truvantis-logo-reverse@2x
truvantis-logo-main@2x-1
  • Security
    • Security Program Development
      • Policy & Procedure Development
      • Penetration Testing
      • Risk Assessments
      • Static Code Analysis
    • Security Program Operation
      • Customer Security Questionnaires
      • Vendor Risk Management
      • vCISO
      truvantis-security-program

      Are you considering a security program for your organization? We work with clients just like you to implement a modern and reliable security program. Read our security program guide to learn what goes into a security program, who needs to be involved, and more to ensure long-term success.
      Learn More
  • Compliance
      • CIS Controls
      • ISO 27001
      • PCI DSS
      • PCI DSS Level 1 QSA Assessment
      • PCI DSS SAQ
      • SOC 2
  • Privacy
      • CCPA
      • GDPR
      • HIPAA
      • GLBA
      • PIPEDA
  • Resources
      • Blog
      • Privacy Standards Guide
      • Risk Assessment Guide
      • Security Programs Guide
      • PCI DSS Guide
      • CISO as a Service Guide
      • SOC 2 Guide
  • About
      • Careers
      • Contact Us
      • Our Partners
  • Contact

    Blog

    Subscribe For Updates

    Recent Posts

    Related Articles By Topic

    Security Program PCI DSS vCISO CISO Penetration Testing Privacy SOC2 Risk Assessment HIPAA CCPA CIS Controls GDPR Red Teaming ISO27001

    Related Articles By Topic

    • Security Program (51)
    • PCI DSS (42)
    • vCISO (35)
    • CISO (29)
    • Penetration Testing (21)
    • Privacy (20)
    • SOC2 (20)
    • Risk Assessment (17)
    • HIPAA (12)
    • CCPA (11)
    • CIS Controls (8)
    • GDPR (5)
    • Red Teaming (5)
    • ISO27001 (2)
    See all

    Seven Steps to ISO 27001 Certification

    CPRA Update May 2022

    The Fastest Route to SOC 2 Compliance

    PCI DSS 4.0 is Open for Discussion

    The Seven Essential Qualities of a vCISO

    Pen Testing - Why Purple Teams Should Never Exist

    Five Reasons Internal Pen Testing is Necessary

    Using Open Source Intelligence (OSINT) for Attack Surface Analysis

    PCI DSS 4.0 Release!

    Five Steps to Pentesting Wireless

    Guidepost Solutions Acquires Significant Equity Interest in Cybersecurity Solutions Firm Truvantis, Inc.

    How Much Does It Cost to Get a SOC 2 Report?

    Recovering from a Data Breach, a Twelve Step Program

    CPPA Reduces the CPRA Implementation Window for New Privacy Laws

    Four Compliance Standards that can Accelerate Your Sales Team

    Pen Testing the Cloud and Hybrid Environments

    The Hackers Guide to API Penetration Testing

    PCI-DSS –SAD vs. CHD

    PCI DSS Truncation Rules and Guidelines

    Five Ways to Reduce the Cost of PCI DSS Compliance

    Vulnerability Assessment, Penetration Testing, and Red Team Conflation

    Overseeing a vCISO - Translating Information Security to Business Risk

    The Seven Regions of Privacy, Cybersecurity & Compliance

    Three Indicators Your Startup should be SOC 2 Compliant

    Three Ways to Improve Your Bottom Line Using a vCISO

    Data Privacy Tools in 2022

    Cybersecurity – Responsibility vs. Accountability

    The Meaning of SOC from the AICPA

    Combating Feedback Loops with Attack Surface Analysis

    EU Privacy - New GDPR Data Transfer Tools

    The Four Essential Elements of SOC 2 Type 2 Compliance

    vCISO - Stories from the Trenches

    What are the SOC 2 Trust Services Criteria?

    Apache Log4j Vulnerabilities vs. Cybersecurity Risk Management

    How to Be Prepared for PCI DSS v4 in 2022

    Data Privacy - Dates to Watch for in 2022

    Understanding the Business Value of SOC 2 Compliance

    Cybersecurity Threat Landscape 2022, Nine Things You Should Know

    Bridging the gap between CISOs

    State Privacy Law, What's Coming in California CPRA for 2022

    Combating Ransomware Attacks Through Comprehensive Penetration Testing

    Three steps to Cyber Security Programs for CPRA, HIPAA, GDPR, PIPEDA, CCPA.

    The One Reason to Pen Test Data Backup Systems - Ransomware Protection

    The 0-day in the Room Nobody is Talking About: Scope

    PCI DSS Version 4.0: Preparing for the Future

    Timely Update of Risk Assessment and Incident Response for PCI DSS

    Requirements for Written Policies and Procedures for PCI DSS Compliance

    Common Key Controls Tested in PCI DSS Assessments

    Do you have APIs? How do you test them?

