PCI DSS, CIS Controls, Security Program, Privacy, ISO27001

Cybersecurity Maturity - One Size Does Not Fit All – Rick Folkerts

It's common knowledge that enterprise organizations need effective security, privacy and compliance programs to survive and grow. There are a handful of generic best practices but beyond that, cybersecurity programs must be tailored to the individual organization. In this

Read More

Ransomware

The Silver Bullet Defense to Ransomware – by Andy Cottrell

In an era of cost-cutting, downsizing and generally insufficient budgets for everything, we are often asked, what is the one, main thing to do to protect against a ransomware attack? According to Statista, in 2022, there were 493.33 million

Read More

Security Program

Cryptographic Agility – by Jeff Hall (the ’PCI Guru’)

With the advent of quantum computing, a new threat has been added to the information security mix. The threat is today’s secure cryptography may not be secure once quantum computers reach their potential. The threat to cryptography has always

Read More

PCI DSS

The PCI DSS v4.0 Customized Approach – by Jeff Hall (the ’PCI Guru’)

Possibly one of the biggest and most anticipated changes introduced with PCI DSS v4.0 is the Customized Approach. The PCI SSC is pushing the Customized Approach as providing organizations with “flexibility” in complying with PCI DSS requirements.

Read More

SOC2, vCISO

What is SOC 2 and, do you need one?

A SOC 2 Type 2 audit is an evaluation of risk for buyers and, a vehicle for communicating trust between two parties. But is it right for your organization?

Read More

Security Program, Risk Assessment

What is a Risk Assessment? – Nate Hartman

Risk in general is the likelihood and the possible impact of something bad happening in the near future. A risk assessment is an introspective document that helps the company understand risk and then take risks to move the business forward, in a

Read More

Privacy

How do Health Care Technology Organizations Manage Data Privacy Risks?

What's new with State Privacy Laws? There are now ten comprehensive privacy laws enacted in the United States. The new 2023 laws include those in Montana, Indiana, Iowa, Tennessee, and Texas. These laws join existing laws, including California,

Read More

CISO, vCISO, Security Program

What is a Tabletop Exercise and Why is it Valuable? – An interview with Aaron Wheeler, Truvantis Security Consultant

In this interview with Truvantis CEO Andy Cottrell, Aaron Wheeler discusses conducting tabletop exercises and how his clients derive value. What is a Tabletop Exercise? “It's a chance for clients to stress test environment policiesand procedures. In

Read More

CISO, vCISO, Security Program

Why is Cybersecurity Difficult? – An interview with Jennifer Hill, Truvantis Security Consultant

In this interview with Truvantis CEO Andy Cottrell, Jenny Hill discusses the challenges and evolution of security programs she sees across industries. In theory, cybersecurity should be easy. Why is it so hard? “It never stays stagnant. Every minute

Read More

PCI DSS

PCI DSS Version 4 – Controversial Topics with The PCI Dream Team

The Truvantis Risk Radar welcomed the PCI Dream Team to the first stop of their 2023 book tour. Their new book is called, “The Definitive Guide to PCI DSS Version 4”. The authors have more than 50 years of combined PCI experience. When it comes to

Read More