Mar 5, 2019 | Compliance, Incident Response, Information Security, Risk Management
By: Justin Fimlaid Many companies struggle to make the decision on when to hire Information Security or Cybersecurity staff. This is a collection and benchmark from 250 different companies from different industry verticals on how they choose to staff security teams...
Feb 24, 2019 | Audit, Compliance, Risk Management
By: Justin Fimlaid Have you been thinking about getting a SOC2 report? Are you unsure whether you should do a SOC2 Type 1 or a SOC2 Type 2? Confused about which trust service principle to go after? If yes then read on. A SOC2 Report stands for Service Organizational...
Feb 13, 2019 | Audit, Compliance, HIPAA, Information Security, ISO27001, New York Cyber 23 NYCRR 500, NIST 800-53, Risk Management
By: Kristof Holm We’ve written several blogs on risk assessments and controls assessments. However, these two terms are often co-mingled, used interchangeably, or incorrectly. Unfortunately, it’s very easy to do this and often if we aren’t careful even professionals...
Jan 23, 2019 | Audit, Compliance, Information Security, NIST 800-53
By: Justin Fimlaid In my previous post there’s a big difference between a security assessment and a security program review. The NIST Cybersecurity Framework is a leader and go-to in developing a security program. The NIST Cybersecurity Framework is broken down into...
Dec 24, 2018 | Compliance, Information Security, Payment Card Industry
By: Jeff Bamberger Now that you have decided to create/configure your business to accept credit cards as one form of payment for the goods or services you offer to your customers, you may be curious what impact that decision will have on your business operations. ...
Dec 17, 2018 | Compliance, Information Security
By: Justin Fimlaid CyberSecurity Insurance is growing in popularity and many organizations are beginning to consider CyberSecurity Insurance as a mechanism to transfer the risk of losses associated with a data breach and data loss events. If you’ve looked at a...
Dec 13, 2018 | Compliance, Information Security, Risk Management, Splunk
Is a MSSP (Managed Security Service Provider) right for your Organization? By: Justin Fimlaid I think the easy answer is: it depends. A lot of factors play into whether this strategic partnership fits for you. An maybe a hybrid or co-managed model works best when you...
Dec 3, 2018 | Compliance, HIPAA, Information Security
Author: Mark Brisson So you think you’re ready to start your first HIPAA gap analysis but aren’t sure where to start? Well, if you’ve never tackled one before, there are 10 key steps to prepare and execute a streamlined assessment. 1. Familiarize yourself There is...
Nov 15, 2018 | Audit, Compliance, Information Security, NIST 800-53
Author: Kristof Holm I often hear feedback from clients that National Institute of Standards and Technology (NIST) frameworks are too cumbersome and frustrating to implement, with a steep learning curve to understand all the requirements. I can empathize with them,...
Oct 18, 2018 | Compliance, Information Security, Risk Management
Author: Kristof Holm With recent updates to the NIST Cybersecurity Framework (CSF), now seems good a time as any to revisit the framework, highlight some of the advantages to leveraging it and discuss what these changes may mean going forward. NIST Cybersecurity...