    What does a PCI DSS Compliance Program Look Like?

    Vendor Security Assessment Questionnaire Templates

    Destroying Data Securely

    Using a vCISO Service to Achieve and Retain a SOC 2 Certification

    TokenEx and Truvantis: A Combined Solution for Uncompromising Security

    Use a vCISO to Achieve and Maintain PCI DSS Compliance

    Content Security Policy (CSP) HTML Headers

    SOC 2 and Other Security Compliance Merit Badges

    PCI DSS Training Requirements

    How to Achieve Cyber Security Peace of Mind for your Small Business

    Reasons to choose CIS Controls for Cyber Security

    Does Privacy Shield's downfall signal the end of US-EU data transfers?

    Changes to CCPA for 2021

    (Video) 11 Steps to Achieve SOC 2 Compliance

    What is “Internal Penetration testing” for PCI DSS requirement 11.3

    What Constitutes a Primary Function for PCI DSS?

    Watch those Vendor Application Change Release Notes like a Hawk!

    Using Cyber Security to Enable Sales

    Due Diligence for PCI DSS Vendor Selection

    PCI DSS - Are Mobile Applications In-scope?

    Diminishing Returns in Cybersecurity

    CIS V7: What's New and What to do

    The Marriott Hack: A Cautionary Tale for Corporate Acquisitions

    Your 7 Step PCI Compliance Checklist

    I never touch Cardholder Data - Does PCI DSS Apply to me?

    The Best Ways to Maintain Your Organization's PCI DSS Documentation

    CCPA grants consumers private right of action - What is that?

    5 Reasons a Qualified Security Assessor Should Validate Your PCI DSS

    When does PCI Compliance Start?

    5 Things You Should Know About PCI DSS Compliance

    It’s More Important Than Ever to Maintain Compliance with PCI DSS

    Documenting the Impact of System Changes for PCI DSS Compliance

    No CCPA Enforcement Delay due to COVID-19

    Coronavirus Cybersecurity Recommendations

    5 Tips for Becoming PCI DSS Compliant

    How to Get the Most Out of a Security Risk Assessment

    7 IT Security Risk Assessment Myths Debunked

    How to Prepare for an Information Security Risk Assessment

    Why You Should Invest in a Professional Security Risk Assessment

    How to Actually Use Your Security Risk Assessment Report

    How to Identify Your Security Risks & Develop a Plan You Can Afford

    The Top Benefits of Using CISO as a Service

    How to Avoid Pitfalls When Hiring a CISO as a Service

    The Advantages of Hiring a vCISO Vendor vs. an In-House CISO

    What to Expect When Using a CISO as a Service

    5 Signs It's Time to Start Using a CISO as a Service

    5 Ways vCISO Can Turbocharge Your Sales Team

    How to Get the Most Out of a CISO as a Service

    What is a Security Risk Assessment & Why is it Important?

    The New SOC 2 and You: How You Should Proceed

    Social Engineering in the Retail Industry

    WPA3 for WiFi is here! Almost.

    Social Engineering Within Pentesting

    Changes to SAQs for PCI DSS v3.2.1

    What's new in PCI DSS 3.2.1

    How much Information Security function can you safely outsource?

    Just Walk in the Front Door

    7 Advantages of using a "virtual CISO" (vCISO)

    The Secret Behind VI edit permissions

    Hiding in plain sight: 3 Quick Checks for Low Hanging Fruit

    Nmap sees all things

    Top 5 Free Pentesting Tools for Quick Results

    Establishing and Maintaining SOC 2 Compliance

    Preventing Scope Creep in PCI Compliance

    Controls are Needed on Recoveries from Backup

    Secure Coding 201: Does it Exist?

    What Time is It?

    A Summary of Deadlines in PCI 3.2

    Hidden Service Providers in your PCI DSS Assessment

    CISO, vCISO, Security Program, Risk Assessment, ISO27001

    1 Seven Steps to ISO 27001 Certification

    One of the best ways to demonstrate the suitability of your Information Security Management System (ISMS) to your organization, customers, and ...

    Read More

    HIPAA, Privacy, CCPA, GDPR

    2 CPRA Update May 2022

    The California Privacy Protection Agency (CPPA) is holding pre-rulemaking stakeholder sessions via zoom this week Wed May 4 –6. The sessions are ...

    Read More

    SOC2

    3 The Fastest Route to SOC 2 Compliance

    Achieving SOC 2 compliance is a competitive advantage, and many times, it is critical to make a sale. SOC 2 reports are often used throughout ...

