truvantis-logo-reverse@2x
truvantis-logo-main@2x-1
  • Security
    • Security Program Development
      • Policy & Procedure Development
      • Penetration Testing
      • Risk Assessments
      • Static Code Analysis
    • Security Program Operation
      • Customer Security Questionnaires
      • Vendor Risk Management
      • vCISO
      truvantis-security-program

      Are you considering a security program for your organization? We work with clients just like you to implement a modern and reliable security program. Read our security program guide to learn what goes into a security program, who needs to be involved, and more to ensure long-term success.
      Learn More
  • Compliance
      • CIS Controls
      • HITRUST
      • ISO 27001
      • NIST CSF
      • PCI DSS
      • PCI DSS Level 1 QSA Assessment
      • PCI DSS SAQ
      • SOC 2
  • Privacy
      • CCPA
      • GDPR
      • HIPAA
      • GLBA
      • PIPEDA
  • Resources
      • Blog
      • CISO as a Service Guide
      • PCI DSS Guide
      • Privacy Standards Guide
      • Risk Assessment Guide
      • Security Programs Guide
      • SOC 2
  • About
      • Careers
      • Contact Us
      • Our Partners
      • Truvantis Solution Partner Program
  • Contact

    Blog

    Subscribe For Updates

    Recent Posts

    Related Articles By Topic

    Security Program vCISO PCI DSS CISO Privacy Penetration Testing SOC2 Risk Assessment CCPA CIS Controls HIPAA Threat Intelligence Red Teaming CPRA GDPR ISO27001 HITRUST Red Team

    Related Articles By Topic

    • Security Program (74)
    • vCISO (45)
    • PCI DSS (44)
    • CISO (40)
    • Privacy (32)
    • Penetration Testing (28)
    • SOC2 (27)
    • Risk Assessment (20)
    • CCPA (11)
    • CIS Controls (11)
    • HIPAA (11)
    • Threat Intelligence (9)
    • Red Teaming (7)
    • CPRA (6)
    • GDPR (5)
    • ISO27001 (5)
    • HITRUST (1)
    • Red Team (1)
    See all

    Three Reasons to Invest in Enterprise Risk Management

    Cuba Ransomware Attacks Five Critical Sectors in the US

    Tips for Managing the Risks of Merges & Acquisition

    Why did the DoD Introduce an updated Zero Trust Cybersecurity Framework

    SOC 2 Perils and Pitfalls

    DDoS for the Holidays

    The Five-Step Adaptable Risk-based Privacy Program

    Scoping Your ISMS for ISO 27001 Compliance

    The New Trends in Ransomware that Impacted U.S. Businesses in 2022

    Pentesting for PCI DSS

    The Board vs. Security & Privacy Programs

    Finding Peace of Mind in Cybersecurity

    Combined Risk Management for Security, Privacy and Compliance

    Phishing Attacks hit Record High in 2022

    Three Essential Elements of an Adaptable Risk-Based Privacy Program

    Is HITRUST just for Healthcare or Everybody?

    The Top Five Criteria for Selecting Your Penetration Testing Vendor

    Security is the Foundation for Building an Adaptable, Future-Proof Privacy Program

    IoT Security –Who’s Controlling the Machines on Your Network?

    The Three Levels of HITRUST CSF r2 Compliance

    CPRA - Update August 2022

    The Cyber-threat Landscape; Where are we now? August 2022

    Video | The Compliance Equals Security Disconnect

    Security Risk Assessments & Why Compliance Equals Security

    Threat Intelligence: TraderTraitor, Maui Ransomware and the MSTIC H0lyGh0st

    Privacy Law Confusion and The American Data Privacy Protection Act

    How to Evade PCI Compliance

    Building a Privacy Program that Works Across Jurisdictions

    Three Steps to ISO 27001 Compliance

    Solving the Cybersecurity Skills Gap Challenge

    The Compliance Equals Security Disconnect

    What does the CIS Controls Version 8 say about Pen Testing?

    Why you should Pen Test like an Attacker & not an Auditor

    Three Ways to Approach System Hardening using CIS Benchmarks

    Virtual Chief Privacy Officer – Outsource Your Privacy Program

    CPRA - Update June 2022

    18 CIS Controls - an Effective Framework for Security

    Biometric Privacy in the Workplace – What You Need to Know

    Seven Reasons to Implement ISO27001

    Why You Should Hire a Virtual Data Protection Officer (vDPO) Now

    Why API Pen Tests Should go First

    What is a Red Team Test?

    CPRA - Update on Stakeholder Sessions May 4-6, 2022

    Seven Steps to ISO 27001 Certification

    CPRA Update May 2022

    The Fastest Route to SOC 2 Compliance

    PCI DSS 4.0 is Open for Discussion

    The Seven Essential Qualities of a vCISO

    Pen Testing - Why Purple Teams Should Never Exist

    Five Reasons Internal Pen Testing is Necessary

    Using Open Source Intelligence (OSINT) for Attack Surface Analysis

    PCI DSS 4.0 Release!

    Five Steps to Pentesting Wireless

    Guidepost Solutions Acquires Significant Equity Interest in Cybersecurity Solutions Firm Truvantis, Inc.

    How Much Does It Cost to Get a SOC 2 Report?

    Recovering from a Data Breach, a Twelve Step Program

    CPPA Reduces the CPRA Implementation Window for New Privacy Laws

    Four Compliance Standards that can Accelerate Your Sales Team

    Pen Testing the Cloud and Hybrid Environments

    The Hackers Guide to API Penetration Testing

    PCI-DSS –SAD vs. CHD

    PCI DSS Truncation Rules and Guidelines

    Five Ways to Reduce the Cost of PCI DSS Compliance

    Vulnerability Assessment, Penetration Testing, and Red Team Conflation

    Overseeing a vCISO - Translating Information Security to Business Risk

    The Seven Regions of Cyber-Governance

    Three Indicators Your Startup should be SOC 2 Compliant

    Three Ways to Improve Your Bottom Line Using a vCISO

    Data Privacy Tools in 2022

    Cybersecurity – Responsibility vs. Accountability

    The Meaning of SOC from the AICPA

    Combating Feedback Loops with Attack Surface Analysis

    EU Privacy - New GDPR Data Transfer Tools

    The Four Essential Elements of SOC 2 Type 2 Compliance

    vCISO - Stories from the Trenches

    What are the SOC 2 Trust Services Criteria?

