PCI DSS, vCISO, Security Program

What does a PCI DSS Compliance Program Look Like?

You receive a letter from your bank: “Congratulations, you just passed 2.5M credit card impressions in the last 12 months.” (Break out the Champagne). “We noticed we don’t have a PCI DSS AOC for you, would you kindly upload it to our portal?” (Screeeeeech!).

Read More

CISO, vCISO, Security Program

Vendor Security Assessment Questionnaire Templates

Tired of filling out vendor security assessment questionnaires or shared assessment SIG templates? A vCISO service could be just the right thing for you. Is your sales team coming to you with deals that won’t close until you’ve filled out yet

Read More

PCI DSS, Security Program, Privacy

Destroying Data Securely

In the days of Solid-State Disks (SSD), RAID10 disk drive arrays, databases taking snapshots of data, automated backups, and active-active data mirroring; how does one reliably and securely destroy data?

Read More

SOC2, CISO, vCISO, Security Program

Using a vCISO Service to Achieve and Retain a SOC 2 Certification

CSO Online, which knows plenty about what goes into ensuring security, makes a strong case for hiring a virtual Chief Information Security Officer (vCISO). It notes that fulltime CISOs “can be hard to come by, often stay in their job for two years

Read More

CISO, vCISO, Security Program, Privacy

How to Achieve Cyber Security Peace of Mind for your Small Business

Small businesses, including start-ups, need a cybersecurity and privacy program, period. It is a matter of driving sales, client trust, as well as ensuring financial, employee, and other data integrity over the whole business, to manage risk. The

Read More

SOC2, HIPAA, CIS Controls, Security Program

Reasons to choose CIS Controls for Cyber Security

Reasons to choose CIS Controls for your cyber security program  It started with a few select people in a room. It was called “Project Insight” by the NSA and DOD and its mission was simple, get some of the best cybersecurity minds into a room, and

Read More

HIPAA, Security Program, Privacy, CCPA

Does Privacy Shield's downfall signal the end of US-EU data transfers?

EU data protection and privacy requirements, currently established primarily in the General Data Protection Regulation (GDPR), generally restrict personal data transfers to a third country except where “where the [European] Commission has decided

Read More

SOC2, CISO, vCISO, Security Program

(Video) 11 Steps to Achieve SOC 2 Compliance

Are you looking to start your SOC 2 Audit for this year? Here is a video that will guide you through your first SOC 2 audit using 11 steps.  Overview Your customers have probably asked for your SOC 2 report, or it may be required to seal the deal on

Read More

PCI DSS, vCISO, Penetration Testing, Security Program

What is “Internal Penetration testing” for PCI DSS requirement 11.3

Introduction PCI DSS requires Internal, External Penetration testing, and Segmentation testing. But these terms are not crisply defined. In fact, “internal” is used elsewhere in the standard (for example internal vulnerability scanning) where it

Read More

SOC2, CISO, vCISO, Security Program, Privacy

Using Cyber Security to Enable Sales

Information security and privacy programs are generally about managing risk, but they can also impact your sales team by either slowing down or speeding up deals.

Read More