truvantis-logo-reverse@2x
truvantis-logo-main@2x-1
  • Security
    • Security Program Development
      • Policy & Procedure Development
      • Penetration Testing
      • Risk Assessments
      • Static Code Analysis
    • Security Program Operation
      • Customer Security Questionnaires
      • Vendor Risk Management
      • vCISO
      truvantis-security-program

      Are you considering a security program for your organization? We work with clients just like yours to implement a modern and reliable security program. Read our security program guide to learn what goes into a security program, who needs to be involved, and more to ensure long-term success.
      Learn More
  • Compliance
      • CIS Controls
      • ISO 27001
      • PCI DSS
      • PCI DSS Level 1 QSA Assessment
      • PCI DSS SAQ
      • SOC 2
  • Privacy
      • CCPA
      • GDPR
      • HIPAA
      • GLBA
      • PIPEDA
  • Resources
      • Blog
      • Privacy Standards Guide
      • Risk Assessment Guide
      • Security Programs Guide
      • PCI DSS Guide
      • CISO as a Service Guide
  • About
      • Careers
      • Contact Us
      • Our Partners
  • Contact

    Blog

    Subscribe For Updates

    Recent Posts

    Related Articles By Topic

    PCI DSS Security Program vCISO CISO Risk Assessment Penetration Testing SOC2 Privacy CIS Controls CCPA HIPAA

    Related Articles By Topic

    • PCI DSS (26)
    • Security Program (19)
    • vCISO (17)
    • CISO (14)
    • Risk Assessment (10)
    • Penetration Testing (9)
    • SOC2 (7)
    • Privacy (6)
    • CIS Controls (5)
    • CCPA (4)
    • HIPAA (4)
    See all

    Use a vCISO to Achieve and Maintain PCI DSS Compliance

    Content Security Policy (CSP) HTML Headers

    SOC 2 and Other Security Compliance Merit Badges

    PCI DSS Training Requirements

    How to Achieve Cyber Security Peace of Mind for your Small Business

    Reasons to choose CIS Controls for Cyber Security

    Does Privacy Shield's downfall signal the end of US-EU data transfers?

    Changes to CCPA for 2021

    (Video) 11 Steps to Achieve SOC 2 Compliance

    What is “Internal Penetration testing” for PCI DSS requirement 11.3

    What Constitutes a Primary Function for PCI DSS?

    Timely update of Risk Assessment and Incident Response for PCI DSS

    Watch those Vendor Application Change Release Notes like a Hawk!

    Using Cyber Security to Enable Sales

    Due Diligence for PCI DSS Vendor Selection

    PCI DSS - Are Mobile Applications In-scope?

    Diminishing Returns in Cybersecurity

    CIS V7: What's New and What to do

    The Marriott Hack: A Cautionary Tale for Corporate Acquisitions

    Your 7 Step PCI Compliance Checklist

    I never touch Cardholder Data - Does PCI DSS Apply to me?

    The Best Ways to Maintain Your Organization's PCI DSS Documentation

    CCPA grants consumers private right of action - What is that?

    5 Reasons a Qualified Security Assessor Should Validate Your PCI DSS

    When does PCI Compliance Start?

    5 Things You Should Know About PCI DSS Compliance

    It’s More Important Than Ever to Maintain Compliance with PCI DSS

    Documenting the Impact of System Changes for PCI DSS Compliance

    No CCPA Enforcement Delay due to COVID-19

    Coronavirus Cybersecurity Recommendations

    5 Tips for Becoming PCI DSS Compliant

    How to Get the Most Out of a Security Risk Assessment

    7 IT Security Risk Assessment Myths Debunked

    How to Prepare for an Information Security Risk Assessment

    Why You Should Invest in a Professional Security Risk Assessment

    How to Actually Use Your Security Risk Assessment Report

    How to Identify Your Security Risks & Develop a Plan You Can Afford

    The Top Benefits of Using CISO as a Service

    How to Avoid Pitfalls When Hiring a CISO as a Service

    The Advantages of Hiring a vCISO Vendor vs. an In-House CISO

    What to Expect When Using a CISO as a Service

    5 Signs It's Time to Start Using a CISO as a Service

    5 Ways vCISO Can Turbocharge Your Sales Team

    How to Get the Most Out of a CISO as a Service

    What is a Security Risk Assessment & Why is it Important?

