Blog

CISO, vCISO, Security Program

Recovering from a Data Breach, a Twelve Step Program

According to the IBM Cost of a Data Breach Report 2021:  Average data breach costs rose 10% between 2020 and 2021, from $3.86 million to $4.24 million.  Lost business represented the largest share of breach costs, at an average total cost of $1.59M.  The average cost for

Read More

PCI DSS, SOC2, CISO, vCISO, CIS Controls, Security Program

Four Compliance Standards that can Accelerate Your Sales Team

Businesses must comply with a mixture of international, industry-specific and state-mandated cybersecurity regulations and require their vendors to do so. For this reason, compliance with specific cybersecurity standards becomes another way to

Read More

CISO, vCISO, Security Program

Overseeing a vCISO - Translating Information Security to Business Risk

Most experts agree that the Chief Information Security Officer (CISO) role is a business necessity in today's cyber - risky environment . According to a Deloitte 2021 survey, companies listed security, privacy, demonstrating compliance, and

Read More

CISO, vCISO, Security Program

Three Ways to Improve Your Bottom Line Using a vCISO

In today's cyber-risky environment, most experts agree that the role of a Chief Information Security Officer (CISO) is a business necessity. According to a Deloitte 2021 survey, companies listed security, privacy, demonstrating

Read More

CISO, vCISO, Security Program

Cybersecurity – Responsibility vs. Accountability

Responsibility vs. Accountability for Oversight of Cybersecurity  The need to manage cybersecurity and privacy risk is generally accepted. In many organizations, it may even be clear who is doing it. However, there is often a lack of clarity over

Read More

SOC2, vCISO

The Meaning of SOC from the AICPA

What does SOC mean and why does it matter? How did a CPA organization come to audit information systems for cybersecurity and privacy controls? Spoiler alert. The acronym SOC currently means System and Organization Controls, but that wasn't always

Read More

SOC2, CISO, vCISO, Security Program

vCISO - Stories from the Trenches

Disasters, heroics, funny stories, and impacts to business success  Nate Hartman describes a six-month stint as an acting CISO or virtual CISO (vCISO) at a fast-paced Silicon Valley tech company.  

Read More

SOC2, CISO, vCISO, Security Program

What are the SOC 2 Trust Services Criteria?

The SOC 2 Trust Services Criteria (TSCs) for information technology, is a framework for designing, implementing and evaluating information system controls. The purpose of controls is to ensure your information system can meet its objectives. The

Read More

SOC2, CISO, vCISO, Security Program

Understanding the Business Value of SOC 2 Compliance

System and Organizational Controls 2 (SOC 2) is sometimes known as Service Organization Controls. Maintained by the American Institute of Certified Public Accountants (AICPA), SOC 2 is a standard for auditing and reporting on the efficacy of

Read More

SOC2, CISO, vCISO, Security Program, Risk Assessment

Bridging the gap between CISOs

Facing the challenges of new cybersecurity and privacy laws, a sharp increase in cybersecurity litigation, and the ceaseless evolution of ransomware and cyberthreats, the role of Chief Information Security Officer (CISO) has become critical to

Read More