In the quickly evolving landscape of technology, maintaining the security and functionality of physical servers is imperative. Patch management is a critical component of this maintenance that involves updating server software to fix vulnerabilities, improve performance, and determine compatibility with other systems. Despite its importance, patch management is often loaded with risks that, if not […]

In the ever-evolving cybersecurity landscape, organizations continuously seek more robust methods to protect their digital assets. Traditional red team engagements, while effective, often lack the strategic depth needed to simulate real-world adversarial behavior. Enter TIDE – Threat Intelligence Directed Engagements – an innovative approach pioneered by Linford & Company, which integrates Game Theory and threat […]

In modern software development, Continuous Integration and Continuous Deployment (CI/CD) pipelines are crucial for delivering high-quality software quickly and efficiently. However, these pipelines can become vulnerable points in the development lifecycle if not properly secured. Implementing robust security controls within the CI/CD pipeline is essential to managing the change process securely. Let’s explore the key […]

It’s nearly impossible to read tech news today without encountering discussions about the cloud—and for good reason. Cloud computing has become an essential part of the modern technology landscape, making it hard to imagine a world without it. The ability to provision and manage networks, storage, and servers with just a few keystrokes is not […]

It’s been discussed elsewhere what the Cloud Security Alliance is and what their CSA Security Trust Assurance and Risk (STAR) program entails. To summarize, the CSA STAR program provides a Cloud-focused alternative to the more traditional audits. It’s based on the CSA Cloud Controls Matrix (CCM) and offers multiple levels of certification/attestation and a flexible path to those achievements. […]

There are so many tools being released these days and for the most part, they aren’t cheap. But there is good news, the Cybersecurity & Infrastructure Security Agency (CISA) has assembled a group of free cybersecurity services and tools that most businesses can access. And no, you don’t have to be military affiliated. The goal […]

In recent years, as the digital landscape has evolved with the growth of cloud-based environments and tools, SOC 2 Type 2 (also written as Type II) reports have emerged as a basis of trust and assurance for organizations and their stakeholders. But what exactly constitutes a SOC 2 Type 2 report, and why is it […]

Some of our clients occasionally ask us when it is a good idea to get a SOC 3 report. The answer for most companies is that a SOC 3 is not necessary.

The HIPAA Security Rule places so much emphasis on the importance of risk analysis that it is positioned as the first requirement of HIPAA compliance. Yet, as we conduct HIPAA compliance gap assessments for organizations, it is rare to find that a formal IT Risk Assessment has been completed, and rarer still to find that […]

In previous articles, we’ve covered what HITRUST is and how to get HITRUST certified, but one very frequent question is, “What’s the difference between HIPAA vs HITRUST?” While they both relate to information security, and HITRUST initially began as part of HIPAA, they’re very different concepts. Let’s dive in. What Is the Difference Between HIPAA […]