    The New SOC 2 and You: How You Should Proceed

    Social Engineering in the Retail Industry

    WPA3 for WiFi is here! Almost.

    Social Engineering Within Pentesting

    Changes to SAQs for PCI DSS v3.2.1

    What's new in PCI DSS 3.2.1

    How much Information Security function can you safely outsource?

    Just Walk in the Front Door

    7 Advantages of using a "virtual CISO" (vCISO)

    Common Key Controls Tested in PCI DSS Assessments

    The Secret Behind VI edit permissions

    Hiding in plain sight: 3 Quick Checks for Low Hanging Fruit

    Nmap sees all things

    Top 5 Free Pentesting Tools for Quick Results

    Establishing and Maintaining SOC2 Compliance

    Preventing Scope Creep in PCI Compliance

    How Do I Reset the Master Password?

    Controls are Needed on Recoveries from Backup

    Secure Coding 201: Does it Exist?

    What Time is It?

    A Summary of Deadlines in PCI 3.2

    Hidden Service Providers in your PCI DSS Assessment

    PCI DSS, CISO, vCISO

    1 Use a vCISO to Achieve and Maintain PCI DSS Compliance

    PCI is a strong security Framework. If you are a business owner, you have probably heard about the PCI DSS (Payment Card Industry Data Security ...

    Read More

    PCI DSS

    2 Content Security Policy (CSP) HTML Headers

    A number of years ago I was trying to renew my subscription to a well-known antivirus tool and found that there were 37 different URLs invoked ...

    Read More

    SOC2, vCISO

    3 SOC 2 and Other Security Compliance Merit Badges

    Whether or not you are a tinfoil-hat wearing paranoid, you need a strong cybersecurity posture to support sales! These days most of your ...

    Read More

    PCI DSS

    4 PCI DSS Training Requirements

    The PCI DSS standard ostensibly only has a few training requirements which, in my experience, most organizations do a good job of keeping up ...

    Read More

    CISO, vCISO, Security Program, Privacy

    5 How to Achieve Cyber Security Peace of Mind for your Small Business

    Small businesses, including start-ups, need a cybersecurity and privacy program, period. It is a matter of driving sales, client trust, as well ...

    Read More

    SOC2, HIPAA, CIS Controls, Security Program

    6 Reasons to choose CIS Controls for Cyber Security

    Reasons to choose CIS Controls for your cyber security program  It started with a few select people in a room. It was called “Project Insight” ...

    Read More

    HIPAA, Security Program, Privacy, CCPA

    7 Does Privacy Shield's downfall signal the end of US-EU data transfers?

    EU data protection and privacy requirements, currently established primarily in the General Data Protection Regulation (GDPR), generally ...

    Read More

    Privacy, CCPA

    8 Changes to CCPA for 2021

    January 1, 2021 will be the one year anniversary of the California Consumer Privacy Act (CCPA) going into effect, at least in theory. Forced ...

    Read More

    SOC2, CISO, vCISO, Security Program

    9 (Video) 11 Steps to Achieve SOC 2 Compliance

    Are you looking to start your SOC 2 Audit for this year? Here is a video that will guide you through your first SOC 2 audit using 11 steps.  ...

    Read More

    PCI DSS, vCISO, Penetration Testing, Security Program

    10 What is “Internal Penetration testing” for PCI DSS requirement 11.3

    Introduction PCI DSS requires Internal, External Penetration testing, and Segmentation testing. But these terms are not crisply defined. In ...

    Read More

    PCI DSS

    11 What Constitutes a Primary Function for PCI DSS?

    PCI DSS requirement 2.2.1.a says “describe how system configurations verified that only one primary function per server is implemented.”

    Read More

    PCI DSS

    12 Timely update of Risk Assessment and Incident Response for PCI DSS

    The PCI DSS compliance model depends on risk assessment and mitigation. Several places in the Report on Compliance (ROC), that a QSA compiles, ...

    Read More

    PCI DSS

    13 Watch those Vendor Application Change Release Notes like a Hawk!

    At a client site recently I was watching a customer service rep as she performed her duties during a PCI DSS interview, and noticed that when ...