    Apache Log4j Vulnerabilities vs. Cybersecurity Risk Management

    How to Be Prepared for PCI DSS v4 in 2022

    Data Privacy - Dates to Watch for in 2022

    Understanding the Business Value of SOC 2 Compliance

    Cybersecurity Threat Landscape 2022, Nine Things You Should Know

    Bridging the gap between CISOs

    State Privacy Law, What's Coming in California CPRA for 2022

    Combating Ransomware Attacks Through Comprehensive Penetration Testing

    Three steps to Cyber Security Programs for CPRA, HIPAA, GDPR, PIPEDA, CCPA.

    The One Reason to Pen Test Data Backup Systems - Ransomware Protection

    The 0-day in the Room Nobody is Talking About: Scope

    PCI DSS Version 4.0: Preparing for the Future

    Timely Update of Risk Assessment and Incident Response for PCI DSS

    Requirements for Written Policies and Procedures for PCI DSS Compliance

    Common Key Controls Tested in PCI DSS Assessments

    Do you have APIs? How do you test them?

    What does a PCI DSS Compliance Program Look Like?

    Vendor Security Assessment Questionnaire Templates

    Destroying Data Securely

    Using a vCISO Service to Achieve and Retain a SOC 2 Certification

    TokenEx and Truvantis: A Combined Solution for Uncompromising Security

    Use a vCISO to Achieve and Maintain PCI DSS Compliance

    Content Security Policy (CSP) HTML Headers

    SOC 2 and Other Security Compliance Merit Badges

    PCI DSS Training Requirements

    How to Achieve Cyber Security Peace of Mind for your Small Business

    Reasons to choose CIS Controls for Cyber Security

    Does Privacy Shield's downfall signal the end of US-EU data transfers?

    Changes to CCPA for 2021

    Video | 11 Steps to Achieve SOC 2 Compliance

    What is “Internal Penetration testing” for PCI DSS requirement 11.3

    What Constitutes a Primary Function for PCI DSS?

    Watch those Vendor Application Change Release Notes like a Hawk!

    Using Cyber Security to Enable Sales

    Due Diligence for PCI DSS Vendor Selection

    PCI DSS - Are Mobile Applications In-scope?

    Diminishing Returns in Cybersecurity

    CIS V7: What's New and What to do

    The Marriott Hack: A Cautionary Tale for Corporate Acquisitions

    Your 7 Step PCI Compliance Checklist

    I never touch Cardholder Data - Does PCI DSS Apply to me?

    The Best Ways to Maintain Your Organization's PCI DSS Documentation

    CCPA grants consumers private right of action - What is that?

    5 Reasons a Qualified Security Assessor Should Validate Your PCI DSS

    When does PCI Compliance Start?

    5 Things You Should Know About PCI DSS Compliance

    It’s More Important Than Ever to Maintain Compliance with PCI DSS

    Documenting the Impact of System Changes for PCI DSS Compliance

    No CCPA Enforcement Delay due to COVID-19

    Coronavirus Cybersecurity Recommendations

    5 Tips for Becoming PCI DSS Compliant

    How to Get the Most Out of a Security Risk Assessment

    7 IT Security Risk Assessment Myths Debunked

    How to Prepare for an Information Security Risk Assessment

    Why You Should Invest in a Professional Security Risk Assessment

    How to Actually Use Your Security Risk Assessment Report

    How to Identify Your Security Risks & Develop a Plan You Can Afford

    The Top Benefits of Using CISO as a Service

    How to Avoid Pitfalls When Hiring a CISO as a Service

    The Advantages of Hiring a vCISO Vendor vs. an In-House CISO

    What to Expect When Using a CISO as a Service

    5 Signs It's Time to Start Using a CISO as a Service

    5 Ways vCISO Can Turbocharge Your Sales Team

    How to Get the Most Out of a CISO as a Service

    The New SOC 2 and You: How You Should Proceed

    Social Engineering in the Retail Industry

    WPA3 for WiFi is here! Almost.

    Social Engineering Within Pentesting

    Changes to SAQs for PCI DSS v3.2.1

    What's new in PCI DSS 3.2.1

    How much Information Security function can you safely outsource?

    Just Walk in the Front Door

    7 Advantages of using a "virtual CISO" (vCISO)

    The Secret Behind VI edit permissions

    Hiding in plain sight: 3 Quick Checks for Low Hanging Fruit

    Nmap sees all things

    Top 5 Free Pentesting Tools for Quick Results

    Establishing and Maintaining SOC 2 Compliance

    Preventing Scope Creep in PCI Compliance

    Controls are Needed on Recoveries from Backup

    Secure Coding 201: Does it Exist?

    What Time is It?

    A Summary of Deadlines in PCI 3.2

    Hidden Service Providers in your PCI DSS Assessment

    Risk Assessment

    1 Three Reasons to Invest in Enterprise Risk Management

    When it comes to a security risk assessment, it's often unclear what you'll receive. Providers use meaningless and misused buzzwords, and there ...

    Read More

    Penetration Testing, Security Program, Risk Assessment, Privacy, Threat Intelligence

    2 Cuba Ransomware Attacks Five Critical Sectors in the US

    Nowadays, the perpetrators of ransomware have gotten more clever in their methods, using complex strategies such as double extortion, in which ...

    Read More

    Threat Intelligence

    3 Tips for Managing the Risks of Merges & Acquisition

    Along with the benefits of capabilities and growth, mergers and acquisitions add new risks to your attack surface. Managing M&A risk should ...

    Read More

    Threat Intelligence

    4 Why did the DoD Introduce an updated Zero Trust Cybersecurity Framework

    The concept of 'Zero Trust, ' which essentially presumes conventional perimeter protections don't exist, has been in cybersecurity for many ...

    Read More

    SOC2, Security Program

    5 SOC 2 Perils and Pitfalls

    Congratulations, product development was successful, and you have the utmost confidence in the capabilities of your new product or service. ...

