Establishing an InfoSec program enables your organization to build trust quickly so you can sell more. Without an effective security program, you’re exposed and vulnerable to countless numbers of bad actors. But let’s face it, implementing an effective InfoSec program takes time, focus, and resources. It’s often overwhelming, time-consuming and needlessly confusing. That’s why we’re … Top 3 Things Every InfoSec Program Should Have
Elizabeth
It’s a common misconception that threat actors, individuals behind online attacks, live outside an organization but it’s often internal employees that are your biggest cyberthreat. Whether it’s phishing attacks, poor password policies, or lax access privileges, employees are directly or indirectly responsible for more incidents than they should be. As the weakest link and main … Employees and Cyberthreats: To Err Is Human and Costly
Welcome to part four of SOC 2 Bootcamp, covering everything involved in the audit process, including understanding your report and how to use it! Quick bootcamp run down—we borrowed Bluth Company and Associates from Arrested Development. Monica works for Bluth Company and is getting their SaaS product, the Banana Stand, SOC 2 compliant. In SOC … SOC 2 Bootcamp Part 4: The Audit
Welcome to part three of SOC 2 Bootcamp, covering everything involved in evidence collection! Quick Bootcamp recap—we borrowed Bluth Company and Associates from Arrested Development. Monica works for Bluth Company and is getting their SaaS product, Banana Stand, SOC 2 compliant. In SOC 2 Bootcamp Part 1: Scoping and Auditor Selection, the Bluth Company kicked … SOC 2 Bootcamp Part 3: Evidence Collection
There are hundreds of complex laws and regulations worldwide that organizations find themselves required to follow to keep their data safe. Two of the most common in North America are NIST CSF and ISO 27001. While both frameworks aim to protect data and contribute to a stronger security posture, they go about it uniquely. Let’s … NIST vs ISO Compliance: What’s the Difference?
California is the birthplace of skateboards, Barbie dolls, arcade games, McDonald’s, the internet, and the California Consumer Privacy Act (CCPA). Maybe it’s not as glamorous as the bright lights of Hollywood or as mind-blowing as the innovations emerging from Silicon Valley. Still, the CCPA gives consumers more control over the personal information that businesses collect. … The Basics of CCPA
You’re a busy and important person, with many plates to spin and deals to win. I get that! Understandably, sometimes things fall through the cracks, but can you really handle hefty fines or the headache of a data breach? Probably not. With more business conducted online and through credit cards than ever, it’s essential to … The Importance of a PCI DSS Self-Assessment Questionnaire
Did you know that 76% of enterprises lack a clearly defined enterprise IT risk assessment and management strategy? As a result, it’s challenging to get your executive team to buy into your risk management program. The hurdle for most companies is nailing down an approach. Do you know the board game Risk? In the Risk … Tips and Tricks for Enterprise IT Risk Assessments
Welcome to part two of SOC 2 Bootcamp coving policies and controls! Quick refresher—we borrowed Bluth Company and Associates from Arrested Development. Monica works for Bluth Company and is in charge of getting their SaaS product, Banana Stand, SOC 2 compliant. In SOC 2 Bootcamp Part 1: Scoping and Auditor Selection, the Bluth Company kicked … SOC 2 Bootcamp Part 2: Policies and Controls
Knowing who your vendors are, how they manage their risks and the impact it could have on your company is a crucial piece of your InfoSec program. It’s also a requirement for SOC 2, ISO 27001, HIPAA and more! At Tugboat Logic, we’ve set out to simplify how you manage IT risk, audits and compliance, … How to Perform a Vendor Risk Assessment
A risk treatment plan (RTP) is an essential part of an organization’s InfoSec program. In fact, ISO 27001 requires an RTP while SOC 2 and other frameworks ask for similar documentation. A solid risk assessment and risk treatment process produce a stable InfoSec program. It’s like spending money on an alarm system and only protecting … The Basics of a Risk Treatment Plan
You probably have customers asking you all the time if you’re SOC 2 compliant. You’re not yet, but you know it’s important. So you do a little Googling. Where do you start? Who needs to be involved? What’s required? Can you relate to this scenario? Lots of organizations can! That’s why we put together a … SOC 2 Bootcamp Part 1: Scoping and Auditor Selection