    Read More

    PCI DSS

    4 PCI DSS 4.0 is Open for Discussion

    The PCI Data Security Standard (PCI DSS) is a global standard of technical and operational requirements for merchants and service providers who ...

    Read More

    PCI DSS, SOC2, CISO, vCISO, CIS Controls, Security Program, Privacy, Red Teaming

    5 The Seven Essential Qualities of a vCISO

    Not every business can internally support the staffing and resources necessary to independently develop robust cybersecurity and privacy ...

    Read More

    Penetration Testing, Security Program

    6 Pen Testing - Why Purple Teams Should Never Exist

    Purple teams are a controversial topic among cybersecurity professionals. There seems to be industry confusion regarding the definitions of ...

    Read More

    Penetration Testing, Security Program

    7 Five Reasons Internal Pen Testing is Necessary

    Sometimes the best defense is a good offense.  In cybersecurity, you need to think like real-world attackers.  Security practitioners do this ...

    Read More

    Penetration Testing, Security Program

    8 Using Open Source Intelligence (OSINT) for Attack Surface Analysis

    As the world grows more interconnected through social media and digital communications, relevant information available to attackers grows ...

    Read More

    PCI DSS

    9 PCI DSS 4.0 Release!

    Earlier this month, the Payment Card Industry Security Standards Council (PCI SSC) published the official PCI DSS version 4.0. Over the next few ...

    Read More

    Penetration Testing, Security Program

    10 Five Steps to Pentesting Wireless

    Wireless access points can be easy targets for a cybercriminal to breach your system. Whether installed by stealth or just innocently by shadow ...

    Read More

    Security Program

    11 Guidepost Solutions Acquires Significant Equity Interest in Cybersecurity Solutions Firm Truvantis, Inc.

    Truvantis Forms Strategic Partnership to Address Expanding Cybersecurity Risks Guidepost Solutions LLC, a global leader in domestic and ...

    Read More

    SOC2

    12 How Much Does It Cost to Get a SOC 2 Report?

    Maybe you've been asked to provide a SOC 2 report as part of the sales cycle, or you anticipate you will need SOC 2 compliance at some point. ...

    Read More

    CISO, vCISO, Security Program

    13 Recovering from a Data Breach, a Twelve Step Program

    According to the IBM Cost of a Data Breach Report 2021:  Average data breach costs rose 10% between 2020 and 2021, from $3.86 million to $4.24 ...

    Read More

    HIPAA, Privacy, CCPA, GDPR

    14 CPPA Reduces the CPRA Implementation Window for New Privacy Laws

    During a public board meeting on February 17, 2022, the California Privacy Protection Agency (CPPA) indicated it would likely miss the July 1, ...

    Read More

    PCI DSS, SOC2, CISO, vCISO, CIS Controls, Security Program

    15 Four Compliance Standards that can Accelerate Your Sales Team

    Businesses must comply with a mixture of international, industry-specific and state-mandated cybersecurity regulations and require their vendors ...

    Read More

    Penetration Testing, Security Program

    16 Pen Testing the Cloud and Hybrid Environments

    Cloud technologies enable companies to build and run scalable applications in dynamic public, private, and hybrid environments. Containers, ...

    Read More

    Penetration Testing, Security Program, Red Teaming

    17 The Hackers Guide to API Penetration Testing

    Pen testing has traditionally focused on realistic simulated attacks on your network, operating systems and applications. In today's ...

    Read More

    PCI DSS

    18 PCI-DSS –SAD vs. CHD

    When it comes to handling payment cardholder data, PCI DSS has many rules about what you must and must not do when it comes to handling payment ...

    Read More

    PCI DSS

    19 PCI DSS Truncation Rules and Guidelines

    The PCI Security Standards Council's redefined truncation rules are a mess.

    Read More

    PCI DSS

    20 Five Ways to Reduce the Cost of PCI DSS Compliance

    If your company stores, processes, or transmits cardholder data, you need PCI DSS compliance. According to the Verizon 2020 Payment Security ...

    Read More

    Penetration Testing, Security Program, Red Teaming

    21 Vulnerability Assessment, Penetration Testing, and Red Team Conflation

    Red Team vs. Penetration Test vs. Vulnerability Assessment - Seven characteristics that set these services apart and why it matters to you.

    Read More

    CISO, vCISO, Security Program

    22 Overseeing a vCISO - Translating Information Security to Business Risk

    Most experts agree that the Chief Information Security Officer (CISO) role is a business necessity in today's cyber - risky environment . ...