    Read More

    Threat Intelligence

    6 DDoS for the Holidays

    Many find the holidays season exciting because they can relax, spend time with family and friends, and celebrate traditions. Additionally, most ...

    Read More

    Security Program, Privacy

    7 The Five-Step Adaptable Risk-based Privacy Program

    In today's data-driven economy, an organization's data is its most valuable asset. The landscape of privacy regulations is vast and continuously ...

    Read More

    Security Program, ISO27001

    8 Scoping Your ISMS for ISO 27001 Compliance

    The ISO 27001 standard provides requirements for establishing, implementing, maintaining and continually improving your Information Security ...

    Read More

    Threat Intelligence

    9 The New Trends in Ransomware that Impacted U.S. Businesses in 2022

    Without a doubt, the increased frequency and intensified scale of ransomware attacks are becoming a significant issue for tens of thousands of ...

    Read More

    PCI DSS, Penetration Testing

    10 Pentesting for PCI DSS

    Most industry-recognized security frameworks, including HITRUST, CIS Controls and PCI DSS, stipulate penetration testing requirements as part of ...

    Read More

    CISO, vCISO, Security Program

    11 The Board vs. Security & Privacy Programs

    In a corporation, the board is ultimately accountable to the shareholders for managing risks, including cybersecurity and privacy risk. ...

    Read More

    CISO, vCISO, Security Program

    12 Finding Peace of Mind in Cybersecurity

    Everyone is aware Cybersecurity is a necessity. And regardless of how mature or lacking your current cybersecurity program is, the constantly ...

    Read More

    Privacy

    13 Combined Risk Management for Security, Privacy and Compliance

    Privacy regulations boil down to protecting information. In other words, privacy is about the security of data. The various privacy rights can ...

    Read More

    Threat Intelligence

    14 Phishing Attacks hit Record High in 2022

    According to the Anti-Phishing Working Group (APWG), an international coalition of counter-cybercrime responders, phishing attacks climbed to a ...

    Read More

    Security Program, Privacy

    15 Three Essential Elements of an Adaptable Risk-Based Privacy Program

    Given the complexity and cost of security, privacy and compliance efforts, a comprehensive risk management program is the best overall approach. ...

    Read More

    Security Program, HITRUST

    16 Is HITRUST just for Healthcare or Everybody?

    The Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) is a widely recognized security framework that HITRUST developed ...

    Read More

    Penetration Testing, Security Program

    17 The Top Five Criteria for Selecting Your Penetration Testing Vendor

    According to the hacker news October 2022, researchers reported that organizations using Office 365 Message Encryption (OME),considered obsolete ...

    Read More

    Security Program, Privacy

    18 Security is the Foundation for Building an Adaptable, Future-Proof Privacy Program

    Privacy regulations boil down to protecting information. In other words, privacy is about the security of data. In today’s data-driven economy, ...

    Read More

    Threat Intelligence

    19 IoT Security –Who’s Controlling the Machines on Your Network?

    Internet of things (IoT) devices are prevalent in our home and business lives. Embedded devices have revolutionized manufacturing, industrial, ...

    Read More

    SOC2, CISO, vCISO, Security Program

    20 The Three Levels of HITRUST CSF r2 Compliance

    The Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) is a widely recognized security framework that HITRUST developed ...

    Read More

    Privacy, CPRA

    21 CPRA - Update August 2022

    The California Privacy Protection Agency (CPPA) Board held a public meeting on August 24-25 at the Elihu M. Harris State Office 1515 Clay St. ...

    Read More

    Threat Intelligence

    22 The Cyber-threat Landscape; Where are we now? August 2022

    Headlines: Experts agree remote workers and BYOD have permanently changed the threat landscape. Quantum computing is emerging as an ...

    Read More

    SOC2, CISO, vCISO, Security Program

    23 Video | The Compliance Equals Security Disconnect

    Topic: The Compliance Equals Security Disconnect “Use the tools at your disposal correctly, stay current on threats, monitor your security ...

    Read More

    SOC2, CISO, vCISO, Security Program

    24 Security Risk Assessments & Why Compliance Equals Security

    You likely need a risk assessment for compliance. PCI DSS 4.0, SOC2, ISO 27001, NIST, HIPAA, and other standards require a risk assessment as a ...

    Read More

    Threat Intelligence

    25 Threat Intelligence: TraderTraitor, Maui Ransomware and the MSTIC H0lyGh0st

    In the news recently,  more hijinks from our infamous foes, North Korean state-sponsored attackers; The evolving gang of thugs who brought us ...

    Read More

    HIPAA, Privacy, CCPA, GDPR, CPRA

    26 Privacy Law Confusion and The American Data Privacy Protection Act

    The American Data Privacy Protection Act currently making its way to the House floor is not just another privacy bill destined for failure. On ...

    Read More

    PCI DSS

    27 How to Evade PCI Compliance

    The Payment Card Industry Data Security Standard (PCI DSS) compliance can be expensive for financial institutions and transaction processors ...

    Read More

    Privacy

    28 Building a Privacy Program that Works Across Jurisdictions

    Privacy and security were historically two separate disciplines. However, over the years, the two have grown closer together. Moreover, as the ...

    Read More

    CISO, vCISO, Security Program, Risk Assessment, ISO27001

    29 Three Steps to ISO 27001 Compliance

    ISO27001 is the certifiable ISO standard that describes how to manage an Information Security Management System (ISMS) securely. 27001 is ...

    Read More

    SOC2, CISO, vCISO, Security Program

    30 Solving the Cybersecurity Skills Gap Challenge

    All organizations face the challenges of new cybersecurity and privacy laws, a sharp increase in cybersecurity litigation, and the ceaseless ...

    Read More

    SOC2, CISO, vCISO, Security Program

    31 The Compliance Equals Security Disconnect

    "Compliance is NOT Security" You hear this common lament from security professionals, "Compliance is not security." This remark has always ...

    Read More

    Penetration Testing, CIS Controls, Security Program

    32 What does the CIS Controls Version 8 say about Pen Testing?

    Independent penetration testing provides critical objective insights about vulnerabilities in organizational defenses and mitigating controls. ...

