When determining a cloud hosting or colocation provider, customers want to have assurance that they are utilizing a safe, secure, and competent provider. As such, data center providers can undertake a number of IT audits or examinations in order to demonstrate to customers and prospects that they have controls in place to protect client data […]
In light of prevalent and ongoing public data breaches, understanding where an organization’s vulnerabilities are is of great importance for prevention and security. Conducting vulnerability scans are a key component in helping prevent successful external adversary attacks. In this article, I will discuss briefly what vulnerability scans are, the common types, and how they help […]
This blog post is meant to provide details on patch management including the importance of a documented patch management process, how to implement the process successfully, and some common issues and roadblocks to avoid when doing so. What is a Patch & Why is Patch Management so Important? A patch is a piece of code […]
The Cloud Security Alliance is a non-profit organization that promotes the use of best practices for providing secure cloud computing. Since 2010, the CSA has released four versions of a free Cloud Controls Matrix for public use.
In previous blog articles, we have covered HITRUST certification and compliance requirements, understanding the HITRUST certification process, and scoring HITRUST CSF controls, but one question we hear constantly is, “What is the benefit of getting HITRUST certified?” Additionally, we hear a lot of “How does a HITRUST certification differ from HIPAA compliance?” This blog will […]
Many organizations may be retaining personal data and it is important for this information to be properly protected and or anonymized. One method to ensure personal information is appropriately anonymized is through de-identification. This article will explain what de-identification is, how to go about de-identifying personal data, and why it is important. To start, a […]
If you are beginning the process of looking into obtaining a SOC 1 or SOC 2 report you more than likely have a lot of questions. When speaking with prospects, many have questions related to the process of how a SOC 1 or SOC 2 audit is conducted – particularly questions with regard to the […]
How to Appropriately Select Vendors and Also Manage and Monitor Their Associated Risks In this article, I will discuss what vendor risks are and the importance of why risk associated with vendors, in support of your business, should be identified and then monitored on an ongoing basis. Further, I will discuss how organizations can actually […]
Some people may not believe this, but information security’s purpose is, or should be, to serve the business and help the company understand and manage its overall risk. Sure, there are some security professionals that appear to have the goal of spending as much money as possible and getting the latest and greatest software, and there are also some that like to say “no”…for everything…all the time, but the good ones are there to help.
According to ISACA’s State of Cyber Security 2019, 72% of organizations have a chief information security officer (CISO). Also, in that study, only 55% of organizations have an increasing security budget. For many small and mid-sized organizations, budgets are already tight, and hiring a full-time CISO may seem like a luxury. So how does an […]