Blog

Security Program, Privacy

Apache Log4j Vulnerabilities vs. Cybersecurity Risk Management

Apache Log4j Vulnerabilities vs. GRC On December 10, Apache released details about a Log4j-core vulnerability nicknamed "Log4Shell". It is documented in CVE-2021-44228, and rated a rare 10 out of 10 on the CVSS vulnerability rating scale. Log4j-core is a logging library that can

Read More

SOC2, CISO, vCISO, Security Program

Understanding the Business Value of SOC 2 Compliance

System and Organizational Controls 2 (SOC 2) is sometimes known as Service Organization Controls. Maintained by the American Institute of Certified Public Accountants (AICPA), SOC 2 is a standard for auditing and reporting on the efficacy of

Read More

SOC2, CISO, vCISO, Security Program, Risk Assessment

Bridging the gap between CISOs

Facing the challenges of new cybersecurity and privacy laws, a sharp increase in cybersecurity litigation, and the ceaseless evolution of ransomware and cyberthreats, the role of Chief Information Security Officer (CISO) has become critical to

Read More

Penetration Testing, Security Program, Risk Assessment

Combating Ransomware Attacks Through Comprehensive Penetration Testing

Ransomware is still a major threat. In fact, the Tactics, Techniques and Procedures (TTP's) of ransomware gangs have evolved so much that it has created new business models within the darknet where premium services such as Ransomware as a Service

Read More

CISO, vCISO, Penetration Testing, HIPAA, Security Program, Risk Assessment

The One Reason to Pen Test Data Backup Systems - Ransomware Protection

At the heart of your disaster recovery plan, organizations often disregard data backup and recovery systems when it comes to pen testing and maintaining security. Vulnerable backup systems make for an attractive target by ransomware gangs, grief/

Read More

PCI DSS, CISO, vCISO, Penetration Testing, HIPAA, Security Program, Risk Assessment, Red Teaming

The 0-day in the Room Nobody is Talking About: Scope

Scope is an important shaping tool that, when leveraged properly, can help enhance engagement outcomes during penetration testing, red team and other security operations. Like any tool, however, when used incorrectly it can have devastating

Read More

Penetration Testing, Security Program, CCPA, ISO27001

Do you have APIs? How do you test them?

Application Program Interfaces (APIs) have changed in nature in recent years and are increasingly (and sometimes inadvertently) being made available to users of web services, the “Apps” (applications) on mobile devices, and internally for the web

Read More

SOC2, CISO, vCISO, Security Program

Using a vCISO Service to Achieve and Retain a SOC 2 Certification

CSO Online, which knows plenty about what goes into ensuring security, makes a strong case for hiring a virtual Chief Information Security Officer (vCISO). It notes that fulltime CISOs “can be hard to come by, often stay in their job for two years

Read More

SOC2, CISO, vCISO, Security Program

Video | 11 Steps to Achieve SOC 2 Compliance

Are you looking to start your SOC 2 Audit for this year? Here is a video that will guide you through your first SOC 2 audit using 11 steps. Overview Your customers have probably asked for your SOC 2 report, or it may be required to seal the deal on

Read More

SOC2, CISO, vCISO, Security Program, Privacy

Using Cyber Security to Enable Sales

Information security and privacy programs are generally about managing risk, but they can also impact your sales team by either slowing down or speeding up deals.

Read More

info@truvantis.com

+1 (415) 422-9844

    © 2024 Truvantis, Inc All Rights Reserved.

    Privacy Policy    Terms of Service