    Read More

    Penetration Testing

    33 Why you should Pen Test like an Attacker & not an Auditor

    Penetration testing uses creative, blended attacks like real-world adversaries to find weaknesses in tested systems. By simulating real-world ...

    Read More

    CIS Controls

    34 Three Ways to Approach System Hardening using CIS Benchmarks

    Out of the box, most operating systems are configured insecurely. OS hardening minimizes an operating system's exposure to threats by properly ...

    Read More

    CISO, vCISO, Security Program, Privacy

    35 Virtual Chief Privacy Officer – Outsource Your Privacy Program

    The fact that each state in the U.S. seems to have specific privacy laws with no central comprehensive federal law makes it difficult to know ...

    Read More

    Privacy, CPRA

    36 CPRA - Update June 2022

    The California Privacy Protection Agency Board held a public meeting on June 8 in Oakland, CA to further the CPRA rulemaking process. The agenda ...

    Read More

    SOC2, HIPAA, CIS Controls, Security Program

    37 18 CIS Controls - an Effective Framework for Security

    You can achieve Information security by complying with an adequate set of security policies, standards, and procedures. Of course, there is no ...

    Read More

    Privacy, CCPA

    38 Biometric Privacy in the Workplace – What You Need to Know

    The complex legal landscape surrounding privacy, including biometrics, continues to evolve at the state level. Arduous legislation has led to ...

    Read More

    CISO, vCISO, Security Program, Risk Assessment, ISO27001

    39 Seven Reasons to Implement ISO27001

    One of the best ways to demonstrate the suitability of your Information Security Management System (ISMS) to your organization, customers, and ...

    Read More

    PCI DSS, SOC2, CISO, vCISO, CIS Controls, Security Program, Privacy, Red Teaming

    40 Why You Should Hire a Virtual Data Protection Officer (vDPO) Now

    The Data Protection Officer (DPO) is a role required by the EU General Data Protection Regulation (GDPR). If your organization is subject to ...

    Read More

    Penetration Testing, Security Program, Risk Assessment

    41 Why API Pen Tests Should go First

    In today's interconnected world, application programming interfaces (APIs) have rapidly become predominant tools for sharing data and providing ...

    Read More

    Penetration Testing, Security Program, Red Team, Red Teaming

    42 What is a Red Team Test?

    Red Teams are often confused with penetration testers due to their overlap in practices and skills, but we believe they are not the same. ...

    Read More

    Privacy, CPRA

    43 CPRA - Update on Stakeholder Sessions May 4-6, 2022

    The California Privacy Rights Act (CPRA) evolution continues with lively public debate in May, where much of the focus is on data collection and ...

    Read More

    CISO, vCISO, Security Program, Risk Assessment, ISO27001

    44 Seven Steps to ISO 27001 Certification

    One of the best ways to demonstrate the suitability of your Information Security Management System (ISMS) to your organization, customers, and ...

    Read More

    Privacy, GDPR, CPRA

    45 CPRA Update May 2022

    The California Privacy Protection Agency (CPPA) is holding pre-rulemaking stakeholder sessions via zoom this week Wed May 4 –6. The sessions are ...

    Read More

    SOC2

    46 The Fastest Route to SOC 2 Compliance

    Achieving SOC 2 compliance is a competitive advantage, and many times, it is critical to make a sale. SOC 2 reports are often used throughout ...

    Read More

    PCI DSS

    47 PCI DSS 4.0 is Open for Discussion

    The PCI Data Security Standard (PCI DSS) is a global standard of technical and operational requirements for merchants and service providers who ...

    Read More

    PCI DSS, SOC2, CISO, vCISO, CIS Controls, Security Program, Privacy, Red Teaming

    48 The Seven Essential Qualities of a vCISO

    Not every business can internally support the staffing and resources necessary to independently develop robust cybersecurity and privacy ...

    Read More

    Penetration Testing, Security Program

    49 Pen Testing - Why Purple Teams Should Never Exist

    Purple teams are a controversial topic among cybersecurity professionals. There seems to be industry confusion regarding the definitions of ...

    Read More

    Penetration Testing, Security Program

    50 Five Reasons Internal Pen Testing is Necessary

    Sometimes the best defense is a good offense.  In cybersecurity, you need to think like real-world attackers.  Security practitioners do this ...

    Read More

    Penetration Testing, Security Program

    51 Using Open Source Intelligence (OSINT) for Attack Surface Analysis

    As the world grows more interconnected through social media and digital communications, relevant information available to attackers grows ...

    Read More

    PCI DSS

    52 PCI DSS 4.0 Release!

    Earlier this month, the Payment Card Industry Security Standards Council (PCI SSC) published the official PCI DSS version 4.0. Over the next few ...

    Read More

    Penetration Testing, Security Program

    53 Five Steps to Pentesting Wireless

    Wireless access points can be easy targets for a cybercriminal to breach your system. Whether installed by stealth or just innocently by shadow ...

    Read More

    Security Program

    54 Guidepost Solutions Acquires Significant Equity Interest in Cybersecurity Solutions Firm Truvantis, Inc.

    Truvantis Forms Strategic Partnership to Address Expanding Cybersecurity Risks Guidepost Solutions LLC, a global leader in domestic and ...

    Read More

    SOC2

    55 How Much Does It Cost to Get a SOC 2 Report?

    Maybe you've been asked to provide a SOC 2 report as part of the sales cycle, or you anticipate you will need SOC 2 compliance at some point. ...

    Read More

    CISO, vCISO, Security Program

    56 Recovering from a Data Breach, a Twelve Step Program

    According to the IBM Cost of a Data Breach Report 2021:  Average data breach costs rose 10% between 2020 and 2021, from $3.86 million to $4.24 ...

    Read More

    Privacy, CPRA

    57 CPPA Reduces the CPRA Implementation Window for New Privacy Laws

    During a public board meeting on February 17, 2022, the California Privacy Protection Agency (CPPA) indicated it would likely miss the July 1, ...

