Blog

SOC2

How Much Does It Cost to Get a SOC 2 Report?

Maybe you've been asked to provide a SOC 2 report as part of the sales cycle, or you anticipate you will need SOC 2 compliance at some point. You're wondering how much time and money you must budget to become SOC 2 compliant. 

Read More

CISO, vCISO, Security Program

Recovering from a Data Breach, a Twelve Step Program

According to the IBM Cost of a Data Breach Report 2021: Average data breach costs rose 10% between 2020 and 2021, from $3.86 million to $4.24 million. Lost business represented the largest share of breach costs, at an average total cost of $1.59M.

Read More

Privacy, CPRA

CPPA Reduces the CPRA Implementation Window for New Privacy Laws

During a public board meeting on February 17, 2022, the California Privacy Protection Agency (CPPA) indicated it would likely miss the July 1, 2022 deadline for the finalized draft of the CPRA. The delay is due to more time and resources required to

Read More

PCI DSS, SOC2, CISO, vCISO, CIS Controls, Security Program

Four Compliance Standards that can Accelerate Your Sales Team

Businesses must comply with a mixture of international, industry-specific and state-mandated cybersecurity regulations and require their vendors to do so. For this reason, compliance with specific cybersecurity standards becomes another way to

Read More

Penetration Testing, Security Program

Pen Testing the Cloud and Hybrid Environments

Cloud technologies enable companies to build and run scalable applications in dynamic public, private, and hybrid environments. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify the elastic cloud

Read More

Penetration Testing, Security Program, Red Teaming

The Hackers Guide to API Penetration Testing

Pen testing has traditionally focused on realistic simulated attacks on your network, operating systems and applications. In today's interconnected world, application programming interfaces (APIs) have rapidly become predominant tools for providing

Read More

PCI DSS

PCI-DSS –SAD vs. CHD

When it comes to handling payment cardholder data, PCI DSS has many rules about what you must and must not do when it comes to handling payment data. However the most stringent requirements apply to sensitive authentication data (SAD). So, what

Read More

PCI DSS

PCI DSS Truncation Rules and Guidelines

The PCI Security Standards Council's redefined truncation rules are a mess.

Read More

PCI DSS

Five Ways to Reduce the Cost of PCI DSS Compliance

If your company stores, processes, or transmits cardholder data, you need PCI DSS compliance. According to the Verizon 2020 Payment Security Report, within the financial and insurance industries, 30% of breaches were caused by web application

Read More

Penetration Testing, Security Program, Red Teaming

Vulnerability Assessment, Penetration Testing, and Red Team Conflation

Red Team vs. Penetration Test vs. Vulnerability Assessment - Seven characteristics that set these services apart and why it matters to you.

Read More