Oct 25, 2022 | Compliance, Risk Management
Risk Assessments in Everyday Life At NuHarbor, our Security Advisory experts specialize in risk assessment and consciously think about risk every day. Sometimes this is good, like when a friend extends the invite to go cliff jumping or skydiving in Mexico. Other...
Oct 14, 2020 | Cybersecurity, Incident Response, Information Security, NIST 800-53, Risk Management
September is National Preparedness Month and October is National Cybersecurity Awareness Month, which makes it a great time to review your organization’s disaster preparedness strategy. Implementing a contingency plan for a natural disaster could be the difference...
Mar 3, 2020 | Compliance, Information Security, NIST 800-53, Payment Card Industry, Risk Management
With acronyms inside of acronyms and hundreds of pages of documentation, choosing a framework for a security controls assessment seems like a daunting task. NuHarbor Security has years of experience working with different controls frameworks, and we have laid out the...
Feb 5, 2020 | Information Security, Risk Management, Vendor Assessments
Unless you’re living in a cave, you’ve provided data to a corporation, and a hacker has probably stolen it. Personal data today is one of the most valuable assets on the planet, which leads organizations to spend enormous resources to collect data. However, those same...
Mar 5, 2019 | Compliance, Incident Response, Information Security, Risk Management
By: Justin Fimlaid Many companies struggle to make the decision on when to hire Information Security or Cybersecurity staff. This is a collection and benchmark from 250 different companies from different industry verticals on how they choose to staff security teams...
Feb 24, 2019 | Audit, Compliance, Risk Management
By: Justin Fimlaid Have you been thinking about getting a SOC2 report? Are you unsure whether you should do a SOC2 Type 1 or a SOC2 Type 2? Confused about which trust service principle to go after? If yes then read on. A SOC2 Report stands for Service Organizational...
Feb 15, 2019 | Information Security, Risk Management, Vendor Assessments
How Vendor (3rd Party) Security Assessments can help you build a better security program By: Justin Fimlaid Are you thinking about Vendor (3rd Party) Security Assessments? Aspirations to build onto your Vendor Security Assessment program? Why wouldn’t you...
Feb 14, 2019 | Information Security, Professional Services, Risk Management
By: Justin Fimlaid A lot of folks ask me about security metrics. “Help me with security metrics!” “I need security metrics!” My response, “Well, what are you trying to track?” “What are you trying to achieve with the...
Feb 13, 2019 | Audit, Compliance, HIPAA, Information Security, ISO27001, New York Cyber 23 NYCRR 500, NIST 800-53, Risk Management
By: Kristof Holm We’ve written several blogs on risk assessments and controls assessments. However, these two terms are often co-mingled, used interchangeably, or incorrectly. Unfortunately, it’s very easy to do this and often if we aren’t careful even professionals...
Feb 11, 2019 | Information Security, NIST 800-53, Risk Management
By: Justin Fimlaid The NIST 800-37 Revision 2 was published on December 20, 2018. There were not many material changes rather some minor enhancements to align with recent federal mandates: DSB 2013 Executive Order (E.O.) 13800 OMB Memorandum M-17-25 OMB Circular...