PCI DSS, Privacy

TokenEx and Truvantis: A Combined Solution for Uncompromising Security

Modern organizations must collect and store sensitive personal and payment data to process payments, compile analytics, and enable users to get the most out of their digital experiences. However, the systems and processes necessary to protect these sensitive data sets introduce

Read More

PCI DSS, CISO, vCISO

Use a vCISO to Achieve and Maintain PCI DSS Compliance

PCI is a strong security Framework. If you are a business owner, you have probably heard about the PCI DSS (Payment Card Industry Data Security Standard). All organizations that store, process, or transmit payment card transactions must adhere to

Read More

PCI DSS

Content Security Policy (CSP) HTML Headers

A number of years ago I was trying to renew my subscription to a well-known antivirus tool and found that there were 37 different URLs invoked on the checkout page, including two with .cn TLDs. Needless to say, the renewal didn’t happen.

Read More

SOC2, vCISO

SOC 2 and Other Security Compliance Merit Badges

Whether or not you are a tinfoil-hat wearing paranoid, you need a strong cybersecurity posture to support sales! These days most of your customers will ask you to demonstrate your security profile in one form or another. The fact is that most, if

Read More

PCI DSS

PCI DSS Training Requirements

The PCI DSS standard ostensibly only has a few training requirements which, in my experience, most organizations do a good job of keeping up with. However, there are some not-so-obvious teams which get regularly overlooked with regard to training.

Read More

CISO, vCISO, Security Program, Privacy

How to Achieve Cyber Security Peace of Mind for your Small Business

Small businesses, including start-ups, need a cybersecurity and privacy program, period. It is a matter of driving sales, client trust, as well as ensuring financial, employee, and other data integrity over the whole business, to manage risk. The

Read More

SOC2, HIPAA, CIS Controls, Security Program

Reasons to choose CIS Controls for Cyber Security

Reasons to choose CIS Controls for your cyber security program  It started with a few select people in a room. It was called “Project Insight” by the NSA and DOD and its mission was simple, get some of the best cybersecurity minds into a room, and

Read More

HIPAA, Security Program, Privacy, CCPA

Does Privacy Shield's downfall signal the end of US-EU data transfers?

EU data protection and privacy requirements, currently established primarily in the General Data Protection Regulation (GDPR), generally restrict personal data transfers to a third country except where “where the [European] Commission has decided

Read More

Privacy, CCPA

Changes to CCPA for 2021

January 1, 2021 will be the one year anniversary of the California Consumer Privacy Act (CCPA) going into effect, at least in theory. Forced into existence through privacy activism and the threat of a state ballot initiative, it remains the first

Read More

SOC2, CISO, vCISO, Security Program

(Video) 11 Steps to Achieve SOC 2 Compliance

Are you looking to start your SOC 2 Audit for this year? Here is a video that will guide you through your first SOC 2 audit using 11 steps.  Overview Your customers have probably asked for your SOC 2 report, or it may be required to seal the deal on

Read More