Cyber risk is rising, prompting the board and senior leadership to ask more questions about cybersecurity. How bad is it out there? What about what happened to our competitors? How are we compared to others in our industry? Breaches and cybersecurity are a hot topic of discussion at most board meetings. Of course, there are … The Top 5 Security Questions Your Board Is Likely to Ask
Establishing an InfoSec program enables your organization to build trust quickly so you can sell more. Without an effective security program, you’re exposed and vulnerable to countless numbers of bad actors. But let’s face it, implementing an effective InfoSec program takes time, focus, and resources. It’s often overwhelming, time-consuming and needlessly confusing. That’s why we’re … Top 3 Things Every InfoSec Program Should Have
Cutting-edge technology and highly trained team members protect the US government’s classified data. But what about unclassified data? A distinction that seems clear at first glance becomes blurry when you start to consider information that isn’t technically classified but shouldn’t be shared publicly either. Take, for example, the travel schedules of government officials. Or military … Introducing NIST 800-171
Software-as-a-service (SaaS) companies will see significant growth in the coming years as the reliance on SaaS solutions continues to grow. According to Forbes, SaaS revenues are projected to increase from $200 billion in 2020 to $369.4 billion in 2024. But before SaaS SMBs can fully realize this growth opportunity, they need to lay a foundation … 4 Ways SaaS SMBs Can Build a More Secure Technology Stack
This article recaps CEO Ray Kruck’s live workshop of the same name at SaaStr Annual 2021. Many executives see cybersecurity as a cost center—and understandably so. On average, it accounts for about 15% of your IT budget and it doesn’t really contribute to revenue, does it? It’s a little like insurance: You don’t really notice … Accelerate Revenue With These 5 Security Must-Haves
Our mission has always been to make security and compliance accessible—especially to startups who might lack the resources to build an InfoSec program, get compliant and leverage these competitive advantages to accelerate revenue growth. From day one, our motto has been simple: Get Secure. Build Trust. Sell more. We’ve helped 800 companies do just that, … Tugboat Logic to Join Forces With OneTrust
It’s a common misconception that threat actors, individuals behind online attacks, live outside an organization but it’s often internal employees that are your biggest cyberthreat. Whether it’s phishing attacks, poor password policies, or lax access privileges, employees are directly or indirectly responsible for more incidents than they should be. As the weakest link and main … Employees and Cyberthreats: To Err Is Human and Costly
Risk is one of the most important components of your InfoSec program. Most companies complete their first risk assessment to fulfill SOC 2 or ISO 27001 requirements, but risk management becomes a core tenant of your overall security objectives over time. So earlier this year, we prioritized supporting your risk assessments and management throughout the … Monitor Your Risks in Tugboat Logic
Welcome to part four of SOC 2 Bootcamp, covering everything involved in the audit process, including understanding your report and how to use it! Quick bootcamp run down—we borrowed Bluth Company and Associates from Arrested Development. Monica works for Bluth Company and is getting their SaaS product, the Banana Stand, SOC 2 compliant. In SOC … SOC 2 Bootcamp Part 4: The Audit
Welcome to part three of SOC 2 Bootcamp, covering everything involved in evidence collection! Quick Bootcamp recap—we borrowed Bluth Company and Associates from Arrested Development. Monica works for Bluth Company and is getting their SaaS product, Banana Stand, SOC 2 compliant. In SOC 2 Bootcamp Part 1: Scoping and Auditor Selection, the Bluth Company kicked … SOC 2 Bootcamp Part 3: Evidence Collection
There are hundreds of complex laws and regulations worldwide that organizations find themselves required to follow to keep their data safe. Two of the most common in North America are NIST CSF and ISO 27001. While both frameworks aim to protect data and contribute to a stronger security posture, they go about it uniquely. Let’s … NIST vs ISO Compliance: What’s the Difference?
California is the birthplace of skateboards, Barbie dolls, arcade games, McDonald’s, the internet, and the California Consumer Privacy Act (CCPA). Maybe it’s not as glamorous as the bright lights of Hollywood or as mind-blowing as the innovations emerging from Silicon Valley. Still, the CCPA gives consumers more control over the personal information that businesses collect. … The Basics of CCPA