HIPAA, Security Program, CCPA

Data Breach in the Healthcare Industry – The High Cost of Doing Nothing

As technology advances and the reliance on digital systems grows, the risk of data breaches in the health-tech sector has increased significantly. This article explores the implications healthcare providers face following data breaches, focusing on a recent cyberattack on Regal

Read More

HIPAA, Privacy, CCPA, GDPR, CPRA

Privacy Law Confusion and The American Data Privacy Protection Act

The American Data Privacy Protection Act currently making its way to the House floor is not just another privacy bill destined for failure. On the contrary, unlike past attempts, today's political climate is ripe for action in the wake of the

Read More

SOC2, HIPAA, CIS Controls, Security Program

18 CIS Controls - an Effective Framework for Security

You can achieve Information security by complying with an adequate set of security policies, standards, and procedures. Of course, there is no such thing as 100% secure, but if you comply with an appropriate set of security policies, standards, and

Read More

HIPAA, Privacy, CCPA, GDPR

Data Privacy Tools in 2022

Three Types of Data Privacy Tools for 2022 Organizations are under extreme pressure to mitigate emerging risks and keep pace with changing regulatory requirements. The frantic pace of new privacy laws layered onto the increasing complexity of modern

Read More

HIPAA, Privacy, CCPA, GDPR

EU Privacy - New GDPR Data Transfer Tools

New EU data privacy laws impact companies in 2022. In June 2021, the European Commission adopted a new set of standard contractual clauses (SCCs) for the transfer of personal data outside of EU countries such as the United States. Businesses have

Read More

HIPAA, Privacy, CCPA, GDPR

Data Privacy - Dates to Watch for in 2022

Data Privacy - Dates to Watch for in 2022-23 Information privacy is the right of consumers to have some control over how their personal information is collected and used. For businesses, it means the risk of litigation and monetary penalties is

Read More

CISO, vCISO, Penetration Testing, HIPAA, Security Program, Risk Assessment

The One Reason to Pen Test Data Backup Systems - Ransomware Protection

At the heart of your disaster recovery plan, organizations often disregard data backup and recovery systems when it comes to pen testing and maintaining security. Vulnerable backup systems make for an attractive target by ransomware gangs, grief/

Read More

PCI DSS, CISO, vCISO, Penetration Testing, HIPAA, Security Program, Risk Assessment, Red Teaming

The 0-day in the Room Nobody is Talking About: Scope

Scope is an important shaping tool that, when leveraged properly, can help enhance engagement outcomes during penetration testing, red team and other security operations. Like any tool, however, when used incorrectly it can have devastating

Read More

vCISO, HIPAA, CIS Controls, Security Program

How much Information Security function can you safely outsource?

Outsourcing is now very common among technology companies. Sometimes a whole function is delegated externally such as accounting, HR, marketing. Even R&D can be delivered by remote teams, often in other countries. So what about information

Read More

PCI DSS, SOC2, CISO, vCISO, HIPAA, CIS Controls, Security Program

7 Advantages of using a "virtual CISO" (vCISO)

A growing trend in the world of Cyber Security is companies outsourcing of some or all of their Information Security teams. This can be just a small part, like vulnerability management, vendor risk management, or responding to customer

Read More