Looking ahead at a new year full of risks and opportunities, it’s important to recognize that our security habits while away from the office are crucial for not only keeping our personal lives but also our organizations safe. Enterprise security practices are not only for large organizations, but also for individuals who want to protect […]
When you’re doing business with third parties, you may be exposing your organization to financial, operational, and reputational risks. While third-party suppliers may be necessary to run your business efficiently, you need to take proactive steps to mitigate risks. This is where vendor management and assessment programs come in. What is Vendor Management? Vendor management […]
Many organizations are required by law to adhere to regulations or industry standards (for example, NIST, CMMC, PCI DSS, GLBA, HIPAA, SOC 2, ISO 27001, etc.) that include the use of security assessment techniques like penetration testing (aka, “pen testing”) as a component. Other organizations want to be proactive and find the “open doors and […]
Organizations currently subject to a SOC 2 Examination or that intend to be subject to a SOC 2 Examination, along with their auditors, must use guidance issued by the American Institute of Certified Public Accountants (AICPA), as the “rule-book” for these reports. In October 2022, the AICPA issued updates to this SOC 2 guidance that […]
A Company can never be too safe in making sure that its systems are protected from cyberattacks. Responsibility of information security does not only lie with your Information Security Group but also at the highest levels within a company. Based on a recent ruling by the FTC, CEOs are now responsible for their company’s compliance, […]
The answer is simple! ‘Focus on Cybersecurity not only during Cybersecurity Month but EVERY month.’ Cyberattacks are much more common than people realize. The data on the frequency of attempted cyberattacks is staggering, with a victim every few seconds and several thousand ransomware attacks targeting businesses daily. Some of these attacks are random, but many […]
What is SOC 2 Logical and Physical Access (CC6)? Organizations are responsible for controlling logical and physical access to their protected information by using appropriate security software, infrastructure, and architectures. Implementing and maintaining these necessary controls will protect your company’s valuable data and prevent unwanted security events. It will also help you meet the requirements […]
According to the 2021 Verizon Data Breach Investigations Report, more than 85% of breaches during the assessed period involved a human element[1]. Additionally, social engineering (typically via phishing emails) ranked a close third as the primary vector for damage, behind denial of service (DoS) and web application attack vectors. Attackers are increasingly turning to phishing […]
