SOC2, HIPAA, CIS Controls, Security Program

Reasons to choose CIS Controls for Cyber Security

Reasons to choose CIS Controls for your cyber security program  It started with a few select people in a room. It was called “Project Insight” by the NSA and DOD and its mission was simple, get some of the best cybersecurity minds into a room, and nobody leaves until we have a

Read More

HIPAA, Security Program, Privacy, CCPA

Does Privacy Shield's downfall signal the end of US-EU data transfers?

EU data protection and privacy requirements, currently established primarily in the General Data Protection Regulation (GDPR), generally restrict personal data transfers to a third country except where “where the [European] Commission has decided

Read More

SOC2, CISO, vCISO, Security Program

11 Steps to Achieve SOC 2 Compliance

11 Steps to Getting Through Your First SOC 2 Audit Your customers have probably asked for your SOC 2 report, or it may be required to seal the deal on a new customer or contract. If you spend a lot of time answering security related questionnaires,

Read More

PCI DSS, vCISO, Penetration Testing, Security Program

What is “Internal Penetration testing” for PCI DSS requirement 11.3

Introduction PCI DSS requires Internal, External Penetration testing, and Segmentation testing. But these terms are not crisply defined. In fact, “internal” is used elsewhere in the standard (for example internal vulnerability scanning) where it

Read More

SOC2, CISO, vCISO, Security Program, Privacy

Using Cyber Security to Enable Sales

Information security and privacy programs are generally about managing risk, but they can also impact your sales team by either slowing down or speeding up deals.

Read More

Security Program, Risk Assessment

Diminishing Returns in Cybersecurity

If you have ever taken a course in economics, then you should know a thing or two about the law of diminishing returns. It may very well be the subject’s most famous and immediately recognizable principle. Here is the gist of it; there is a point at

Read More

CIS Controls, Security Program

CIS V7: What's New and What to do

The CIS controls are a body of best practice for information security, curated by the Center for Internet Security, regarding how organizations can most effectively bolster their cybersecurity programs and take the proper strides to avert attacks

Read More

Penetration Testing, Security Program, Risk Assessment

The Marriott Hack: A Cautionary Tale for Corporate Acquisitions

The case of the Marriott hack is, at once, an alarming prospect for the chain’s previous guests and an invaluable case study for any organization involved in any kind of merger. At the very least, it serves as a cautionary tale for businesses that

Read More

PCI DSS, Security Program

I never touch Cardholder Data. So PCI DSS does not apply to me - Right?

Payment cards have been around a long time, and nefarious schemes to take advantage of them have been around almost as long. Since most people do not read the legal agreements they sign up to, they are unaware of their real responsibilities towards

Read More

Penetration Testing, CIS Controls, Security Program, Risk Assessment

Coronavirus Cybersecurity Recommendations

In these difficult times, as many of us adapt to the disruptive new-normal of distance working, a robust information security program becomes more important than ever. 

Read More