The Basics of a Risk Treatment Plan
A risk treatment plan (RTP) is an essential part of an organization’s InfoSec program. In fact, ISO 27001 requires an RTP while SOC 2 and other frameworks ask for similar documentation. A solid...
Read Article
Early Startups
Learn how to kickstart your first InfoSec program and leverage it to win more deals.
-
-
The Basics of GDPR Compliance
Boiling the GDPR down to basics sounds too good to be true, but we did it. Doesn’t 2018 seem like a lifetime ago? Teens were eating Tide Pods, Prince Harry and Meghan Markle’s wedding dominated...
Read Article
-
Security Best Practices for Startups
41 tips to teach you operational security practices, how to secure your infra and apps and keep bad actors out, ensure secure coding in all your operations, and how to protect your customers' data.
Read Flipbook
-
How Much Does It Cost to Be CCPA Compliant?
Halloween was yesterday, but something even scarier is around the corner: CCPA. Just kidding. CCPA is not scary, nor is it something to dread. What’s actually scary about the CCPA is the estimated...
Read Article
-
GDPR Requirements for US Startups
Does It Apply to You? Since the EU rolled out the General Data Protection Regulation (GDPR) last year, large enterprises have been scrambling to reduce the risk of non-compliance associated with...
Read Article
-
Offering Security Assurance to Over 6,000 Customers
Using Tugboat Logic, BentoBox scoped and designed an InfoSec program to fit their needs affordably and automated cyber security training for their team of 100+ people, protecting their 6000 clients.
Read Flipbook
-
Benefits of Information Security for Businesses
A common perception is that information security is simply a “necessary pain in the ass” that organizations don’t want to invest in, implement or think about until they get bigger. And even then,...
Read Article
-
Building an Information Security Program from Scratch
A Common Question: How Long Does it Take to Build an Information Security Program? When talking to my customers, it is more common to get the question “how long will this take?” than “how much...
Read Article
-
Can I Use Excel to Manage My InfoSec Program?
A Great Question When talking to a prospective customer recently, the question was raised: “Can I just use Excel to manage my security projects?” It’s a great question since people have been...
Read Article
-
Acing the Dreaded RFP Security Questionnaire
How you answer an RFP security questionnaire can make or break a new deal. Here, we break down some tips to help you ace your responses in minutes.
Read Article
-
A Step-by-Step Guide to Acing RFP Security Questionnaires
Learn how to create better security questionnaire responses faster! Includes a free policy template created by former auditors and info you’ll need to make your next RFP a breeze.
Read Flipbook
-
How to Become a Cyber Security Expert For Your Company
If you’re working at a company that doesn’t have a senior security lead or CISO, and you are either in a regulated market or selling to large enterprise clients, your company will need to invest...
Read Article
-
How to Use Your Security Program to Win More Deals
A good security posture sells and too many businesses fail to promote it. We’re going to show you how to use your security program to win more deals.
Read Article
-
How to Extend Your Security to Customers
The fourth (and final) part of Tugboat Logic's security best practices guide provides recommendations on securing customers' data and training them on security awareness and security best practices.
Read Article
-
Operational Security Best Practices for Startups: People, Process and Technology
Part 1 of the security best practices guide teaches you how to foster a blameless security culture, extend that culture to safeguarding customers' data, and ensuring you have up-to-date infosec...
Read Article
-
Secure Coding Best Practices
Part 3 of the security best practices guide teaches you how to conduct internal security tests using three tools and how to make coding a living security process. This section also explains why...
Read Article
-
Application and Infrastructure Security Best Practices
Part 2 of the security best practices guide gives you a basics checklist (e.g. set up HTTPs, keep backups of your back-ups) and best practices for finding vulns in your product. Part 2 also...
Read Article
-
5 Ways to Level Up Security Awareness Training Without Breaking the Bank
Here are five ways to up-level your entire organization's security awareness training without breaking the bank, and ensure that every employee is practicing InfoSec best practices in these...
Read Article
