Blog

HIPAA, Privacy, CCPA, GDPR

EU Privacy - New GDPR Data Transfer Tools

New EU data privacy laws impact companies in 2022.  In June 2021, the European Commission adopted a new set of standard contractual clauses (SCCs) for the transfer of personal data outside of EU countries such as the United States. Businesses have found it challenging to ensure

Read More

Security Program, Privacy

Apache Log4j Vulnerabilities vs. Cybersecurity Risk Management

Apache Log4j Vulnerabilities vs. GRC  On December 10, Apache released details about a Log4j-core vulnerability nicknamed "Log4Shell". It is documented in CVE-2021-44228, and rated a rare 10 out of 10 on the CVSS vulnerability rating

Read More

HIPAA, Privacy, CCPA, GDPR

Data Privacy - Dates to Watch for in 2022

Data Privacy - Dates to Watch for in 2022-23 Information privacy is the right of consumers to have some control over how their personal information is collected and used. For businesses, it means the risk of litigation and monetary penalties is

Read More

PCI DSS, Security Program, Privacy

Cybersecurity Threat Landscape 2022, Nine Things You Should Know

In 2021 cybersecurity professionals faced the same vulnerabilities and attacks as decades before, just more nefarious, persistent, and far-reaching. Ransomware is everywhere, critical infrastructure is vulnerable, and security teams struggle with

Read More

Privacy, CCPA

State Privacy Law, What's Coming in California CPRA for 2022

What's new with State Privacy Laws?  CPRA applies to all data collected as of Jan 1, 2022.  In 2018 California became the first US state to give consumers new tools and rights under the California Consumer Privacy Act (CCPA). In the November 2020

Read More

Privacy

Three steps to Cyber Security Programs for CPRA, HIPAA, GDPR, PIPEDA, CCPA.

Many new data privacy laws are emerging. Businesses must continually prove privacy compliance. Review current data privacy laws and get advice on how to build a multi-compliance Security & Privacy program.

Read More

PCI DSS, SOC2, vCISO, Penetration Testing, HIPAA, CIS Controls, Security Program, Risk Assessment, Privacy, CCPA, ISO27001

Do you have APIs? How do you test them?

Application Program Interfaces (APIs) have changed in nature in recent years and are increasingly (and sometimes inadvertently) being made available to users of web services, the “Apps” (applications) on mobile devices, and internally for the web

Read More

PCI DSS, Security Program, Privacy

Destroying Data Securely

In the days of Solid-State Disks (SSD), RAID10 disk drive arrays, databases taking snapshots of data, automated backups, and active-active data mirroring; how does one reliably and securely destroy data?

Read More

PCI DSS, Privacy

TokenEx and Truvantis: A Combined Solution for Uncompromising Security

Modern organizations must collect and store sensitive personal and payment data to process payments, compile analytics, and enable users to get the most out of their digital experiences. However, the systems and processes necessary to protect these

Read More

CISO, vCISO, Security Program, Privacy

How to Achieve Cyber Security Peace of Mind for your Small Business

Small businesses, including start-ups, need a cybersecurity and privacy program, period. It is a matter of driving sales, client trust, as well as ensuring financial, employee, and other data integrity over the whole business, to manage risk. The

Read More