    Read More

    Security Program, Privacy

    23 The Seven Regions of Privacy, Cybersecurity & Compliance

    Privacy, cybersecurity, and Compliance are distinct practices with distinct goals. The three disciplines work together to build trust and ...

    Read More

    SOC2, Security Program

    24 Three Indicators Your Startup should be SOC 2 Compliant

    A System and Organization Controls 2 (SOC 2) compliant report is an industry-recognized standard for demonstrating the efficacy of information ...

    Read More

    CISO, vCISO, Security Program

    25 Three Ways to Improve Your Bottom Line Using a vCISO

    In today's cyber-risky environment, most experts agree that the role of a Chief Information Security Officer (CISO) is a business ...

    Read More

    HIPAA, Privacy, CCPA, GDPR

    26 Data Privacy Tools in 2022

    Three Types of Data Privacy Tools for 2022 Organizations are under extreme pressure to mitigate emerging risks and keep pace with changing ...

    Read More

    CISO, vCISO, Security Program

    27 Cybersecurity – Responsibility vs. Accountability

    Responsibility vs. Accountability for Oversight of Cybersecurity  The need to manage cybersecurity and privacy risk is generally accepted. In ...

    Read More

    SOC2, vCISO

    28 The Meaning of SOC from the AICPA

    What does SOC mean and why does it matter? How did a CPA organization come to audit information systems for cybersecurity and privacy controls? ...

    Read More

    Penetration Testing, Security Program, Risk Assessment, Red Teaming

    29 Combating Feedback Loops with Attack Surface Analysis

    Everyone knows there are threats out there hell-bent on destroying our organizations. Innovative businesses everywhere are taking a risk-based ...

    Read More

    HIPAA, Privacy, CCPA, GDPR

    30 EU Privacy - New GDPR Data Transfer Tools

    New EU data privacy laws impact companies in 2022.  In June 2021, the European Commission adopted a new set of standard contractual clauses ...

    Read More

    SOC2, Security Program

    31 The Four Essential Elements of SOC 2 Type 2 Compliance

    The Type 2 audit measures your organizations’ ability to maintain security, availability, processing integrity, privacy, and ...

    Read More

    SOC2, CISO, vCISO, Security Program

    32 vCISO - Stories from the Trenches

    Disasters, heroics, funny stories, and impacts to business success  Nate Hartman describes a six-month stint as an acting CISO or virtual CISO ...

    Read More

    SOC2, CISO, vCISO, Security Program

    33 What are the SOC 2 Trust Services Criteria?

    The SOC 2 Trust Services Criteria (TSCs) for information technology, is a framework for designing, implementing and evaluating information ...

    Read More

    Security Program, Privacy

    34 Apache Log4j Vulnerabilities vs. Cybersecurity Risk Management

    Apache Log4j Vulnerabilities vs. GRC  On December 10, Apache released details about a Log4j-core vulnerability nicknamed "Log4Shell". It ...

    Read More

    PCI DSS

    35 How to Be Prepared for PCI DSS v4 in 2022

    Discussions about PCI DSS v4 became all the rage with the release of the first Request for Comments (RFC) back in 2019, and those discussions ...

    Read More

    HIPAA, Privacy, CCPA, GDPR

    36 Data Privacy - Dates to Watch for in 2022

    Data Privacy - Dates to Watch for in 2022-23 Information privacy is the right of consumers to have some control over how their personal ...

    Read More

    SOC2, CISO, vCISO, Security Program

    37 Understanding the Business Value of SOC 2 Compliance

    System and Organizational Controls 2 (SOC 2) is sometimes known as Service Organization Controls. Maintained by the American Institute of ...

    Read More

    PCI DSS, Security Program, Privacy

    38 Cybersecurity Threat Landscape 2022, Nine Things You Should Know

    In 2021 cybersecurity professionals faced the same vulnerabilities and attacks as decades before, just more nefarious, persistent, and ...

    Read More

    SOC2, CISO, vCISO, Security Program, Risk Assessment

    39 Bridging the gap between CISOs

    Facing the challenges of new cybersecurity and privacy laws, a sharp increase in cybersecurity litigation, and the ceaseless evolution of ...

    Read More

    Privacy, CCPA

    40 State Privacy Law, What's Coming in California CPRA for 2022

    What's new with State Privacy Laws?  CPRA applies to all data collected as of Jan 1, 2022.  In 2018 California became the first US state to give ...

    Read More

    Penetration Testing, Security Program, Risk Assessment

    41 Combating Ransomware Attacks Through Comprehensive Penetration Testing

    Ransomware is still a major threat. In fact, the Tactics, Techniques and Procedures (TTP's) of  ransomware gangs have evolved so much that it ...