    Read More

    SOC2, CISO, vCISO, Security Program, Privacy

    14 Using Cyber Security to Enable Sales

    Information security and privacy programs are generally about managing risk, but they can also impact your sales team by either slowing down or ...

    Read More

    PCI DSS

    15 Due Diligence for PCI DSS Vendor Selection

    PCI DSS Requirement 12.8 dictates that any organization involved in payment card processing—including merchants, processors, acquirers, issuers, ...

    Read More

    PCI DSS

    16 PCI DSS - Are Mobile Applications In-scope?

    Say you are interested in developing an application that runs on consumers’ devices and this application of yours will be used to accept payment ...

    Read More

    Security Program, Risk Assessment

    17 Diminishing Returns in Cybersecurity

    If you have ever taken a course in economics, then you should know a thing or two about the law of diminishing returns. It may very well be the ...

    Read More

    CIS Controls, Security Program

    18 CIS V7: What's New and What to do

    The CIS controls are a body of best practice for information security, curated by the Center for Internet Security, regarding how organizations ...

    Read More

    Penetration Testing, Security Program, Risk Assessment

    19 The Marriott Hack: A Cautionary Tale for Corporate Acquisitions

    The case of the Marriott hack is, at once, an alarming prospect for the chain’s previous guests and an invaluable case study for any ...

    Read More

    PCI DSS

    20 Your 7 Step PCI Compliance Checklist

    The journey towards payment card industry data security standard (PCI DSS) compliance can seem daunting. While there are only a handful of ...

    Read More

    PCI DSS, Security Program

    21 I never touch Cardholder Data - Does PCI DSS Apply to me?

    Payment cards have been around a long time, and nefarious schemes to take advantage of them have been around almost as long. Since most people ...

    Read More

    PCI DSS

    22 The Best Ways to Maintain Your Organization's PCI DSS Documentation

    Becoming compliant with payment card industry data security standard (PCI DSS) protocols can be a time-consuming process — but it’s a ...

    Read More

    Privacy, CCPA

    23 CCPA grants consumers private right of action - What is that?

    The California Consumer Privacy Act (CCPA) is a California state law protecting the personal information (PI) of California residents ...

    Read More

    PCI DSS

    24 5 Reasons a Qualified Security Assessor Should Validate Your PCI DSS

    For businesses that store, process, and transmit cardholder data, you know that you must comply with the Payment Card Industry Data Security ...

    Read More

    PCI DSS

    25 When does PCI Compliance Start?

    The GDPR mantra of security and privacy “by design and by default” reminds us that in every respect of a new product program security and ...

    Read More

    PCI DSS

    26 5 Things You Should Know About PCI DSS Compliance

    The PCI Security Standards compliance rules have been around since 2006. Despite more than a decade and a half of payment security protection, ...

    Read More

    PCI DSS

    27 It’s More Important Than Ever to Maintain Compliance with PCI DSS

    We hope you are all safely sequestered in your homes (whether your Governor has issued an order or not), and that you’ve successfully navigated ...

    Read More

    PCI DSS

    28 Documenting the Impact of System Changes for PCI DSS Compliance

    PCI DSS requirement 6.4.5.1 says that change documentation must include an assessment of the impact of the change “so that all affected parties ...

    Read More

    CISO, vCISO, Privacy, CCPA

    29 No CCPA Enforcement Delay due to COVID-19

    CA Attorney General will not delay CCPA enforcement due to COVID-19 An expansive new regulation like the California Consumer Privacy Act is ...

    Read More

    Penetration Testing, CIS Controls, Security Program, Risk Assessment

    30 Coronavirus Cybersecurity Recommendations

    In these difficult times, as many of us adapt to the disruptive new-normal of distance working, a robust information security program becomes ...

    Read More

    PCI DSS

    31 5 Tips for Becoming PCI DSS Compliant

    The Payment Card Industry Data Security Standard (PCI DSS) is required by contract for those handling cardholder data, whether you are a startup ...

    Read More

    Risk Assessment

    32 How to Get the Most Out of a Security Risk Assessment

    Many companies are required to perform a security risk assessment to check off a compliance box. While this mandatory analysis can seem like a ...

    Read More

    Risk Assessment

    33 7 IT Security Risk Assessment Myths Debunked

    Though the use of security risk assessments is widespread, often because they are mandated by compliance standards, there are a number of false ...

