PCI DSS, SOC2, CISO, vCISO, CIS Controls, Security Program, Privacy, Red Teaming

The Seven Essential Qualities of a vCISO

Not every business can internally support the staffing and resources necessary to independently develop robust cybersecurity and privacy programs. Fortunately, you can partially or fully outsource to trusted partners the jobs of CISO and IT security teams. Here are a few things

Read More

HIPAA, Privacy, CCPA, GDPR

CPPA Reduces the CPRA Implementation Window for New Privacy Laws

During a public board meeting on February 17, 2022, the California Privacy Protection Agency (CPPA) indicated it would likely miss the July 1, 2022 deadline for the finalized draft of the CPRA. The delay is due to more time and resources required to

Read More

Security Program, Privacy

The Seven Regions of Privacy, Cybersecurity & Compliance

Privacy, cybersecurity, and Compliance are distinct practices with distinct goals. The three disciplines work together to build trust and confidence in your data management system in best-case scenarios.

Read More

HIPAA, Privacy, CCPA, GDPR

Data Privacy Tools in 2022

Three Types of Data Privacy Tools for 2022 Organizations are under extreme pressure to mitigate emerging risks and keep pace with changing regulatory requirements. The frantic pace of new privacy laws layered onto the increasing complexity of modern

Read More

HIPAA, Privacy, CCPA, GDPR

EU Privacy - New GDPR Data Transfer Tools

New EU data privacy laws impact companies in 2022.  In June 2021, the European Commission adopted a new set of standard contractual clauses (SCCs) for the transfer of personal data outside of EU countries such as the United States. Businesses have

Read More

Security Program, Privacy

Apache Log4j Vulnerabilities vs. Cybersecurity Risk Management

Apache Log4j Vulnerabilities vs. GRC  On December 10, Apache released details about a Log4j-core vulnerability nicknamed "Log4Shell". It is documented in CVE-2021-44228, and rated a rare 10 out of 10 on the CVSS vulnerability rating

Read More

HIPAA, Privacy, CCPA, GDPR

Data Privacy - Dates to Watch for in 2022

Data Privacy - Dates to Watch for in 2022-23 Information privacy is the right of consumers to have some control over how their personal information is collected and used. For businesses, it means the risk of litigation and monetary penalties is

Read More

PCI DSS, Security Program, Privacy

Cybersecurity Threat Landscape 2022, Nine Things You Should Know

In 2021 cybersecurity professionals faced the same vulnerabilities and attacks as decades before, just more nefarious, persistent, and far-reaching. Ransomware is everywhere, critical infrastructure is vulnerable, and security teams struggle with

Read More

Privacy, CCPA

State Privacy Law, What's Coming in California CPRA for 2022

What's new with State Privacy Laws?  CPRA applies to all data collected as of Jan 1, 2022.  In 2018 California became the first US state to give consumers new tools and rights under the California Consumer Privacy Act (CCPA). In the November 2020

Read More

Privacy

Three steps to Cyber Security Programs for CPRA, HIPAA, GDPR, PIPEDA, CCPA.

Many new data privacy laws are emerging. Businesses must continually prove privacy compliance. Review current data privacy laws and get advice on how to build a multi-compliance Security & Privacy program.

Read More