    Read More

    Privacy

    42 Three steps to Cyber Security Programs for CPRA, HIPAA, GDPR, PIPEDA, CCPA.

    Many new data privacy laws are emerging. Businesses must continually prove privacy compliance. Review current data privacy laws and get advice ...

    Read More

    CISO, vCISO, Penetration Testing, HIPAA, Security Program, Risk Assessment

    43 The One Reason to Pen Test Data Backup Systems - Ransomware Protection

    At the heart of your disaster recovery plan, organizations often disregard data backup and recovery systems when it comes to pen testing and ...

    Read More

    PCI DSS, CISO, vCISO, Penetration Testing, HIPAA, Security Program, Risk Assessment, Red Teaming

    44 The 0-day in the Room Nobody is Talking About: Scope

    Scope is an important shaping tool that, when leveraged properly, can help enhance engagement outcomes during penetration testing, red team and ...

    Read More

    PCI DSS

    45 PCI DSS Version 4.0: Preparing for the Future

    The first quarter of the year 2022 should be an exciting time for everyone working with PCI DSS. The PCI Security Standards Council is scheduled ...

    Read More

    PCI DSS

    46 Timely Update of Risk Assessment and Incident Response for PCI DSS

    The PCI DSS compliance model depends on risk assessment and mitigation. The testing instructions for PCI DSS published by the PCI Security ...

    Read More

    PCI DSS

    47 Requirements for Written Policies and Procedures for PCI DSS Compliance

    I often come across clients whose documentation is missing a policy or a procedure that PCI DSS requires. “That will never happen here” or “We ...

    Read More

    PCI DSS

    48 Common Key Controls Tested in PCI DSS Assessments

    As a company interested or required to become PCI DSS compliant, there is a list of key controls you must have in place, and appropriate ...

    Read More

    PCI DSS, SOC2, vCISO, Penetration Testing, HIPAA, CIS Controls, Security Program, Risk Assessment, Privacy, CCPA, ISO27001

    49 Do you have APIs? How do you test them?

    Application Program Interfaces (APIs) have changed in nature in recent years and are increasingly (and sometimes inadvertently) being made ...

    Read More

    PCI DSS, vCISO, Security Program

    50 What does a PCI DSS Compliance Program Look Like?

    You receive a letter from your bank: “Congratulations, you just passed 2.5M credit card impressions in the last 12 months.” (Break out the ...

    Read More

    CISO, vCISO, Security Program

    51 Vendor Security Assessment Questionnaire Templates

    Tired of filling out vendor security assessment questionnaires or shared assessment SIG templates? A vCISO service could be just the right thing ...

    Read More

    PCI DSS, Security Program, Privacy

    52 Destroying Data Securely

    In the days of Solid-State Disks (SSD), RAID10 disk drive arrays, databases taking snapshots of data, automated backups, and active-active data ...

    Read More

    SOC2, CISO, vCISO, Security Program

    53 Using a vCISO Service to Achieve and Retain a SOC 2 Certification

    CSO Online, which knows plenty about what goes into ensuring security, makes a strong case for hiring a virtual Chief Information Security ...

    Read More

    PCI DSS, Privacy

    54 TokenEx and Truvantis: A Combined Solution for Uncompromising Security

    Modern organizations must collect and store sensitive personal and payment data to process payments, compile analytics, and enable users to get ...

    Read More

    PCI DSS, CISO, vCISO

    55 Use a vCISO to Achieve and Maintain PCI DSS Compliance

    PCI is a strong security Framework. If you are a business owner, you have probably heard about the PCI DSS (Payment Card Industry Data Security ...

    Read More

    PCI DSS

    56 Content Security Policy (CSP) HTML Headers

    A number of years ago I was trying to renew my subscription to a well-known antivirus tool and found that there were 37 different URLs invoked ...

    Read More

    SOC2, vCISO

    57 SOC 2 and Other Security Compliance Merit Badges

    Whether or not you are a tinfoil-hat wearing paranoid, you need a strong cybersecurity posture to support sales! These days most of your ...

    Read More

    PCI DSS

    58 PCI DSS Training Requirements

    The PCI DSS standard ostensibly only has a few training requirements which, in my experience, most organizations do a good job of keeping up ...

    Read More

    CISO, vCISO, Security Program, Privacy

    59 How to Achieve Cyber Security Peace of Mind for your Small Business

    Small businesses, including start-ups, need a cybersecurity and privacy program, period. It is a matter of driving sales, client trust, as well ...

    Read More

    SOC2, HIPAA, CIS Controls, Security Program

    60 Reasons to choose CIS Controls for Cyber Security

    Reasons to choose CIS Controls for your cyber security program  It started with a few select people in a room. It was called “Project Insight” ...

