDPR, MIcrosoft DPR, CCPA, GLBA)
Government Assessments (i.e. NIST, CMMC, FedRAMP, DFARS)
Payment Card Industry (PCI)
Penetration Testing and Vulnerability Assessments
Virtual CISO (vCISO) Advisory
Policy and Procedure Documentation
Security Questionnaires
Risk Assessments
Vendor Assessments
Security Project Management
Connect with BARR
Want to learn more about BARR and how we can help your organization meet your security and compliance goals? Contact us today.
4
VOLUME 2
Twitter Facebook YouTube LinkedIn BARR Advisory: The Security You Need. The Compliance to Succeed. For all the latest BARR Advisory news, visit our website at barradvisory.com. Copyright © 2023 | BARR Advisory, P.A. | All rights reserved.
