Does It Apply to You? Since the EU rolled out the General Data Protection Regulation (GDPR) last year, large enterprises have been scrambling to reduce the risk of non-compliance associated with the new privacy regulations. But you may be wondering: How does GDPR affect small and medium US-based companies and startups? Should You Be Worried? … GDPR Requirements for US Startups
CCPA vs GDPR: Lessons from GDPR and Relevance for Start-Ups The California Consumer Privacy Act (CCPA) , signed into law in June, 2018, goes into effect on January 1, 2020 is the first meaningful step to providing a regulatory framework to online privacy rights in the United States. It will impact how all enterprises have … CCPA vs GDPR: The 5 Step Comparison Guide
Tugboat Logic is proud to announce the availability of our latest feature: Automated Security Audit Management. This new capability automates the process of getting certified on security frameworks such as SOC 2 and ISO 27001 by allowing third-party auditors to create and manage audit projects within the Tugboat Logic platform. You can then respond to … Automate Security Management Audit
In early 2005, the then United Nations Secretary-General Kofi Annan invited a group of the world’s largest institutional investors to join a process to develop the Principles for Responsible Investment. The Principles were launched in April 2006 at the New York Stock Exchange. What is ESG Policy? By January 2016, the Principles for Responsible Investment … How Environmental, Social and Governance (ESG) Policy Could Block Your Next Funding Round
The Machine Learning Era in Security There are many kinds of machine learning used today across industries, each offering different solutions based on the problem they solve. In the security industry, the majority of machine learning solutions are centred around detection and prevention of cyber attacks. For example, at Zimperium, they use a supervised machine … Automate Security Due Diligence With Machine Learning
If you are running a company with anywhere from 10 to 30 employees (or even a few more), there is a good chance that you need dedicated cybersecurity expertise to protect your growing firm. However, hiring a Virtual CISO (vCISO) can potentially be too expensive for a firm this size. Your company might need a … Hiring a vCISO: Top 3 Challenges for Small Companies
If you are a B2B company, you likely will be asked to complete a SOC 2 or ISO 27001 certification by your customers. If you have never experienced this process before, it can be a daunting proposition. Since it is our mission statement at Tugboat Logic to demystify the complex world of security so you … ISO27001 vs SOC 2
We need a new approach that allows risk and compliance to integrate security earlier in the software development and deployment process.
A Great Question When talking to a prospective customer recently, the question was raised: “Can I just use Excel to manage my security projects?” It’s a great question since people have been repurposing tools like Excel, GitHub and Jira for years to manage their InfoSec requirements, so why not? While these are great products, the … Can I Use Excel to Manage My InfoSec Program?
If you’re working at a company that doesn’t have a senior security lead or CISO, and you are either in a regulated market or selling to large enterprise clients, your company will need to invest in a security program. At the helm of the security program needs a cyber security expert. How to Become a … How to Become a Cyber Security Expert For Your Company
Wouldn’t it be great if IT and InfoSec teams could get their wish and there would be no humans touching vital systems or accessing sensitive data? Their risk management program would be airtight. But hoping that your team will always do the right thing, is not a strategy. The stakes are going up. The Ponemon … Hope Is Not a Strategy in Enterprise Security
Every profession has its own language to distinguish itself from other professions and to establish an official code that governs its practices. For the Compliance and Information Security team at a typical Fortune 500 company they rely on vendor assessment documents with acronyms like: SIG, SIG Lite, VAF, VQA, SQR, SoW, VDD, MSA etc. It’s … Your Enterprise Deal in Procurement: Miles of Broken Glass