    Read More

    PCI DSS, SOC2, CISO, vCISO, CIS Controls, Security Program

    58 Four Compliance Standards that can Accelerate Your Sales Team

    Businesses must comply with a mixture of international, industry-specific and state-mandated cybersecurity regulations and require their vendors ...

    Read More

    Penetration Testing, Security Program

    59 Pen Testing the Cloud and Hybrid Environments

    Cloud technologies enable companies to build and run scalable applications in dynamic public, private, and hybrid environments. Containers, ...

    Read More

    Penetration Testing, Security Program, Red Teaming

    60 The Hackers Guide to API Penetration Testing

    Pen testing has traditionally focused on realistic simulated attacks on your network, operating systems and applications. In today's ...

    Read More

    PCI DSS

    61 PCI-DSS –SAD vs. CHD

    When it comes to handling payment cardholder data, PCI DSS has many rules about what you must and must not do when it comes to handling payment ...

    Read More

    PCI DSS

    62 PCI DSS Truncation Rules and Guidelines

    The PCI Security Standards Council's redefined truncation rules are a mess.

    Read More

    PCI DSS

    63 Five Ways to Reduce the Cost of PCI DSS Compliance

    If your company stores, processes, or transmits cardholder data, you need PCI DSS compliance. According to the Verizon 2020 Payment Security ...

    Read More

    Penetration Testing, Security Program, Red Teaming

    64 Vulnerability Assessment, Penetration Testing, and Red Team Conflation

    Red Team vs. Penetration Test vs. Vulnerability Assessment - Seven characteristics that set these services apart and why it matters to you.

    Read More

    CISO, vCISO, Security Program

    65 Overseeing a vCISO - Translating Information Security to Business Risk

    Most experts agree that the Chief Information Security Officer (CISO) role is a business necessity in today's cyber - risky environment . ...

    Read More

    Security Program, Privacy

    66 The Seven Regions of Cyber-Governance

    Privacy, cybersecurity, and Compliance are distinct practices with distinct goals. The three disciplines work together to build trust and ...

    Read More

    SOC2, Security Program

    67 Three Indicators Your Startup should be SOC 2 Compliant

    A System and Organization Controls 2 (SOC 2) compliant report is an industry-recognized standard for demonstrating the efficacy of information ...

    Read More

    CISO, vCISO, Security Program

    68 Three Ways to Improve Your Bottom Line Using a vCISO

    In today's cyber-risky environment, most experts agree that the role of a Chief Information Security Officer (CISO) is a business ...

    Read More

    HIPAA, Privacy, CCPA, GDPR

    69 Data Privacy Tools in 2022

    Three Types of Data Privacy Tools for 2022 Organizations are under extreme pressure to mitigate emerging risks and keep pace with changing ...

    Read More

    CISO, vCISO, Security Program

    70 Cybersecurity – Responsibility vs. Accountability

    Responsibility vs. Accountability for Oversight of Cybersecurity  The need to manage cybersecurity and privacy risk is generally accepted. In ...

    Read More

    SOC2, vCISO

    71 The Meaning of SOC from the AICPA

    What does SOC mean and why does it matter? How did a CPA organization come to audit information systems for cybersecurity and privacy controls? ...

    Read More

    Penetration Testing, Security Program, Risk Assessment, Red Teaming

    72 Combating Feedback Loops with Attack Surface Analysis

    Everyone knows there are threats out there hell-bent on destroying our organizations. Innovative businesses everywhere are taking a risk-based ...

    Read More

    HIPAA, Privacy, CCPA, GDPR

    73 EU Privacy - New GDPR Data Transfer Tools

    New EU data privacy laws impact companies in 2022.  In June 2021, the European Commission adopted a new set of standard contractual clauses ...

    Read More

    SOC2, Security Program

    74 The Four Essential Elements of SOC 2 Type 2 Compliance

    The Type 2 audit measures your organizations’ ability to maintain security, availability, processing integrity, privacy, and ...

    Read More

    SOC2, CISO, vCISO, Security Program

    75 vCISO - Stories from the Trenches

    Disasters, heroics, funny stories, and impacts to business success  Nate Hartman describes a six-month stint as an acting CISO or virtual CISO ...

    Read More

    SOC2, CISO, vCISO, Security Program

    76 What are the SOC 2 Trust Services Criteria?

    The SOC 2 Trust Services Criteria (TSCs) for information technology, is a framework for designing, implementing and evaluating information ...

    Read More

    Security Program, Privacy

    77 Apache Log4j Vulnerabilities vs. Cybersecurity Risk Management

    Apache Log4j Vulnerabilities vs. GRC  On December 10, Apache released details about a Log4j-core vulnerability nicknamed "Log4Shell". It ...

    Read More

    PCI DSS

    78 How to Be Prepared for PCI DSS v4 in 2022

    Discussions about PCI DSS v4 became all the rage with the release of the first Request for Comments (RFC) back in 2019, and those discussions ...

    Read More

    HIPAA, Privacy, CCPA, GDPR

    79 Data Privacy - Dates to Watch for in 2022

    Data Privacy - Dates to Watch for in 2022-23 Information privacy is the right of consumers to have some control over how their personal ...

    Read More

    SOC2, CISO, vCISO, Security Program

    80 Understanding the Business Value of SOC 2 Compliance

    System and Organizational Controls 2 (SOC 2) is sometimes known as Service Organization Controls. Maintained by the American Institute of ...

    Read More

    PCI DSS, Security Program, Privacy

    81 Cybersecurity Threat Landscape 2022, Nine Things You Should Know

    In 2021 cybersecurity professionals faced the same vulnerabilities and attacks as decades before, just more nefarious, persistent, and ...

    Read More

    SOC2, CISO, vCISO, Security Program, Risk Assessment

    82 Bridging the gap between CISOs

    Facing the challenges of new cybersecurity and privacy laws, a sharp increase in cybersecurity litigation, and the ceaseless evolution of ...

    Read More

    Privacy, CCPA

    83 State Privacy Law, What's Coming in California CPRA for 2022

    What's new with State Privacy Laws?  CPRA applies to all data collected as of Jan 1, 2022.  In 2018 California became the first US state to give ...