    Read More

    Risk Assessment

    34 How to Prepare for an Information Security Risk Assessment

    It’s finally time for the security risk assessment you’ve been pushing off…  You may have been delaying because you believe risk assessments ...

    Read More

    Risk Assessment

    35 Why You Should Invest in a Professional Security Risk Assessment

    Whether you have to perform a security risk assessment to meet compliance requirements or to improve a specific aspect of your security, such an ...

    Read More

    Risk Assessment

    36 How to Actually Use Your Security Risk Assessment Report

    You just received the results from your security risk assessment, but now what? It’s not uncommon for companies to perform this analysis only to ...

    Read More

    Risk Assessment

    37 How to Identify Your Security Risks & Develop a Plan You Can Afford

    When it comes to conducting security risk assessments, it can be difficult knowing where to get started. Even after identifying your scope and ...

    Read More

    CISO, vCISO

    38 The Top Benefits of Using CISO as a Service

    You could hire a Chief Information Security Officer (CISO) to help oversee your day-to-day security activities. Or, you take the stress and ...

    Read More

    CISO, vCISO

    39 How to Avoid Pitfalls When Hiring a CISO as a Service

    You’ve realized that hiring a CISO as a Service is probably your best bet for managing a better cybersecurity program. Maybe you experienced a ...

    Read More

    CISO, vCISO

    40 The Advantages of Hiring a vCISO Vendor vs. an In-House CISO

    You need someone to manage your business’ security program, and while this is a necessity, you have options for how you choose to protect your ...

    Read More

    CISO, vCISO

    41 What to Expect When Using a CISO as a Service

    We’ve found that some companies resist utilizing a CISO as a Service because they ultimately aren’t sure what to expect. They’ve heard that ...

    Read More

    CISO, vCISO

    42 5 Signs It's Time to Start Using a CISO as a Service

    You’re busy at work, focused on meeting daily deadlines and on achieving your overall mission. But while you’re laser-focused on your day-to-day ...

    Read More

    CISO, vCISO

    43 5 Ways vCISO Can Turbocharge Your Sales Team

    Sales are complicated. You’re not just articulating the facts about your product or service, you are also navigating emotions and perception to ...

    Read More

    CISO, vCISO

    44 How to Get the Most Out of a CISO as a Service

    You’ve been weighing the advantages of hiring a CISO as a Service or vCISO over hiring an internal team and finally decided that a professional ...

    Read More

    Risk Assessment

    45 What is a Security Risk Assessment & Why is it Important?

    When it comes to security risk assessments, it’s often unclear what you’ll really receive. Providers use meaningless and misused buzzwords, and ...

    Read More

    SOC2, vCISO

    46 The New SOC 2 and You: How You Should Proceed

    Under mounting pressure to keep up with an ever-changing body of regulations and increased demands for transparency, The American Institute of ...

    Read More

    CISO, Security Program

    47 Social Engineering in the Retail Industry

    The retail industry is one of the most crucial pillars propping up the United States’ economy. Without it, approximately 42 million Americans—a ...

    Read More

    Security Program

    48 WPA3 for WiFi is here! Almost.

    Choosing the correct form of encryption will always be a game with moving goalposts. Encryption algorithms and associated transport protocols ...

    Read More

    Penetration Testing

    49 Social Engineering Within Pentesting

    Pentesting the People; social engineering is an easy vulnerability When it comes to penetration testing of an enterprise, you instantly think ...

    Read More

    PCI DSS

    50 Changes to SAQs for PCI DSS v3.2.1

    Last month I wrote about the new PCI DSS standard version 3.2.1 and how nothing of significance had changed. Though that remains true, the ...

    Read More

    PCI DSS

    51 What's new in PCI DSS 3.2.1

    In May 2018, the PCI Security Standards Council, the authors of the PCI DSS standard, issued a new version of that standard - version 3.2.1. ...

    Read More

    vCISO, HIPAA, CIS Controls, Security Program

    52 How much Information Security function can you safely outsource?

    Outsourcing is now very common among technology companies. Sometimes a whole function is delegated externally such as accounting, HR, marketing. ...

