Apr 22, 2019 | Audit, Compliance, Cybersecurity, Tenable, Vulnerability Scanning
By: Justin Fimlaid Every organization has different needs related to their vulnerability management program. This varies from the scanner used (cloud or on premise), the places where sensors are deployed, the technology environment, and the needs of your vulnerability...
Apr 8, 2019 | Audit, Compliance, Cybersecurity, Information Security
By: Justin Fimlaid First things first, if you are interested in elections security have not heard of Estonia’s electronic voting system I’d encourage you do some research starting with this blog post. There is a lot to Estonia’s e-Government initiative,...
Feb 24, 2019 | Audit, Compliance, Risk Management
By: Justin Fimlaid Have you been thinking about getting a SOC2 report? Are you unsure whether you should do a SOC2 Type 1 or a SOC2 Type 2? Confused about which trust service principle to go after? If yes then read on. A SOC2 Report stands for Service Organizational...
Feb 13, 2019 | Audit, Compliance, HIPAA, Information Security, ISO27001, New York Cyber 23 NYCRR 500, NIST 800-53, Risk Management
By: Kristof Holm We’ve written several blogs on risk assessments and controls assessments. However, these two terms are often co-mingled, used interchangeably, or incorrectly. Unfortunately, it’s very easy to do this and often if we aren’t careful even professionals...
Jan 23, 2019 | Audit, Compliance, Information Security, NIST 800-53
By: Justin Fimlaid In my previous post there’s a big difference between a security assessment and a security program review. The NIST Cybersecurity Framework is a leader and go-to in developing a security program. The NIST Cybersecurity Framework is broken down into...
Jan 16, 2019 | Audit, HIPAA, IRS1075, ISO27001, MARS-E, New York Cyber 23 NYCRR 500, NIST 800-53
By: Justin Fimlaid The beginning of the year is a great time to review your security posture. You have many options available to you as to how you conduct security review. The most common ways that we see companies approach a review of their security program generally...
Nov 15, 2018 | Audit, Compliance, Information Security, NIST 800-53
Author: Kristof Holm I often hear feedback from clients that National Institute of Standards and Technology (NIST) frameworks are too cumbersome and frustrating to implement, with a steep learning curve to understand all the requirements. I can empathize with them,...
Jun 12, 2018 | Audit, Compliance, NIST 800-53
Are you shopping for a comprehensive security assessment, but would like to know what you’re in for before starting? In this post, we’ll break down the process, using an example NIST 800-53 security assessment, so you can determine whether you think you’re ready now,...
Nov 30, 2015 | Audit, Compliance, Information Security, Risk Management
By: Justin Fimlaid The new Minimum Acceptable Risk Standards for Exchanges (MARS-E) 2.0 framework is out and effective as of September 30, 2015. The new MARS-E 2.0 standard includes some significant updates to security and privacy controls of in scope systems. These...
Aug 20, 2014 | Audit, Compliance, Information Security, Payment Card Industry
The much anticipated PCI-DSS 3.0 is out, and the new Self Assessment Questionnaires (SAQ’s) have been released. We’ve had a lot of questions over the last month about what new changes actually mean to Merchants. One notable introduction is the SAQ-A EP for...