    Read More

    HIPAA, Security Program, Privacy, CCPA

    61 Does Privacy Shield's downfall signal the end of US-EU data transfers?

    EU data protection and privacy requirements, currently established primarily in the General Data Protection Regulation (GDPR), generally ...

    Read More

    Privacy, CCPA

    62 Changes to CCPA for 2021

    January 1, 2021 will be the one year anniversary of the California Consumer Privacy Act (CCPA) going into effect, at least in theory. Forced ...

    Read More

    SOC2, CISO, vCISO, Security Program

    63 (Video) 11 Steps to Achieve SOC 2 Compliance

    Are you looking to start your SOC 2 Audit for this year? Here is a video that will guide you through your first SOC 2 audit using 11 steps.  ...

    Read More

    PCI DSS, vCISO, Penetration Testing, Security Program

    64 What is “Internal Penetration testing” for PCI DSS requirement 11.3

    Introduction PCI DSS requires Internal, External Penetration testing, and Segmentation testing. But these terms are not crisply defined. In ...

    Read More

    PCI DSS

    65 What Constitutes a Primary Function for PCI DSS?

    PCI DSS requirement 2.2.1.a says “describe how system configurations verified that only one primary function per server is implemented.”

    Read More

    PCI DSS

    66 Watch those Vendor Application Change Release Notes like a Hawk!

    At a client site recently I was watching a customer service rep as she performed her duties during a PCI DSS interview, and noticed that when ...

    Read More

    SOC2, CISO, vCISO, Security Program, Privacy

    67 Using Cyber Security to Enable Sales

    Information security and privacy programs are generally about managing risk, but they can also impact your sales team by either slowing down or ...

    Read More

    PCI DSS

    68 Due Diligence for PCI DSS Vendor Selection

    PCI DSS Requirement 12.8 dictates that any organization involved in payment card processing—including merchants, processors, acquirers, issuers, ...

    Read More

    PCI DSS

    69 PCI DSS - Are Mobile Applications In-scope?

    Say you are interested in developing an application that runs on consumers’ devices and this application of yours will be used to accept payment ...

    Read More

    Security Program, Risk Assessment

    70 Diminishing Returns in Cybersecurity

    If you have ever taken a course in economics, then you should know a thing or two about the law of diminishing returns. It may very well be the ...

    Read More

    CIS Controls, Security Program

    71 CIS V7: What's New and What to do

    The CIS controls are a body of best practice for information security, curated by the Center for Internet Security, regarding how organizations ...

    Read More

    Penetration Testing, Security Program, Risk Assessment

    72 The Marriott Hack: A Cautionary Tale for Corporate Acquisitions

    The case of the Marriott hack is, at once, an alarming prospect for the chain’s previous guests and an invaluable case study for any ...

    Read More

    PCI DSS

    73 Your 7 Step PCI Compliance Checklist

    The journey towards payment card industry data security standard (PCI DSS) compliance can seem daunting. While there are only a handful of ...

    Read More

    PCI DSS, Security Program

    74 I never touch Cardholder Data - Does PCI DSS Apply to me?

    Payment cards have been around a long time, and nefarious schemes to take advantage of them have been around almost as long. Since most people ...

    Read More

    PCI DSS

    75 The Best Ways to Maintain Your Organization's PCI DSS Documentation

    Becoming compliant with payment card industry data security standard (PCI DSS) protocols can be a time-consuming process — but it’s a ...

    Read More

    Privacy, CCPA

    76 CCPA grants consumers private right of action - What is that?

    The California Consumer Privacy Act (CCPA) is a California state law protecting the personal information (PI) of California residents ...

    Read More

    PCI DSS

    77 5 Reasons a Qualified Security Assessor Should Validate Your PCI DSS

    For businesses that store, process, and transmit cardholder data, you know that you must comply with the Payment Card Industry Data Security ...

    Read More

    PCI DSS

    78 When does PCI Compliance Start?

    The GDPR mantra of security and privacy “by design and by default” reminds us that in every respect of a new product program security and ...

    Read More

    PCI DSS

    79 5 Things You Should Know About PCI DSS Compliance

    The PCI Security Standards compliance rules have been around since 2006. Despite more than a decade and a half of payment security protection, ...

    Read More

    PCI DSS

    80 It’s More Important Than Ever to Maintain Compliance with PCI DSS

    We hope you are all safely sequestered in your homes (whether your Governor has issued an order or not), and that you’ve successfully navigated ...

    Read More

    PCI DSS

    81 Documenting the Impact of System Changes for PCI DSS Compliance

    PCI DSS requirement 6.4.5.1 says that change documentation must include an assessment of the impact of the change “so that all affected parties ...

