Penetration Testing, Security Program, Red Teaming

The Hackers Guide to API Penetration Testing

Pen testing has traditionally focused on realistic simulated attacks on your network, operating systems and applications. In today's interconnected world, application programming interfaces (APIs) have rapidly become predominant tools for providing multiple services even within

Read More

PCI DSS

PCI DSS Truncation Rules and Guidelines

The PCI Security Standards Council's redefined truncation rules are a mess.

Read More

PCI DSS

Five Ways to Reduce the Cost of PCI DSS Compliance

If your company stores, processes, or transmits cardholder data, you need PCI DSS compliance. According to the Verizon 2020 Payment Security Report, within the financial and insurance industries, 30% of breaches were caused by web application

Read More

Penetration Testing, Security Program, Red Teaming

Vulnerability Assessment, Penetration Testing, and Red Team Conflation

Red Team vs. Penetration Test vs. Vulnerability Assessment - Seven characteristics that set these services apart and why it matters to you.

Read More

CISO, vCISO, Security Program

Overseeing a vCISO - Translating Information Security to Business Risk

Most experts agree that the Chief Information Security Officer (CISO) role is a business necessity in today's cyber - risky environment . According to a Deloitte 2021 survey, companies listed security, privacy, demonstrating compliance, and

Read More

Security Program, Privacy

The Seven Regions of Cyber-Governance

Privacy, cybersecurity, and Compliance are distinct practices with distinct goals. The three disciplines work together to build trust and confidence in your data management system in best-case scenarios.

Read More

SOC2, Security Program

Three Indicators Your Startup should be SOC 2 Compliant

A System and Organization Controls 2 (SOC 2) compliant report is an industry-recognized standard for demonstrating the efficacy of information systems. It is one of the most requested credentials by prospective clients when screening IT services

Read More

CISO, vCISO, Security Program

Three Ways to Improve Your Bottom Line Using a vCISO

In today's cyber-risky environment, most experts agree that the role of a Chief Information Security Officer (CISO) is a business necessity. According to a Deloitte 2021 survey, companies listed security, privacy, demonstrating compliance, and

Read More

HIPAA, Privacy, CCPA, GDPR

Data Privacy Tools in 2022

Three Types of Data Privacy Tools for 2022 Organizations are under extreme pressure to mitigate emerging risks and keep pace with changing regulatory requirements. The frantic pace of new privacy laws layered onto the increasing complexity of modern

Read More

CISO, vCISO, Security Program

Cybersecurity – Responsibility vs. Accountability

Responsibility vs. Accountability for Oversight of Cybersecurity The need to manage cybersecurity and privacy risk is generally accepted. In many organizations, it may even be clear who is doing it. However, there is often a lack of clarity over the

Read More