    Read More

    Penetration Testing, Security Program, Risk Assessment

    84 Combating Ransomware Attacks Through Comprehensive Penetration Testing

    Ransomware is still a major threat. In fact, the Tactics, Techniques and Procedures (TTP's) of  ransomware gangs have evolved so much that it ...

    Read More

    Privacy

    85 Three steps to Cyber Security Programs for CPRA, HIPAA, GDPR, PIPEDA, CCPA.

    Many new data privacy laws are emerging. Businesses must continually prove privacy compliance. Review current data privacy laws and get advice ...

    Read More

    CISO, vCISO, Penetration Testing, HIPAA, Security Program, Risk Assessment

    86 The One Reason to Pen Test Data Backup Systems - Ransomware Protection

    At the heart of your disaster recovery plan, organizations often disregard data backup and recovery systems when it comes to pen testing and ...

    Read More

    PCI DSS, CISO, vCISO, Penetration Testing, HIPAA, Security Program, Risk Assessment, Red Teaming

    87 The 0-day in the Room Nobody is Talking About: Scope

    Scope is an important shaping tool that, when leveraged properly, can help enhance engagement outcomes during penetration testing, red team and ...

    Read More

    PCI DSS

    88 PCI DSS Version 4.0: Preparing for the Future

    The first quarter of the year 2022 should be an exciting time for everyone working with PCI DSS. The PCI Security Standards Council is scheduled ...

    Read More

    PCI DSS

    89 Timely Update of Risk Assessment and Incident Response for PCI DSS

    The PCI DSS compliance model depends on risk assessment and mitigation. The testing instructions for PCI DSS published by the PCI Security ...

    Read More

    PCI DSS

    90 Requirements for Written Policies and Procedures for PCI DSS Compliance

    I often come across clients whose documentation is missing a policy or a procedure that PCI DSS requires. “That will never happen here” or “We ...

    Read More

    PCI DSS

    91 Common Key Controls Tested in PCI DSS Assessments

    As a company interested or required to become PCI DSS compliant, there is a list of key controls you must have in place, and appropriate ...

    Read More

    Penetration Testing, Security Program, CCPA, ISO27001

    92 Do you have APIs? How do you test them?

    Application Program Interfaces (APIs) have changed in nature in recent years and are increasingly (and sometimes inadvertently) being made ...

    Read More

    PCI DSS, vCISO, Security Program

    93 What does a PCI DSS Compliance Program Look Like?

    You receive a letter from your bank: “Congratulations, you just passed 2.5M credit card impressions in the last 12 months.” (Break out the ...

    Read More

    CISO, vCISO, Security Program

    94 Vendor Security Assessment Questionnaire Templates

    Tired of filling out vendor security assessment questionnaires or shared assessment SIG templates? A vCISO service could be just the right thing ...

    Read More

    PCI DSS, Security Program, Privacy

    95 Destroying Data Securely

    In the days of Solid-State Disks (SSD), RAID10 disk drive arrays, databases taking snapshots of data, automated backups, and active-active data ...

    Read More

    SOC2, CISO, vCISO, Security Program

    96 Using a vCISO Service to Achieve and Retain a SOC 2 Certification

    CSO Online, which knows plenty about what goes into ensuring security, makes a strong case for hiring a virtual Chief Information Security ...

    Read More

    PCI DSS, Privacy

    97 TokenEx and Truvantis: A Combined Solution for Uncompromising Security

    Modern organizations must collect and store sensitive personal and payment data to process payments, compile analytics, and enable users to get ...

    Read More

    PCI DSS, CISO, vCISO

    98 Use a vCISO to Achieve and Maintain PCI DSS Compliance

    PCI is a strong security Framework. If you are a business owner, you have probably heard about the PCI DSS (Payment Card Industry Data Security ...

    Read More

    PCI DSS

    99 Content Security Policy (CSP) HTML Headers

    A number of years ago I was trying to renew my subscription to a well-known antivirus tool and found that there were 37 different URLs invoked ...

    Read More

    SOC2, vCISO

    100 SOC 2 and Other Security Compliance Merit Badges

    Whether or not you are a tinfoil-hat wearing paranoid, you need a strong cybersecurity posture to support sales! These days most of your ...

    Read More

    PCI DSS

    101 PCI DSS Training Requirements

    The PCI DSS standard ostensibly only has a few training requirements which, in my experience, most organizations do a good job of keeping up ...

    Read More

    CISO, vCISO, Security Program, Privacy

    102 How to Achieve Cyber Security Peace of Mind for your Small Business

    Small businesses, including start-ups, need a cybersecurity and privacy program, period. It is a matter of driving sales, client trust, as well ...

    Read More

    SOC2, HIPAA, CIS Controls, Security Program

    103 Reasons to choose CIS Controls for Cyber Security

    Reasons to choose CIS Controls for your cyber security program  It started with a few select people in a room. It was called “Project Insight” ...

    Read More

    HIPAA, Security Program, Privacy, CCPA

    104 Does Privacy Shield's downfall signal the end of US-EU data transfers?

    EU data protection and privacy requirements, currently established primarily in the General Data Protection Regulation (GDPR), generally ...

    Read More

    Privacy, CCPA

    105 Changes to CCPA for 2021

    January 1, 2021 will be the one year anniversary of the California Consumer Privacy Act (CCPA) going into effect, at least in theory. Forced ...

    Read More

    SOC2, CISO, vCISO, Security Program

    106 Video | 11 Steps to Achieve SOC 2 Compliance

    Are you looking to start your SOC 2 Audit for this year? Here is a video that will guide you through your first SOC 2 audit using 11 steps.  ...

    Read More

    PCI DSS, vCISO, Penetration Testing, Security Program

    107 What is “Internal Penetration testing” for PCI DSS requirement 11.3

    Introduction PCI DSS requires Internal, External Penetration testing, and Segmentation testing. But these terms are not crisply defined. In ...

    Read More

    PCI DSS

    108 What Constitutes a Primary Function for PCI DSS?

    PCI DSS requirement 2.2.1.a says “describe how system configurations verified that only one primary function per server is implemented.”

    Read More

    PCI DSS

    109 Watch those Vendor Application Change Release Notes like a Hawk!

    At a client site recently I was watching a customer service rep as she performed her duties during a PCI DSS interview, and noticed that when ...

