CISO, vCISO, Security Program, Risk Assessment, ISO27001

Seven Steps to ISO 27001 Certification

One of the best ways to demonstrate the suitability of your Information Security Management System (ISMS) to your organization, customers, and partners is to achieve a globally recognized certification. The ISO 27001 certification is also a foundational layer in building a

Read More

HIPAA, Privacy, CCPA, GDPR

CPRA Update May 2022

The California Privacy Protection Agency (CPPA) is holding pre-rulemaking stakeholder sessions via zoom this week Wed May 4 –6. The sessions are open to the public, and you can find full details on the CPPA website. Please read on for an overview of

Read More

SOC2

The Fastest Route to SOC 2 Compliance

Achieving SOC 2 compliance is a competitive advantage, and many times, it is critical to make a sale. SOC 2 reports are often used throughout the industry to screen vendors early in the vendor evaluation process.  

Read More

PCI DSS

PCI DSS 4.0 is Open for Discussion

The PCI Data Security Standard (PCI DSS) is a global standard of technical and operational requirements for merchants and service providers who collect, process, or store cardholder data. The next evolution of the PCI DSS,  version 4.0, is emerging. 

Read More

PCI DSS, SOC2, CISO, vCISO, CIS Controls, Security Program, Privacy, Red Teaming

The Seven Essential Qualities of a vCISO

Not every business can internally support the staffing and resources necessary to independently develop robust cybersecurity and privacy programs. Fortunately, you can partially or fully outsource to trusted partners the jobs of CISO and IT security

Read More

Penetration Testing, Security Program

Pen Testing - Why Purple Teams Should Never Exist

Purple teams are a controversial topic among cybersecurity professionals. There seems to be industry confusion regarding the definitions of Blue, Red and Purple teams. While descriptions of Blue Teams are relatively consistent, there are variations

Read More

Penetration Testing, Security Program

Five Reasons Internal Pen Testing is Necessary

Sometimes the best defense is a good offense.  In cybersecurity, you need to think like real-world attackers.  Security practitioners do this via penetration (pen) testing to find vulnerabilities that attackers could potentially exploit. 

Read More

Penetration Testing, Security Program

Using Open Source Intelligence (OSINT) for Attack Surface Analysis

As the world grows more interconnected through social media and digital communications, relevant information available to attackers grows exponentially. Open-source intelligence (OSINT) is the practice of collecting data from published or otherwise

Read More

PCI DSS

PCI DSS 4.0 Release!

Earlier this month, the Payment Card Industry Security Standards Council (PCI SSC) published the official PCI DSS version 4.0. Over the next few months, we anticipate supporting documentation to emerge and QSA training to begin.  

Read More

Penetration Testing, Security Program

Five Steps to Pentesting Wireless

Wireless access points can be easy targets for a cybercriminal to breach your system. Whether installed by stealth or just innocently by shadow IT, rogue access pointsare a significant security threat to the entire network. Legitimate access points

Read More