A Beginners Guide to GDPR

On May 25th, 2018 the deadline for GDPR compliance came into effect. GDPR, or General Data Protection Regulations were made to unify data protection rights for users, and strengthen them in the process. All organizations MUST follow the rules. This is to protect all the personal data held by them as a corporation. Some of Read more…

PCI DSS Version 3.2.1: 3.2 Got a Makeover

PCI DSS version 3.2.1 has been released. Luckily for users, not much has changed. Actually, almost nothing has changed. This update is simply to replace 3.2 in regards to effective dates that a change-over needs to be made entirely. The SSL migration deadlines have already passed, so everyone should be using 3.2 at this time. Read more…

Top Four Concerns Keeping Your CISO Up At Night

The position of CISO, Chief Information Security Officer, has evolved significantly over the last few years. It has become a standalone position and is no longer just a title slapped on to an existing employee’s responsibilities. This new CISO has the responsibility, and ultimately accountability, to think proactively safeguarding the confidentiality, integrity, and availability of Read more…

Managing Third-Party Risks Introduced by Vendor Relationships

These days no organization can completely avoid dealing with third parties, which by doing so gives them a competitive advantage, lesser cost, and ultimately increase profits but these relationships present one with multiple risks. With the threat of security breaches, supply chain disruptions, data theft, or reputational damage stemming from third-parties, it is essential for Read more…

How to Leverage your GRC Platform for SOC 2 Compliance

Service Organization Control (SOC) reports have become more and more important to the world of information security and compliance since being introduced by the American Institute of CPAs (AICPA) in 2011. This is particularly the case for SOC 2, which focuses on availability, confidentiality, privacy, processing integrity, and security as its trust services criteria or Read more…

FedRAMP Impact Levels Low, Moderate, and High. What’s the Difference?

Updated April 16, 2020 Becoming certified under the Federal Risk and Authorization Management Program (FedRAMP) is a costly and resource intensive undertaking. Obtaining certification and continually staying in compliance can make a major impact on your business as a Cloud Service Provider (CSP). To lessen the costly and time-consuming process, FedRAMP utilizes a “do once, use many times” Security Assessment Read more…

Top Three Stakeholders in the FedRAMP Process

While cloud solutions have made it possible to make computer systems more efficient and effective, the federal IT infrastructure has had a hard time adopting this innovation. Saddled by redundant, time-consuming, costly, and inefficient systems, the federal government has found it hard to secure its IT systems without throwing hundreds of millions of dollars down Read more…

4-Step Guide to Performing an ISO 27001 Risk Analysis

Performing a risk assessment is a central part of the ISO 27001 process directed to implementing an ISMS (Information Security Management System). How could you protect any sort of environment without being fully aware of impending threats, the exposition level, and variables such as the likelihood of occurrence and estimated level of impact? Understanding all Read more…