CISO, vCISO, Security Program

Overseeing a vCISO - Translating Information Security to Business Risk

Most experts agree that the Chief Information Security Officer (CISO) role is a business necessity in today's cyber - risky environment . According to a Deloitte 2021 survey, companies listed security, privacy, demonstrating compliance, and improving efficiency and cyber -

Read More

CISO, vCISO, Security Program

Three Ways to Improve Your Bottom Line Using a vCISO

In today's cyber-risky environment, most experts agree that the role of a Chief Information Security Officer (CISO) is a business necessity. According to a Deloitte 2021 survey, companies listed security, privacy, demonstrating

Read More

CISO, vCISO, Security Program

Cybersecurity – Responsibility vs. Accountability

Responsibility vs. Accountability for Oversight of Cybersecurity  The need to manage cybersecurity and privacy risk is generally accepted. In many organizations, it may even be clear who is doing it. However, there is often a lack of clarity over

Read More

SOC2, CISO, vCISO, Security Program

vCISO - Stories from the Trenches

Disasters, heroics, funny stories, and impacts to business success  Nate Hartman describes a six-month stint as an acting CISO or virtual CISO (vCISO) at a fast-paced Silicon Valley tech company.  

Read More

SOC2, CISO, vCISO, Security Program

What are the SOC 2 Trust Services Criteria?

The SOC 2 Trust Services Criteria (TSCs) for information technology, is a framework for designing, implementing and evaluating information system controls. The purpose of controls is to ensure your information system can meet its objectives. The

Read More

SOC2, CISO, vCISO, Security Program

Understanding the Business Value of SOC 2 Compliance

System and Organizational Controls 2 (SOC 2) is sometimes known as Service Organization Controls. Maintained by the American Institute of Certified Public Accountants (AICPA), SOC 2 is a standard for auditing and reporting on the efficacy of

Read More

SOC2, CISO, vCISO, Security Program, Risk Assessment

Bridging the gap between CISOs

Facing the challenges of new cybersecurity and privacy laws, a sharp increase in cybersecurity litigation, and the ceaseless evolution of ransomware and cyberthreats, the role of Chief Information Security Officer (CISO) has become critical to

Read More

CISO, vCISO, Penetration Testing, HIPAA, Security Program, Risk Assessment

The One Reason to Pen Test Data Backup Systems - Ransomware Protection

At the heart of your disaster recovery plan, organizations often disregard data backup and recovery systems when it comes to pen testing and maintaining security. Vulnerable backup systems make for an attractive target by ransomware gangs, grief/

Read More

PCI DSS, CISO, vCISO, Penetration Testing, HIPAA, Security Program, Risk Assessment, Red Teaming

The 0-day in the Room Nobody is Talking About: Scope

Scope is an important shaping tool that, when leveraged properly, can help enhance engagement outcomes during penetration testing, red team and other security operations. Like any tool, however, when used incorrectly it can have devastating

Read More

CISO, vCISO, Security Program

Vendor Security Assessment Questionnaire Templates

Tired of filling out vendor security assessment questionnaires or shared assessment SIG templates? A vCISO service could be just the right thing for you. Is your sales team coming to you with deals that won’t close until you’ve filled out yet

Read More