    Read More

    CISO, vCISO, Privacy, CCPA

    82 No CCPA Enforcement Delay due to COVID-19

    CA Attorney General will not delay CCPA enforcement due to COVID-19 An expansive new regulation like the California Consumer Privacy Act is ...

    Read More

    Penetration Testing, CIS Controls, Security Program, Risk Assessment

    83 Coronavirus Cybersecurity Recommendations

    In these difficult times, as many of us adapt to the disruptive new-normal of distance working, a robust information security program becomes ...

    Read More

    PCI DSS

    84 5 Tips for Becoming PCI DSS Compliant

    The Payment Card Industry Data Security Standard (PCI DSS) is required by contract for those handling cardholder data, whether you are a startup ...

    Read More

    Risk Assessment

    85 How to Get the Most Out of a Security Risk Assessment

    Many companies are required to perform a security risk assessment to check off a compliance box. While this mandatory analysis can seem like a ...

    Read More

    Risk Assessment

    86 7 IT Security Risk Assessment Myths Debunked

    Though the use of security risk assessments is widespread, often because they are mandated by compliance standards, there are a number of false ...

    Read More

    Risk Assessment

    87 How to Prepare for an Information Security Risk Assessment

    It’s finally time for the security risk assessment you’ve been pushing off…  You may have been delaying because you believe risk assessments ...

    Read More

    Risk Assessment

    88 Why You Should Invest in a Professional Security Risk Assessment

    Whether you have to perform a security risk assessment to meet compliance requirements or to improve a specific aspect of your security, such an ...

    Read More

    Risk Assessment

    89 How to Actually Use Your Security Risk Assessment Report

    You just received the results from your security risk assessment, but now what? It’s not uncommon for companies to perform this analysis only to ...

    Read More

    Risk Assessment

    90 How to Identify Your Security Risks & Develop a Plan You Can Afford

    When it comes to conducting security risk assessments, it can be difficult knowing where to get started. Even after identifying your scope and ...

    Read More

    CISO, vCISO

    91 The Top Benefits of Using CISO as a Service

    You could hire a Chief Information Security Officer (CISO) to help oversee your day-to-day security activities. Or, you take the stress and ...

    Read More

    CISO, vCISO

    92 How to Avoid Pitfalls When Hiring a CISO as a Service

    You’ve realized that hiring a CISO as a Service is probably your best bet for managing a better cybersecurity program. Maybe you experienced a ...

    Read More

    CISO, vCISO

    93 The Advantages of Hiring a vCISO Vendor vs. an In-House CISO

    You need someone to manage your business’ security program, and while this is a necessity, you have options for how you choose to protect your ...

    Read More

    CISO, vCISO

    94 What to Expect When Using a CISO as a Service

    We’ve found that some companies resist utilizing a CISO as a Service because they ultimately aren’t sure what to expect. They’ve heard that ...

    Read More

    CISO, vCISO

    95 5 Signs It's Time to Start Using a CISO as a Service

    You’re busy at work, focused on meeting daily deadlines and on achieving your overall mission. But while you’re laser-focused on your day-to-day ...

    Read More

    CISO, vCISO

    96 5 Ways vCISO Can Turbocharge Your Sales Team

    Sales are complicated. You’re not just articulating the facts about your product or service, you are also navigating emotions and perception to ...

    Read More

    CISO, vCISO

    97 How to Get the Most Out of a CISO as a Service

    You’ve been weighing the advantages of hiring a CISO as a Service or vCISO over hiring an internal team and finally decided that a professional ...

    Read More

    Risk Assessment

    98 What is a Security Risk Assessment & Why is it Important?

    When it comes to security risk assessments, it’s often unclear what you’ll really receive. Providers use meaningless and misused buzzwords, and ...

    Read More

    SOC2, vCISO

    99 The New SOC 2 and You: How You Should Proceed

    Under mounting pressure to keep up with an ever-changing body of regulations and increased demands for transparency, The American Institute of ...

    Read More

    CISO, Security Program

    100 Social Engineering in the Retail Industry

    The retail industry is one of the most crucial pillars propping up the United States’ economy. Without it, approximately 42 million Americans—a ...

    Read More

    Security Program

    101 WPA3 for WiFi is here! Almost.

    Choosing the correct form of encryption will always be a game with moving goalposts. Encryption algorithms and associated transport protocols ...

    Read More

    Penetration Testing

    102 Social Engineering Within Pentesting

    Pentesting the People; social engineering is an easy vulnerability When it comes to penetration testing of an enterprise, you instantly think ...

