Jun 3, 2019 | Compliance, Cybersecurity, HIPAA, Information Security, ISO27001, NIST 800-53, Payment Card Industry
By: Justin Fimlaid The Ohio Data Protection Act was passed in August of 2018 and went into effect as of November 2018. What’s unique about this data protection law is that it’s unlike recently passed privacy legislation recently seen in California and...
Apr 22, 2019 | Audit, Compliance, Cybersecurity, Tenable, Vulnerability Scanning
By: Justin Fimlaid Tenable IO Sensor Deployment Every organization has needs that will be somewhat different from another related to their vulnerability management program. This can vary from the scanner used (cloud or on premise), the places where sensors are...
Apr 15, 2019 | Compliance, Cybersecurity, Information Security, Penetration Testing, Vulnerability Scanning
By: Justin Fimlaid If you haven’t heard of it there is a new banking directive in the U.K. called the Open Banking Directive. This directive went into effect on January 13, 2018. It’s significant for U.S. based banks, because this Directive could apply...
Apr 8, 2019 | Audit, Compliance, Cybersecurity, Information Security
By: Justin Fimlaid First things first, if you are interested in elections security have not heard of Estonia’s electronic voting system I’d encourage you do some research starting with this blog post. There is a lot to Estonia’s e-Government initiative,...
Mar 25, 2019 | Compliance, Information Security
By: Justin Fimlaid For a long time our industry has been saying that addressing people, process, and technology will solve some of the hardest problems in cybersecurity. The term people, process, and technology fundamentally suggests the destination and solution is...
Mar 5, 2019 | Compliance, Incident Response, Information Security, Risk Management
By: Justin Fimlaid Many companies struggle to make the decision on when to hire Information Security or Cybersecurity staff. This is a collection and benchmark from 250 different companies from different industry verticals on how they choose to staff security teams...
Feb 24, 2019 | Audit, Compliance, Risk Management
By: Justin Fimlaid Have you been thinking about getting a SOC2 report? Are you unsure whether you should do a SOC2 Type 1 or a SOC2 Type 2? Confused about which trust service principle to go after? If yes then read on. A SOC2 Report stands for Service Organizational...
Feb 13, 2019 | Audit, Compliance, HIPAA, Information Security, ISO27001, New York Cyber 23 NYCRR 500, NIST 800-53, Risk Management
By: Kristof Holm We’ve written several blogs on risk assessments and controls assessments. However, these two terms are often co-mingled, used interchangeably, or incorrectly. Unfortunately, it’s very easy to do this and often if we aren’t careful even professionals...
Jan 23, 2019 | Audit, Compliance, Information Security, NIST 800-53
By: Justin Fimlaid In my previous post there’s a big difference between a security assessment and a security program review. The NIST Cybersecurity Framework is a leader and go-to in developing a security program. The NIST Cybersecurity Framework is broken down into...
Dec 24, 2018 | Compliance, Information Security, Payment Card Industry
By: Jeff Bamberger Now that you have decided to create/configure your business to accept credit cards as one form of payment for the goods or services you offer to your customers, you may be curious what impact that decision will have on your business operations. ...
