Threat Intelligence

Threat Intelligence: TraderTraitor, Maui Ransomware and the MSTIC H0lyGh0st

In the news recently,  more hijinks from our infamous foes, North Korean state-sponsored attackers; The evolving gang of thugs who brought us disruptive malware like the 'WannaCry' ransomware, colorful variants like 'SLICKSHOES,' 'CROWDEDFLOUNDER,' 'ARTFULPIE' 'BUFFETLINE,' ATM

Read More

Privacy, CCPA

Privacy Law Confusion and The American Data Privacy Protection Act

The American Data Privacy Protection Act currently making its way to the House floor is not just another privacy bill destined for failure. On the contrary, unlike past attempts, today's political climate is ripe for action in the wake of the

Read More

PCI DSS

How to Evade PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS) compliance can be expensive for financial institutions and transaction processors that cannot avoid touching cardholder data (CHD). However, ordinary merchants can reduce the scope with

Read More

HIPAA, Privacy, CCPA, GDPR

Building a Privacy Program that Works Across Jurisdictions

Privacy and security were historically two separate disciplines. However, over the years, the two have grown closer together. Moreover, as the landscape of privacy regulations continues to evolve, the most recent comprehensive privacy laws close

Read More

CISO, vCISO, Security Program, Risk Assessment, ISO27001

Three Steps to ISO 27001 Compliance

ISO27001 is the certifiable ISO standard that describes how to manage an Information Security Management System (ISMS) securely. 27001 is compatible with other standards and regulations, including SOX, GLBA and other cybersecurity regulations.

Read More

SOC2, CISO, vCISO, Security Program

Solving the Cybersecurity Skills Gap Challenge

All organizations face the challenges of new cybersecurity and privacy laws, a sharp increase in cybersecurity litigation, and the ceaseless evolution of ransomware and cyber-threats. As a result, mature risk management and IT security team have

Read More

SOC2, CISO, vCISO, Security Program

The Compliance Equals Security Disconnect

"Compliance is NOT Security" You hear this common lament from security professionals, "Compliance is not security." This remark has always sounded like an excuse to me. I suppose the reason is that most people who utter this phrase always seem to

Read More

SOC2, HIPAA, CIS Controls, Security Program

What does the CIS Controls Version 8 say about Pen Testing?

Independent penetration testing provides critical objective insights about vulnerabilities in organizational defenses and mitigating controls. As part of a comprehensive, ongoing security improvement, pen tests are required by recognized

Read More

PCI DSS, SOC2, vCISO, Penetration Testing, HIPAA, CIS Controls, Security Program, Risk Assessment, Privacy, CCPA, ISO27001

Why you should Pen Test like an Attacker & not an Auditor

Penetration testing uses creative, blended attacks like real-world adversaries to find weaknesses in tested systems. By simulating real-world attack scenarios, pen testing is 

Read More

SOC2, HIPAA, CIS Controls, Security Program

Three Ways to Approach System Hardening using CIS Benchmarks

Out of the box, most operating systems are configured insecurely. OS hardening minimizes an operating system's exposure to threats by properly configuring security settings and removing unnecessary applications and services. The Center for Internet

Read More