Blog

SOC2, CISO, vCISO, Security Program, Privacy

Using Cyber Security to Enable Sales

Information security and privacy programs are generally about managing risk, but they can also impact your sales team by either slowing down or speeding up deals.

Read More

PCI DSS

Due Diligence for PCI DSS Vendor Selection

PCI DSS Requirement 12.8 dictates that any organization involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers—must have policies and procedures in place to manage its service providers.

Read More

Security Program, Risk Assessment

Diminishing Returns in Cybersecurity

If you have ever taken a course in economics, then you should know a thing or two about the law of diminishing returns. It may very well be the subject’s most famous and immediately recognizable principle. Here is the gist of it; there is a point at

Read More

Penetration Testing, Security Program, Risk Assessment

The Marriott Hack: A Cautionary Tale for Corporate Acquisitions

The case of the Marriott hack is, at once, an alarming prospect for the chain’s previous guests and an invaluable case study for any organization involved in any kind of merger. At the very least, it serves as a cautionary tale for businesses that

Read More

PCI DSS, Security Program

I never touch Cardholder Data - Does PCI DSS Apply to me?

Payment cards have been around a long time, and nefarious schemes to take advantage of them have been around almost as long. Since most people do not read the legal agreements they sign up to, they are unaware of their real responsibilities towards

Read More

PCI DSS

5 Tips for Becoming PCI DSS Compliant

The Payment Card Industry Data Security Standard (PCI DSS) is required by contract for those handling cardholder data, whether you are a startup or a global enterprise.

Read More

Risk Assessment

7 IT Security Risk Assessment Myths Debunked

Though the use of security risk assessments is widespread, often because they are mandated by compliance standards, there are a number of false assumptions about them that simply aren’t true. These misconceptions often center around confusion about

Read More

Risk Assessment

How to Prepare for an Information Security Risk Assessment

It’s finally time for the security risk assessment you’ve been pushing off… You may have been delaying because you believe risk assessments aren’t really valuable— that you just have to perform one for compliance or that it’s only going to tell you

Read More

Risk Assessment

How to Actually Use Your Security Risk Assessment Report

You just received the results from your security risk assessment, but now what? It’s not uncommon for companies to perform this analysis only to check the compliance checkbox and never do anything with the results. Don’t just file your risk

Read More

Risk Assessment

How to Identify Your Security Risks & Develop a Plan You Can Afford

When it comes to conducting security risk assessments, it can be difficult knowing where to get started. Even after identifying your scope and assets, there are a number of vulnerabilities and threats to be considered. Add some structure to your

Read More