Security Program

Cryptographic Agility – by Jeff Hall (the ’PCI Guru’)

With the advent of quantum computing, a new threat has been added to the information security mix. The threat is today’s secure cryptography may not be secure once quantum computers reach their potential. The threat to cryptography has always existed even without quantum

Read More

PCI DSS

The PCI DSS v4.0 Customized Approach – by Jeff Hall (the ’PCI Guru’)

Possibly one of the biggest and most anticipated changes introduced with PCI DSS v4.0 is the Customized Approach. The PCI SSC is pushing the Customized Approach as providing organizations with “flexibility” in complying with PCI DSS requirements.

Read More

SOC2, vCISO

What is SOC 2 and, do you need one?

A SOC 2 Type 2 audit is an evaluation of risk for buyers and, a vehicle for communicating trust between two parties. But is it right for your organization?

Read More

Security Program, Risk Assessment

What is a Risk Assessment? – Nate Hartman

Risk in general is the likelihood and the possible impact of something bad happening in the near future. A risk assessment is an introspective document that helps the company understand risk and then take risks to move the business forward, in a

Read More

Privacy

How do Health Care Technology Organizations Manage Data Privacy Risks?

What's new with State Privacy Laws? There are now ten comprehensive privacy laws enacted in the United States. The new 2023 laws include those in Montana, Indiana, Iowa, Tennessee, and Texas. These laws join existing laws, including California,

Read More

CISO, vCISO, Security Program

What is a Tabletop Exercise and Why is it Valuable? – An interview with Aaron Wheeler, Truvantis Security Consultant

In this interview with Truvantis CEO Andy Cottrell, Aaron Wheeler discusses conducting tabletop exercises and how his clients derive value. What is a Tabletop Exercise? “It's a chance for clients to stress test environment policiesand procedures. In

Read More

CISO, vCISO, Security Program

Why is Cybersecurity Difficult? – An interview with Jennifer Hill, Truvantis Security Consultant

In this interview with Truvantis CEO Andy Cottrell, Jenny Hill discusses the challenges and evolution of security programs she sees across industries. In theory, cybersecurity should be easy. Why is it so hard? “It never stays stagnant. Every minute

Read More

PCI DSS

PCI DSS Version 4 – Controversial Topics with The PCI Dream Team

The Truvantis Risk Radar welcomed the PCI Dream Team to the first stop of their 2023 book tour. Their new book is called, “The Definitive Guide to PCI DSS Version 4”. The authors have more than 50 years of combined PCI experience. When it comes to

Read More

PCI DSS

The New Customized Approach for PCI DSS Version 4 - The PCI Dream Team

The Truvantis Risk Radar welcomed the PCI Dream Team to the first stop of their 2023 book tour. Their new book is called, “The Definitive Guide to PCI DSS Version 4 ”. The authors have more than 50 years of combined PCI experience. When it comes to

Read More

Penetration Testing, Security Program, Risk Assessment, Red Team

Penetration Testing – Stories from the Field by William Suthers

William gets to the point of what a pen test should do for your business and how to avoid costly mistakes.

Read More