CISO, vCISO, Security Program, Privacy

How to Achieve Cyber Security Peace of Mind for your Small Business

Small businesses, including start-ups, need a cybersecurity and privacy program, period. It is a matter of driving sales, client trust, as well as ensuring financial, employee, and other data integrity over the whole business, to manage risk. The challenge is to get the size of

Read More

SOC2, HIPAA, CIS Controls, Security Program

Reasons to choose CIS Controls for Cyber Security

Reasons to choose CIS Controls for your cyber security program  It started with a few select people in a room. It was called “Project Insight” by the NSA and DOD and its mission was simple, get some of the best cybersecurity minds into a room, and

Read More

HIPAA, Security Program, Privacy, CCPA

Does Privacy Shield's downfall signal the end of US-EU data transfers?

EU data protection and privacy requirements, currently established primarily in the General Data Protection Regulation (GDPR), generally restrict personal data transfers to a third country except where “where the [European] Commission has decided

Read More

SOC2, CISO, vCISO, Security Program

(Video) 11 Steps to Achieve SOC 2 Compliance

Are you looking to start your SOC 2 Audit for this year? Here is a video that will guide you through your first SOC 2 audit using 11 steps.  Overview Your customers have probably asked for your SOC 2 report, or it may be required to seal the deal on

Read More

PCI DSS, vCISO, Penetration Testing, Security Program

What is “Internal Penetration testing” for PCI DSS requirement 11.3

Introduction PCI DSS requires Internal, External Penetration testing, and Segmentation testing. But these terms are not crisply defined. In fact, “internal” is used elsewhere in the standard (for example internal vulnerability scanning) where it

Read More

SOC2, CISO, vCISO, Security Program, Privacy

Using Cyber Security to Enable Sales

Information security and privacy programs are generally about managing risk, but they can also impact your sales team by either slowing down or speeding up deals.

Read More

Security Program, Risk Assessment

Diminishing Returns in Cybersecurity

If you have ever taken a course in economics, then you should know a thing or two about the law of diminishing returns. It may very well be the subject’s most famous and immediately recognizable principle. Here is the gist of it; there is a point at

Read More

CIS Controls, Security Program

CIS V7: What's New and What to do

The CIS controls are a body of best practice for information security, curated by the Center for Internet Security, regarding how organizations can most effectively bolster their cybersecurity programs and take the proper strides to avert attacks

Read More

Penetration Testing, Security Program, Risk Assessment

The Marriott Hack: A Cautionary Tale for Corporate Acquisitions

The case of the Marriott hack is, at once, an alarming prospect for the chain’s previous guests and an invaluable case study for any organization involved in any kind of merger. At the very least, it serves as a cautionary tale for businesses that

Read More

PCI DSS, Security Program

I never touch Cardholder Data - Does PCI DSS Apply to me?

Payment cards have been around a long time, and nefarious schemes to take advantage of them have been around almost as long. Since most people do not read the legal agreements they sign up to, they are unaware of their real responsibilities towards

Read More