The NuHarbor Notice

Do I need a SOC2 Report?
By: Justin Fimlaid Have you been thinking about getting a SOC2 report? Are you unsure whether you should do a SOC2 Type 1 or a SOC2 Type 2? Confused about which trust service principle to go after? If yes then read on. A SOC2 Report stands for Service Organizational...
NuHarbor Security Partners with Palo Alto Networks
Contact Scott Mosher Vice President (802) 881-4224 smosher@nuharborsecurity.com FOR IMMEDIATE RELEASE NuHarbor Security Partners with Palo Alto Networks Essex Junction, VT – February 20, 2019: NuHarbor Security became a Palo Alto Networks® NextWave Innovator Channel...

Your Black-Box MSSP Might be Dead
By: Justin Fimlaid I've said it a lot over the last couple years, the legacy black-box Managed Security Services Provider (MSSP) model is dying a slow death. I wish I had a nickel for each time I heard someone say they are dissatisfied with their black-box MSSP. ...

How Vendor (3rd Party) Security Assessments can help you build a better security program
How Vendor (3rd Party) Security Assessments can help you build a better security program By: Justin Fimlaid Are you thinking about Vendor (3rd Party) Security Assessments? Aspirations to build onto your Vendor Security Assessment program? Why wouldn't you -- you go...

CISO Security Metrics: Proving Business Value
By: Justin Fimlaid A lot of folks ask me about security metrics. "Help me with security metrics!" "I need security metrics!" My response, "Well, what are you trying to track?" "What are you trying to achieve with the security metrics?" "What story do you want to...

The Difference Between a Controls Assessment and a Risk Assessment
By: Kristof Holm We’ve written several blogs on risk assessments and controls assessments. However, these two terms are often co-mingled, used interchangeably, or incorrectly. Unfortunately, it’s very easy to do this and often if we aren’t careful even professionals...

3 Ways to Cure a Security Shelfware Hangover
By: Justin Fimlaid When it comes to Security Technology and Security Technology configurations -- let's say "I've seen some head scratching stuff". I see some shops with all the toys and in some cases multiple pieces of the same security technology, other security...

NIST 800-37 Rev 2 Risk Management Framework – Major Changes
By: Justin Fimlaid The NIST 800-37 Revision 2 was published on December 20, 2018. There were not many material changes rather some minor enhancements to align with recent federal mandates: DSB 2013 Executive Order (E.O.) 13800 OMB Memorandum M-17-25 OMB Circular...

What’s the Difference Between Splunk Enterprise Security and Security Essentials?
By: Justin Fimlaid If you are looking to leverage Splunk for Security, there's a couple ways to approach this task. In this post I'll be explaining some of the differences between Splunk Enterprise Security and Security Essentials. What is Splunk? Splunk...

Quickstart Guide: NIST Cybersecurity Framework
By: Justin Fimlaid In my previous post there’s a big difference between a security assessment and a security program review. The NIST Cybersecurity Framework is a leader and go-to in developing a security program. The NIST Cybersecurity Framework is broken down into...

2 Questions to Determine if a Security Program Review or Security Assessment is Better for your Company
By: Justin Fimlaid The beginning of the year is a great time to review your security posture. You have many options available to you as to how you conduct security review. The most common ways that we see companies approach a review of their security program generally...

Transactions or Relationships – what is better for your business?
By: Scott Mosher As business needs change and technology advances, partners have taken on larger roles within organizations. Because senior-level management must produce more with fewer internal resources, they seek to increase productivity while reducing cost within...
NuHarbor Security Named One of the “Best Entrepreneurial Companies In America” By Entrepreneur Magazine’s 2018 Entrepreneur360 List
Contact: Scott Mosher Vice President 802-881-4224 smosher@nuharborsecurity.com FOR IMMEDIATE RELEASE Essex Junction, VT – January 2, 2019: NuHarbor Security was recently recognized as one of the “Best Entrepreneurial Companies in America”. NuHarbor is the sole company...

4 Questions to Determine Which PCI DSS Self-Assessment Questionnaire (SAQ) to Complete
By: Jeff Bamberger Now that you have decided to create/configure your business to accept credit cards as one form of payment for the goods or services you offer to your customers, you may be curious what impact that decision will have on your business operations. ...

The 9 Considerations to find the Right CyberSecurity Insurance Policy for Your Organization
By: Justin Fimlaid CyberSecurity Insurance is growing in popularity and many organizations are beginning to consider CyberSecurity Insurance as a mechanism to transfer the risk of losses associated with a data breach and data loss events. If you've looked at a...