    Read More

    SOC2, CISO, vCISO, Security Program, Privacy

    110 Using Cyber Security to Enable Sales

    Information security and privacy programs are generally about managing risk, but they can also impact your sales team by either slowing down or ...

    Read More

    PCI DSS

    111 Due Diligence for PCI DSS Vendor Selection

    PCI DSS Requirement 12.8 dictates that any organization involved in payment card processing—including merchants, processors, acquirers, issuers, ...

    Read More

    PCI DSS

    112 PCI DSS - Are Mobile Applications In-scope?

    Say you are interested in developing an application that runs on consumers’ devices and this application of yours will be used to accept payment ...

    Read More

    Security Program, Risk Assessment

    113 Diminishing Returns in Cybersecurity

    If you have ever taken a course in economics, then you should know a thing or two about the law of diminishing returns. It may very well be the ...

    Read More

    CIS Controls, Security Program

    114 CIS V7: What's New and What to do

    The CIS controls are a body of best practice for information security, curated by the Center for Internet Security, regarding how organizations ...

    Read More

    Penetration Testing, Security Program, Risk Assessment

    115 The Marriott Hack: A Cautionary Tale for Corporate Acquisitions

    The case of the Marriott hack is, at once, an alarming prospect for the chain’s previous guests and an invaluable case study for any ...

    Read More

    PCI DSS

    116 Your 7 Step PCI Compliance Checklist

    The journey towards payment card industry data security standard (PCI DSS) compliance can seem daunting. While there are only a handful of ...

    Read More

    PCI DSS, Security Program

    117 I never touch Cardholder Data - Does PCI DSS Apply to me?

    Payment cards have been around a long time, and nefarious schemes to take advantage of them have been around almost as long. Since most people ...

    Read More

    PCI DSS

    118 The Best Ways to Maintain Your Organization's PCI DSS Documentation

    Becoming compliant with payment card industry data security standard (PCI DSS) protocols can be a time-consuming process — but it’s a ...

    Read More

    Privacy, CCPA

    119 CCPA grants consumers private right of action - What is that?

    The California Consumer Privacy Act (CCPA) is a California state law protecting the personal information (PI) of California residents ...

    Read More

    PCI DSS

    120 5 Reasons a Qualified Security Assessor Should Validate Your PCI DSS

    For businesses that store, process, and transmit cardholder data, you know that you must comply with the Payment Card Industry Data Security ...

    Read More

    PCI DSS

    121 When does PCI Compliance Start?

    The GDPR mantra of security and privacy “by design and by default” reminds us that in every respect of a new product program security and ...

    Read More

    PCI DSS

    122 5 Things You Should Know About PCI DSS Compliance

    The PCI Security Standards compliance rules have been around since 2006. Despite more than a decade and a half of payment security protection, ...

    Read More

    PCI DSS

    123 It’s More Important Than Ever to Maintain Compliance with PCI DSS

    We hope you are all safely sequestered in your homes (whether your Governor has issued an order or not), and that you’ve successfully navigated ...

    Read More

    PCI DSS

    124 Documenting the Impact of System Changes for PCI DSS Compliance

    PCI DSS requirement 6.4.5.1 says that change documentation must include an assessment of the impact of the change “so that all affected parties ...

    Read More

    CISO, vCISO, Privacy, CCPA

    125 No CCPA Enforcement Delay due to COVID-19

    CA Attorney General will not delay CCPA enforcement due to COVID-19 An expansive new regulation like the California Consumer Privacy Act is ...

    Read More

    Penetration Testing, CIS Controls, Security Program, Risk Assessment

    126 Coronavirus Cybersecurity Recommendations

    In these difficult times, as many of us adapt to the disruptive new-normal of distance working, a robust information security program becomes ...

    Read More

    PCI DSS

    127 5 Tips for Becoming PCI DSS Compliant

    The Payment Card Industry Data Security Standard (PCI DSS) is required by contract for those handling cardholder data, whether you are a startup ...

    Read More

    Risk Assessment

    128 How to Get the Most Out of a Security Risk Assessment

    Many companies are required to perform a security risk assessment to check off a compliance box. While this mandatory analysis can seem like a ...

    Read More

    Risk Assessment

    129 7 IT Security Risk Assessment Myths Debunked

    Though the use of security risk assessments is widespread, often because they are mandated by compliance standards, there are a number of false ...

    Read More

    Risk Assessment

    130 How to Prepare for an Information Security Risk Assessment

    It’s finally time for the security risk assessment you’ve been pushing off…  You may have been delaying because you believe risk assessments ...

    Read More

    Risk Assessment

    131 Why You Should Invest in a Professional Security Risk Assessment

    Whether you have to perform a security risk assessment to meet compliance requirements or to improve a specific aspect of your security, such an ...

    Read More

    Risk Assessment

    132 How to Actually Use Your Security Risk Assessment Report

    You just received the results from your security risk assessment, but now what? It’s not uncommon for companies to perform this analysis only to ...

    Read More

    Risk Assessment

    133 How to Identify Your Security Risks & Develop a Plan You Can Afford

    When it comes to conducting security risk assessments, it can be difficult knowing where to get started. Even after identifying your scope and ...

    Read More

    CISO, vCISO

    134 The Top Benefits of Using CISO as a Service

    You could hire a Chief Information Security Officer (CISO) to help oversee your day-to-day security activities. Or, you take the stress and ...

    Read More

    CISO, vCISO

    135 How to Avoid Pitfalls When Hiring a CISO as a Service

    You’ve realized that hiring a CISO as a Service is probably your best bet for managing a better cybersecurity program. Maybe you experienced a ...

    Read More

    CISO, vCISO

    136 The Advantages of Hiring a vCISO Vendor vs. an In-House CISO

    You need someone to manage your business’ security program, and while this is a necessity, you have options for how you choose to protect your ...

    Read More

    CISO, vCISO

    137 What to Expect When Using a CISO as a Service

    We’ve found that some companies resist utilizing a CISO as a Service because they ultimately aren’t sure what to expect. They’ve heard that ...