    Read More

    PCI DSS

    103 Changes to SAQs for PCI DSS v3.2.1

    Last month I wrote about the new PCI DSS standard version 3.2.1 and how nothing of significance had changed. Though that remains true, the ...

    Read More

    PCI DSS

    104 What's new in PCI DSS 3.2.1

    In May 2018, the PCI Security Standards Council, the authors of the PCI DSS standard, issued a new version of that standard - version 3.2.1. ...

    Read More

    vCISO, HIPAA, CIS Controls, Security Program

    105 How much Information Security function can you safely outsource?

    Outsourcing is now very common among technology companies. Sometimes a whole function is delegated externally such as accounting, HR, marketing. ...

    Read More

    Penetration Testing

    106 Just Walk in the Front Door

    As an aspiring penetration tester, it is not always the extensive rootkits or the backdoor metasploit exploits that you need to focus on with ...

    Read More

    PCI DSS, SOC2, CISO, vCISO, HIPAA, CIS Controls, Security Program

    107 7 Advantages of using a "virtual CISO" (vCISO)

    A growing trend in the world of Cyber Security is companies outsourcing of some or all of their Information Security teams. This can be just a ...

    Read More

    Penetration Testing

    108 The Secret Behind VI edit permissions

    The art of penetration testing is one that takes a lot of fore-learned knowledge about a specific technology and system in order to really ...

    Read More

    Penetration Testing

    109 Hiding in plain sight: 3 Quick Checks for Low Hanging Fruit

    Being able to quickly knock out the low hanging fruit vulnerabilities as a pen-tester is a matter of having a knowledge of their existence and ...

    Read More

    Penetration Testing

    110 Nmap sees all things

    A big part of penetration testing is recon and discovery. If you cannot properly identify the network you are testing, you may be missing ...

    Read More

    Penetration Testing

    111 Top 5 Free Pentesting Tools for Quick Results

    Being able to accurately perform a pentest on a network that you are not familiar with takes both knowledge about the underlying infrastructure ...

    Read More

    SOC2

    112 Establishing and Maintaining SOC 2 Compliance

    Many companies, especially start ups, need to maintain a SOC2 certification but would rather not hire a full time CISO. So who is going to make ...

    Read More

    PCI DSS

    113 Preventing Scope Creep in PCI Compliance

    QSAs have to validate the scope of a PCI assessment. It is one of the biggest areas of contention, but limiting scope is of paramount importance ...

    Read More

    Security Program

    114 Controls are Needed on Recoveries from Backup

    Some organizations completely ignore important aspects of the backup recovery and validation process. This creates a significant ongoing data ...

    Read More

    PCI DSS, Security Program

    115 Secure Coding 201: Does it Exist?

    I constantly hear that recent computer science graduates have not even been introduced to the notion of secure coding. They may have been taught ...

    Read More

    Security Program

    116 What Time is It?

    PCI DSS v3.2.1, section 10.4 requires all critical assets to be synchronized for time and recommends using one of the authoritative time sources ...

    Read More

    PCI DSS

    117 A Summary of Deadlines in PCI 3.2

    Everybody - Immediately Existing implementations that use SSL and/or early TLS must have a formal Risk Mitigation and Migration Plan in place ...

    Read More

    PCI DSS

    118 Hidden Service Providers in your PCI DSS Assessment

    Guidance from the PCI Security Standards Council (PCI SSC) suggests that there are overlooked service providers in many assessments. This begs ...

    Read More
    • Security Testing
    • Penetration Testing
    • Social Engineering & Phishing
    • Static Code Analysis
    • Wireless Penetration Testing
    • Compliance
    • CIS Controls
    • ISO 27001
    • PCI DSS
    • SOC 2
    • CIS Controls Gap Analysis
    • PCI DSS Level 1 QSA Assessment
    • PCI DSS SAQ
    • Security Program Development
    • Policy & Procedure Development
    • Risk Assessments
    • Security Awareness Training
    • Security Program Operation
    • Customer Security Questionnaires
    • Vendor Risk Management
    • vCISO
    • Privacy Consulting
    • CCPA
    • GDPR
    • HIPAA
    • GLBA
    • PIPEDA
    • Resources
    • Our Blog
    • Privacy Standards Guide
    • Risk Assessment Guide
    • Security Programs Guide
    • PCI DSS Guide
    • CISO as a Service Guide
    • SOC 2 Guide
    • About
    • About Us
    • Partners, Memberships & Certifications
    • Careers
    truvantis-logo-white@2x-1

    info@truvantis.com

    +1 (415) 422-9844

      © 2022 Truvantis, Inc All Rights Reserved.

      Privacy Policy    Terms of Service