    Read More

    Penetration Testing

    53 Just Walk in the Front Door

    As an aspiring penetration tester, it is not always the extensive rootkits or the backdoor metasploit exploits that you need to focus on with ...

    Read More

    PCI DSS, SOC2, CISO, vCISO, HIPAA, CIS Controls, Security Program

    54 7 Advantages of using a "virtual CISO" (vCISO)

    A growing trend in the world of Cyber Security is companies outsourcing of some or all of their Information Security teams. This can be just a ...

    Read More

    PCI DSS

    55 Common Key Controls Tested in PCI DSS Assessments

    As a company interested or required to become PCI DSS compliant, you have a list of key controls you must have in place with proper assessments ...

    Read More

    Penetration Testing

    56 The Secret Behind VI edit permissions

    The art of penetration testing is one that takes a lot of fore-learned knowledge about a specific technology and system in order to really ...

    Read More

    Penetration Testing

    57 Hiding in plain sight: 3 Quick Checks for Low Hanging Fruit

    Being able to quickly knock out the low hanging fruit vulnerabilities as a pen-tester is a matter of having a knowledge of their existence and ...

    Read More

    Penetration Testing

    58 Nmap sees all things

    A big part of penetration testing is recon and discovery. If you cannot properly identify the network you are testing, you may be missing ...

    Read More

    Penetration Testing

    59 Top 5 Free Pentesting Tools for Quick Results

    Being able to accurately perform a pentest on a network that you are not familiar with takes both knowledge about the underlying infrastructure ...

    Read More

    SOC2

    60 Establishing and Maintaining SOC2 Compliance

    Many companies, especially start ups, need to maintain a SOC2 certification but would rather not hire a full time CISO. So who is going to make ...

    Read More

    PCI DSS

    61 Preventing Scope Creep in PCI Compliance

    QSAs have to validate the scope of a PCI assessment. It is one of the biggest areas of contention, but limiting scope is of paramount importance ...

    Read More

    Security Program

    62 How Do I Reset the Master Password?

    During my time in enterprise-level support, I was often asked how to reset the master password on various devices after the existing password ...

    Read More

    Security Program

    63 Controls are Needed on Recoveries from Backup

    Some organizations completely ignore important aspects of the backup recovery and validation process. This creates a significant ongoing data ...

    Read More

    PCI DSS, Security Program

    64 Secure Coding 201: Does it Exist?

    I constantly hear that recent computer science graduates have not even been introduced to the notion of secure coding. They may have been taught ...

    Read More

    Security Program

    65 What Time is It?

    PCI DSS v3.2.1, section 10.4 requires all critical assets to be synchronized for time and recommends using one of the authoritative time sources ...

    Read More

    PCI DSS

    66 A Summary of Deadlines in PCI 3.2

    Everybody - Immediately Existing implementations that use SSL and/or early TLS must have a formal Risk Mitigation and Migration Plan in place ...

    Read More

    PCI DSS

    67 Hidden Service Providers in your PCI DSS Assessment

    Guidance from the PCI Security Standards Council (PCI SSC) suggests that there are overlooked service providers in many assessments. This begs ...

    Read More
    • Security Testing
    • Penetration Testing
    • Social Engineering & Phishing
    • Static Code Analysis
    • Wireless Penetration Testing
    • Compliance
    • CIS Controls
    • ISO 27001
    • PCI DSS
    • SOC 2
    • CIS Controls Gap Analysis
    • PCI DSS Level 1 QSA Assessment
    • PCI DSS SAQ
    • Security Program Development
    • Policy & Procedure Development
    • Risk Assessments
    • Security Awareness Training
    • Security Program Operation
    • Customer Security Questionnaires
    • Vendor Risk Management
    • vCISO
    • Privacy Consulting
    • CCPA
    • GDPR
    • HIPAA
    • GLBA
    • PIPEDA
    • Resources
    • Our Blog
    • Privacy Standards Guide
    • Risk Assessment Guide
    • Security Programs Guide
    • PCI DSS Guide
    • CISO as a Service Guide
    • About
    • About Us
    • Partners, Memberships & Certifications
    • Careers
    truvantis-logo-white@2x-1

    info@truvantis.com

    +1 (415) 422-9844

      © 2021 Truvantis, Inc All Rights Reserved.

      Privacy Policy    Terms of Service