    Read More

    CISO, vCISO

    138 5 Signs It's Time to Start Using a CISO as a Service

    You’re busy at work, focused on meeting daily deadlines and on achieving your overall mission. But while you’re laser-focused on your day-to-day ...

    Read More

    CISO, vCISO

    139 5 Ways vCISO Can Turbocharge Your Sales Team

    Sales are complicated. You’re not just articulating the facts about your product or service, you are also navigating emotions and perception to ...

    Read More

    CISO, vCISO

    140 How to Get the Most Out of a CISO as a Service

    You’ve been weighing the advantages of hiring a CISO as a Service or vCISO over hiring an internal team and finally decided that a professional ...

    Read More

    SOC2, vCISO

    141 The New SOC 2 and You: How You Should Proceed

    Under mounting pressure to keep up with an ever-changing body of regulations and increased demands for transparency, The American Institute of ...

    Read More

    CISO, Security Program

    142 Social Engineering in the Retail Industry

    The retail industry is one of the most crucial pillars propping up the United States’ economy. Without it, approximately 42 million Americans—a ...

    Read More

    Security Program

    143 WPA3 for WiFi is here! Almost.

    Choosing the correct form of encryption will always be a game with moving goalposts. Encryption algorithms and associated transport protocols ...

    Read More

    Penetration Testing

    144 Social Engineering Within Pentesting

    Pentesting the People; social engineering is an easy vulnerability When it comes to penetration testing of an enterprise, you instantly think ...

    Read More

    PCI DSS

    145 Changes to SAQs for PCI DSS v3.2.1

    Last month I wrote about the new PCI DSS standard version 3.2.1 and how nothing of significance had changed. Though that remains true, the ...

    Read More

    PCI DSS

    146 What's new in PCI DSS 3.2.1

    In May 2018, the PCI Security Standards Council, the authors of the PCI DSS standard, issued a new version of that standard - version 3.2.1. ...

    Read More

    vCISO, HIPAA, CIS Controls, Security Program

    147 How much Information Security function can you safely outsource?

    Outsourcing is now very common among technology companies. Sometimes a whole function is delegated externally such as accounting, HR, marketing. ...

    Read More

    Penetration Testing

    148 Just Walk in the Front Door

    As an aspiring penetration tester, it is not always the extensive rootkits or the backdoor metasploit exploits that you need to focus on with ...

    Read More

    PCI DSS, SOC2, CISO, vCISO, HIPAA, CIS Controls, Security Program

    149 7 Advantages of using a "virtual CISO" (vCISO)

    A growing trend in the world of Cyber Security is companies outsourcing of some or all of their Information Security teams. This can be just a ...

    Read More

    Penetration Testing

    150 The Secret Behind VI edit permissions

    The art of penetration testing is one that takes a lot of fore-learned knowledge about a specific technology and system in order to really ...

    Read More

    Penetration Testing

    151 Hiding in plain sight: 3 Quick Checks for Low Hanging Fruit

    Being able to quickly knock out the low hanging fruit vulnerabilities as a pen-tester is a matter of having a knowledge of their existence and ...

    Read More

    Penetration Testing

    152 Nmap sees all things

    A big part of penetration testing is recon and discovery. If you cannot properly identify the network you are testing, you may be missing ...

    Read More

    Penetration Testing

    153 Top 5 Free Pentesting Tools for Quick Results

    Being able to accurately perform a pentest on a network that you are not familiar with takes both knowledge about the underlying infrastructure ...

    Read More

    SOC2

    154 Establishing and Maintaining SOC 2 Compliance

    Many companies, especially start ups, need to maintain a SOC2 certification but would rather not hire a full time CISO. So who is going to make ...

    Read More

    PCI DSS

    155 Preventing Scope Creep in PCI Compliance

    QSAs have to validate the scope of a PCI assessment. It is one of the biggest areas of contention, but limiting scope is of paramount importance ...

    Read More

    Security Program

    156 Controls are Needed on Recoveries from Backup

    Some organizations completely ignore important aspects of the backup recovery and validation process. This creates a significant ongoing data ...

    Read More

    PCI DSS, Security Program

    157 Secure Coding 201: Does it Exist?

    I constantly hear that recent computer science graduates have not even been introduced to the notion of secure coding. They may have been taught ...

    Read More

    Security Program

    158 What Time is It?

    PCI DSS v3.2.1, section 10.4 requires all critical assets to be synchronized for time and recommends using one of the authoritative time sources ...

    Read More

    PCI DSS

    159 A Summary of Deadlines in PCI 3.2

    Everybody - Immediately Existing implementations that use SSL and/or early TLS must have a formal Risk Mitigation and Migration Plan in place ...

    Read More

    PCI DSS

    160 Hidden Service Providers in your PCI DSS Assessment

    Guidance from the PCI Security Standards Council (PCI SSC) suggests that there are overlooked service providers in many assessments. This begs ...

    Read More
    • Security Testing
    • Penetration Testing
    • Social Engineering & Phishing
    • Static Code Analysis
    • Wireless Penetration Testing
    • Compliance
    • CIS Controls
    • CIS Controls Gap Analysis
    • HITRUST
    • ISO 27001
    • NIST CSF
    • PCI DSS
    • PCI DSS Level 1 QSA Assessment
    • PCI DSS SAQ
    • SOC 2
    • Security Program Development
    • Policy & Procedure Development
    • Risk Assessments
    • Security Awareness Training
    • Security Program Operation
    • Customer Security Questionnaires
    • Vendor Risk Management
    • vCISO
    • Privacy Consulting
    • CCPA
    • GDPR
    • HIPAA
    • GLBA
    • PIPEDA
    • Resources
    • Our Blog
    • CISO as a Service Guide
    • Privacy Standards Guide
    • PCI DSS Guide
    • Risk Assessment Guide
    • Security Programs Guide
    • SOC 2 Guide
    • About
    • About Us
    • Careers
    • Partners, Memberships & Certifications
    • Truvantis Solution Partner Program
    truvantis-logo-white@2x-1

    info@truvantis.com

    +1 (415) 422-9844

      © 2022 Truvantis, Inc All Rights Reserved.

      Privacy Policy    Terms of Service