The Security Tide is Rising The rapid adoption of cloud, in-house application development, and open-data initiatives have been instrumental for business-enablement. However, this new data-centric world has increased the complexity of managing cybersecurity risks to business and people alike. In response: new privacy laws, security standards, and regulatory compliance have necessitated the need for companies Read more…
On May 25th, 2018 the deadline for GDPR compliance came into effect. GDPR, or General Data Protection Regulations were made to unify data protection rights for users, and strengthen them in the process. All organizations MUST follow the rules. This is to protect all the personal data held by them as a corporation. Some of Read more…
PCI DSS version 3.2.1 has been released. Luckily for users, not much has changed. Actually, almost nothing has changed. This update is simply to replace 3.2 in regards to effective dates that a change-over needs to be made entirely. The SSL migration deadlines have already passed, so everyone should be using 3.2 at this time. Read more…
The position of CISO, Chief Information Security Officer, has evolved significantly over the last few years. It has become a standalone position and is no longer just a title slapped on to an existing employee’s responsibilities. This new CISO has the responsibility, and ultimately accountability, to think proactively safeguarding the confidentiality, integrity, and availability of Read more…
These days no organization can completely avoid dealing with third parties, which by doing so gives them a competitive advantage, lesser cost, and ultimately increase profits but these relationships present one with multiple risks. With the threat of security breaches, supply chain disruptions, data theft, or reputational damage stemming from third-parties, it is essential for Read more…
Service Organization Control (SOC) reports have become more and more important to the world of information security and compliance since being introduced by the American Institute of CPAs (AICPA) in 2011. This is particularly the case for SOC 2, which focuses on availability, confidentiality, privacy, processing integrity, and security as its trust services criteria or Read more…
Updated April 16, 2020 Becoming certified under the Federal Risk and Authorization Management Program (FedRAMP) is a costly and resource intensive undertaking. Obtaining certification and continually staying in compliance can make a major impact on your business as a Cloud Service Provider (CSP). To lessen the costly and time-consuming process, FedRAMP utilizes a “do once, use many times” Security Assessment Read more…
Last April 2016, the European Union (EU) Parliament adopted the General Data Protection Regulation (GDPR) to replace the now defunct Data Protection Directive 95/46/EC. GDPR was put in place to bolster and consolidate data protection in the EU and is not only applicable to companies located within the EU, but also to those outside its Read more…
While recent years have seen a spike in new forms of cyber attacks that increasingly threaten not only governments but also companies, information security management just got a recent boost. On May 11, 2017, US President Donald Trump signed an executive order meant to fortify federal government cyber security measures and guard critical infrastructure from Read more…
While cloud solutions have made it possible to make computer systems more efficient and effective, the federal IT infrastructure has had a hard time adopting this innovation. Saddled by redundant, time-consuming, costly, and inefficient systems, the federal government has found it hard to secure its IT systems without throwing hundreds of millions of dollars down Read more…
StandardFusion Fit Analyzer