SOC2, CISO, vCISO, Security Program

The Compliance Equals Security Disconnect

"Compliance is NOT Security" You hear this common lament from security professionals, "Compliance is not security." This remark has always sounded like an excuse to me. I suppose the reason is that most people who utter this phrase always seem to have questionable security

Read More

SOC2, HIPAA, CIS Controls, Security Program

18 CIS Controls - an Effective Framework for Security

You can achieve Information security by complying with an adequate set of security policies, standards, and procedures. Of course, there is no such thing as 100% secure, but if you comply with an appropriate set of security policies, standards, and

Read More

PCI DSS, SOC2, CISO, vCISO, CIS Controls, Security Program, Privacy, Red Teaming

Why You Should Hire a Virtual Data Protection Officer (vDPO) Now

The Data Protection Officer (DPO) is a role required by the EU General Data Protection Regulation (GDPR). If your organization is subject to GDPR and meets the large-scale data handling factors, you need a DPO. What can you do if you don't have an

Read More

SOC2

The Fastest Route to SOC 2 Compliance

Achieving SOC 2 compliance is a competitive advantage, and many times, it is critical to make a sale. SOC 2 reports are often used throughout the industry to screen vendors early in the vendor evaluation process.

Read More

PCI DSS, SOC2, CISO, vCISO, CIS Controls, Security Program, Privacy, Red Teaming

The Seven Essential Qualities of a vCISO

Not every business can internally support the staffing and resources necessary to independently develop robust cybersecurity and privacy programs. Fortunately, you can partially or fully outsource to trusted partners the jobs of CISO and IT security

Read More

SOC2

How Much Does It Cost to Get a SOC 2 Report?

Maybe you've been asked to provide a SOC 2 report as part of the sales cycle, or you anticipate you will need SOC 2 compliance at some point. You're wondering how much time and money you must budget to become SOC 2 compliant. 

Read More

PCI DSS, SOC2, CISO, vCISO, CIS Controls, Security Program

Four Compliance Standards that can Accelerate Your Sales Team

Businesses must comply with a mixture of international, industry-specific and state-mandated cybersecurity regulations and require their vendors to do so. For this reason, compliance with specific cybersecurity standards becomes another way to

Read More

SOC2, Security Program

Three Indicators Your Startup should be SOC 2 Compliant

A System and Organization Controls 2 (SOC 2) compliant report is an industry-recognized standard for demonstrating the efficacy of information systems. It is one of the most requested credentials by prospective clients when screening IT services

Read More

SOC2, vCISO

The Meaning of SOC from the AICPA

What does SOC mean and why does it matter? How did a CPA organization come to audit information systems for cybersecurity and privacy controls? Spoiler alert. The acronym SOC currently means System and Organization Controls, but that wasn't always

Read More

SOC2, Security Program

The Four Essential Elements of SOC 2 Type 2 Compliance

The Type 2 audit measures your organizations’ ability to maintain security, availability, processing integrity, privacy, and confidentiality operationally over time. A SOC 2 Type 2 investment helps build resiliency into your business. It

Read More