Feb 24, 2019 | Audit, Compliance, Risk Management
By: Justin Fimlaid Have you been thinking about getting a SOC2 report? Are you unsure whether you should do a SOC2 Type 1 or a SOC2 Type 2? Confused about which trust service principle to go after? If yes then read on. A SOC2 Report stands for Service Organizational...
Feb 21, 2019 | Press Release
Contact Scott Mosher Vice President (802) 881-4224 smosher@nuharborsecurity.com FOR IMMEDIATE RELEASE NuHarbor Security Partners with Palo Alto Networks Essex Junction, VT – February 20, 2019: NuHarbor Security became a Palo Alto Networks® NextWave Innovator Channel...
Feb 20, 2019 | Information Security, Professional Services, Splunk
By: Justin Fimlaid I’ve said it a lot over the last couple years, the legacy black-box Managed Security Services Provider (MSSP) model is dying a slow death. I wish I had a nickel for each time I heard someone say they are dissatisfied with their black-box...
Feb 15, 2019 | Information Security, Risk Management, Vendor Assessments
How Vendor (3rd Party) Security Assessments can help you build a better security program By: Justin Fimlaid Are you thinking about Vendor (3rd Party) Security Assessments? Aspirations to build onto your Vendor Security Assessment program? Why wouldn’t you...
Feb 14, 2019 | Information Security, Professional Services, Risk Management
By: Justin Fimlaid A lot of folks ask me about security metrics. “Help me with security metrics!” “I need security metrics!” My response, “Well, what are you trying to track?” “What are you trying to achieve with the...
Feb 13, 2019 | Audit, Compliance, HIPAA, Information Security, ISO27001, New York Cyber 23 NYCRR 500, NIST 800-53, Risk Management
By: Kristof Holm We’ve written several blogs on risk assessments and controls assessments. However, these two terms are often co-mingled, used interchangeably, or incorrectly. Unfortunately, it’s very easy to do this and often if we aren’t careful even professionals...
Feb 12, 2019 | Information Security, RSA Archer, Splunk
By: Justin Fimlaid When it comes to Security Technology and Security Technology configurations — let’s say “I’ve seen some head scratching stuff”. I see some shops with all the toys and in some cases multiple pieces of the same security...
Feb 11, 2019 | Information Security, NIST 800-53, Risk Management
By: Justin Fimlaid The NIST 800-37 Revision 2 was published on December 20, 2018. There were not many material changes rather some minor enhancements to align with recent federal mandates: DSB 2013 Executive Order (E.O.) 13800 OMB Memorandum M-17-25 OMB Circular...
