The Basics of a Risk Treatment Plan
A risk treatment plan (RTP) is an essential part of an organization’s InfoSec program. In fact, ISO 27001 requires an RTP while SOC 2 and other frameworks ask for similar documentation. A solid...
Read Article
A risk treatment plan (RTP) is an essential part of an organization’s InfoSec program. In fact, ISO 27001 requires an RTP while SOC 2 and other frameworks ask for similar documentation. A solid...
Read Article
Boiling the GDPR down to basics sounds too good to be true, but we did it. Doesn’t 2018 seem like a lifetime ago? Teens were eating Tide Pods, Prince Harry and Meghan Markle’s wedding dominated...
Read Article
41 tips to teach you operational security practices, how to secure your infra and apps and keep bad actors out, ensure secure coding in all your operations, and how to protect your customers' data.
Read Flipbook
Halloween was yesterday, but something even scarier is around the corner: CCPA. Just kidding. CCPA is not scary, nor is it something to dread. What’s actually scary about the CCPA is the estimated...
Read Article
Does It Apply to You? Since the EU rolled out the General Data Protection Regulation (GDPR) last year, large enterprises have been scrambling to reduce the risk of non-compliance associated with...
Read Article
Using Tugboat Logic, BentoBox scoped and designed an InfoSec program to fit their needs affordably and automated cyber security training for their team of 100+ people, protecting their 6000 clients.
Read Flipbook
A common perception is that information security is simply a “necessary pain in the ass” that organizations don’t want to invest in, implement or think about until they get bigger. And even then,...
Read Article
A Common Question: How Long Does it Take to Build an Information Security Program? When talking to my customers, it is more common to get the question “how long will this take?” than “how much...
Read Article
A Great Question When talking to a prospective customer recently, the question was raised: “Can I just use Excel to manage my security projects?” It’s a great question since people have been...
Read Article
How you answer an RFP security questionnaire can make or break a new deal. Here, we break down some tips to help you ace your responses in minutes.
Read Article
Learn how to create better security questionnaire responses faster! Includes a free policy template created by former auditors and info you’ll need to make your next RFP a breeze.
Read Flipbook
If you’re working at a company that doesn’t have a senior security lead or CISO, and you are either in a regulated market or selling to large enterprise clients, your company will need to invest...
Read Article
A good security posture sells and too many businesses fail to promote it. We’re going to show you how to use your security program to win more deals.
Read Article
The fourth (and final) part of Tugboat Logic's security best practices guide provides recommendations on securing customers' data and training them on security awareness and security best practices.
Read Article
Part 1 of the security best practices guide teaches you how to foster a blameless security culture, extend that culture to safeguarding customers' data, and ensuring you have up-to-date infosec...
Read Article
Part 3 of the security best practices guide teaches you how to conduct internal security tests using three tools and how to make coding a living security process. This section also explains why...
Read Article
Part 2 of the security best practices guide gives you a basics checklist (e.g. set up HTTPs, keep backups of your back-ups) and best practices for finding vulns in your product. Part 2 also...
Read Article
Here are five ways to up-level your entire organization's security awareness training without breaking the bank, and ensure that every employee is practicing InfoSec best practices in these...
Read Article