{"id":201233,"date":"2026-04-01T08:00:00","date_gmt":"2026-04-01T12:00:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/01\/disruptive-by-design-the-lie-we-tell-ourselves-about-cybersecurity-ownership\/"},"modified":"2026-04-01T08:40:14","modified_gmt":"2026-04-01T12:40:14","slug":"disruptive-by-design-the-lie-we-tell-ourselves-about-cybersecurity-ownership","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/01\/disruptive-by-design-the-lie-we-tell-ourselves-about-cybersecurity-ownership\/","title":{"rendered":"Disruptive By Design: The Lie We Tell Ourselves About Cybersecurity Ownership"},"content":{"rendered":"<p><a href=\"https:\/\/www.afcea.org\/signal-media\/cyber-edge\/disruptive-design-lie-we-tell-ourselves-about-cybersecurity-ownership\">Disruptive By Design: The Lie We Tell Ourselves About Cybersecurity Ownership<\/a><\/p>\n<p><a href=\"https:\/\/www.afcea.org\/signal-media\/cyber-edge\/disruptive-design-lie-we-tell-ourselves-about-cybersecurity-ownership\">https:\/\/www.afcea.org\/signal-media\/cyber-edge\/disruptive-design-lie-we-tell-ourselves-about-cybersecurity-ownership<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-01 08:00:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.afcea.org\">www.afcea.org<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. Organizations instinctively assign complete cybersecurity ownership to information technology (IT). Multifactor authentication, phishing drills, security awareness training and virtual private networks are all visible markers of a \u201cserious\u201d program, and they all live within the IT function. Frameworks like NIST SP 800-171, developed to safeguard sensitive defense information across the defense industrial base, reinforce that perception. Many of the required controls are technical in nature and are implemented by IT teams. It\u2019s no surprise, then, that organizations assume cybersecurity belongs there.<\/p>\n<p>But that instinct has created a structural blind spot.<\/p>\n<p>Even within the access control family of NIST 800-171, typically considered highly technical, some requirements have little to do with configuring systems and everything to do with how an organization behaves. One example is the requirement to control information posted on publicly accessible systems.\u00a0<\/p>\n<p>On paper, \u201cpublicly accessible systems\u201d sounds like an IT responsibility. In practice, it rarely is. Most organizations rely on their marketing, Human Resources (HR) and recruiting teams, and sometimes third-party contractors, to manage websites, social media platforms, job postings and public announcements. These teams routinely publish contract awards, employment opportunities and program details. Within the defense ecosystem, those announcements can signal capabilities, mission support activities or emerging technologies directly tied to national security efforts. It is not unreasonable to fear that Federal Contract Information (FCI) or even Controlled Unclassified Information (CUI) could easily be included in one of these announcements. IT usually plays only a small role in monitoring or interacting with these systems or platforms.\u00a0<\/p>\n<p>From a Cybersecurity Maturity Model Certification (CMMC) assessor\u2019s perspective, the requirement itself is straightforward: organizations must ensure that sensitive information is not placed on public-facing systems, but if so, they must have a process to identify and remove it. That demands more than technical controls. It requires a review process. It requires clearly designated points of contact. It requires personnel trained to recognize FCI and CUI before they post content, not after.<\/p>\n<p>This is where the broader issue becomes clear.<\/p>\n<p>While every department can influence cybersecurity risk, those most engaged with the public (marketing and HR in particular) are more likely to face scenarios that could impact the organization\u2019s security posture. They may inadvertently post sensitive information, especially if they have not received CUI training, because they are not considered technical CUI users. Contracts and purchasing teams also face risk when interacting with competitors or vendors who may have vested interests in gaining inside information to advance a sale or contractual opportunity.<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Disruptive By Design: The Lie We Tell Ourselves About Cybersecurity Ownership https:\/\/www.afcea.org\/signal-media\/cyber-edge\/disruptive-design-lie-we-tell-ourselves-about-cybersecurity-ownership Publish Date: 2026-04-01&#8230;<\/p>\n","protected":false},"author":1,"featured_media":201234,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.afcea.org\/sites\/default\/files\/styles\/medium\/public\/2026-03\/DxDcyberimage_APR26.jpeg?itok=GrbqfX1U","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,25],"class_list":["post-201233","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-phishing"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/201233"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=201233"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/201233\/revisions"}],"predecessor-version":[{"id":201235,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/201233\/revisions\/201235"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/201234"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=201233"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=201233"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=201233"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}