BLOG Latest Blogs December 23, 2024The Rising Threat from Targeted “Data Ransom” Attacks—and How to Protect Your BusinessAs cyberthreats continue to escalate in frequency and sophistication, ransomware attacks remain among the costliest and most damaging for businesses. Learn More Search our Blogs Choose 1 or more topics below to expand your search: AI Application Security | Category - Pivot Point Security Business Continuity Management CCPA CISO Cloud Security | Category - Pivot Point Security Compliance | Category - Pivot Point Security Cybersecurity | Category - Pivot Point Security Cybersecurity Maturity Model Certification (CMMC) Data Privacy Devops Disaster Recovery Ethical Hacking FedRamp GDPR | Category - Pivot Point Security Government | Category - Pivot Point Security Information Security Industry Trends InfoSec Risk Assessment InfoSec Strategies | Category - Pivot Point Security IoT Security | Category - Pivot Point Security ISMS Consulting ISO 22301 ISO 27001 Certification | Category - Pivot Point Security ISO 27701 | Category - Pivot Point Security ISO 42001 Network Security NIST | Category - Pivot Point Security Penetration Testing Phishing | Category - Pivot Point Security Popup Testing Privacy SaaS Security Awareness Training | Category - Pivot Point Security SIEM | Category - Pivot Point Security SOC 2 | Category - Pivot Point Security Social Engineering Third Party Risk Management Uncategorized vCISO Vendor Due Diligence December 19, 2024What is AZRAMP and Does My Business Need to Comply?Continue Reading October 23, 2024What are the New CMMC 2.0 Flowdown Requirements to Manage Defense Supply Chain Cyber Risk?Continue Reading October 10, 2024What is Swarm AI and How Can It Advance Cybersecurity?Continue Reading October 3, 2024How CMMC Enhances Defense Supply Chain SecurityContinue Reading October 3, 2024Is Decentralized Cybersecurity Mesh the Future of Cybersecurity?Continue Reading September 27, 2024What is a Post-Quantum Strategy and Does Our Business Need One?Continue Reading September 27, 2024What is Kubernetes Security Posture Management (KSPM) and Why Should We (as Cloud-Native Developers) Care?Continue Reading September 20, 2024Registered Practitioners Versus Certified CMMC Professionals: What’s the Difference for DIB Orgs Seeking CMMC Compliance?Continue Reading September 16, 2024What is a Cloud Native Application Protection Platform (CNAPP) and What Can It Do for My Business?Continue Reading September 16, 2024What is Cloud Infrastructure Entitlement Management (CIEM) and Why Is It Becoming So Important?Continue Reading September 6, 2024What is the CMMC Assessment Process (CAP) Handbook and Why Should DIB Orgs Care?Continue Reading August 30, 2024ISO 27001 vs NIST 800-53: All You Need to KnowContinue Reading August 30, 2024ISO 27001 vs NIST Cybersecurity Framework: What’s the Difference?Continue Reading August 20, 2024The Primary Importance of CUI Scoping for CMMC CertificationContinue Reading August 20, 2024Know the Difference between ISO 27001 vs 27002 vs 27003Continue Reading August 13, 2024What is Content Disarm and Reconstruction and Why Should I (as a Recipient of Digital Documents) Care?Continue Reading August 6, 2024The Role of Leadership in ISO 27001 ComplianceContinue Reading August 6, 2024Why File-Based Malware Dominates CyberattacksContinue Reading July 26, 2024Data Detection and Response for Privacy and ComplianceContinue Reading July 18, 2024DIB SMBs Rate Their Cybersecurity as Much Better than It Actually Is – Why?Continue Reading July 15, 2024Top 5 Insights from Radicl’s DIB Cybersecurity Maturity Report 2024Continue Reading July 12, 2024How Should Crisis Management Connect with Incident Response?Continue Reading July 4, 2024CMMC Certification vs. CMMC Compliance: Which One Do You Need?Continue Reading July 4, 2024CMMC Certification: How Long Does It Take to Get Certified?Continue Reading June 27, 2024What Privacy Roles Does My Business Need?Continue Reading June 25, 2024What is a Secure Web Gateway and How Does It Support Zero Trust?Continue Reading June 21, 202418 US States Have Now Passed Privacy Laws – Time to Start Building TrustContinue Reading June 19, 202410 Most Important Steps to Build a Data Privacy ProgramContinue Reading June 13, 2024What are SaaS Providers Doing with Your Data?Continue Reading June 7, 2024The Problem with Zero Trust Network Access is Trusting the Service ProviderContinue Reading May 31, 2024Considering ISO 42001? Here are 5 Recommended Guidance SourcesContinue Reading May 24, 2024Top Ransomware Defenses You Probably Don’t Have in PlaceContinue Reading May 22, 2024What is Ransomware and How Has It Morphed in the Last Decade?Continue Reading May 14, 2024What is ISO 42001 and Why Should We (as an Org that Develops and/or Uses AI) Care?Continue Reading May 9, 2024The Crucial Role of Cybersecurity in IPO PreparationContinue Reading April 29, 2024ISO 42001: What are the Key Elements of an AI Management System?Continue Reading April 26, 2024ISO 42001, ISO 27001 and ISO 27701: Is This the New “Big 3” for Provably Secure and Compliant AI?Continue Reading April 17, 2024How Much Does ISO 27001 Certification Cost in 2024?Continue Reading April 17, 2024What is Distributed Ledger Technology (DLT) and How Can It Simplify Privacy Compliance?Continue Reading April 12, 2024Virtual CISOs and Community Banks—Perfect TogetherContinue Reading April 10, 2024What is Hedera Hashgraph and How Does It Solve Blockchain Privacy Issues?Continue Reading March 20, 2024Data Privacy Compliance in Higher Ed: Now is the TimeContinue Reading March 15, 2024What is a TISAX Simplified Group Assessment and Who Can Use It?Continue Reading March 14, 2024CMMC Proposed Rule Changes: What’s Changing and How to PrepareContinue Reading March 7, 2024What is Kubescape and Why Should We (as Cloud-Native Developers) Care?Continue Reading March 5, 2024Container and Kubernetes Security: A Nontechnical IntroductionContinue Reading March 1, 2024What is a Container and Why are They So Popular with Developers?Continue Reading February 27, 2024What is the New Jersey Data Privacy Law, and How Can We Streamline Compliance?Continue Reading February 23, 2024The EU AI Act: 9 Top Questions AnsweredContinue Reading February 22, 2024SOC 2 Reports – Which Trust Services Criteria Do You Need?Continue Reading February 21, 20246 Key Takeaways from the 2023 SOC Benchmark StudyContinue Reading February 16, 2024CMMC Proposed Rule: New Guidance on CMMC Level 3Continue Reading February 14, 2024The New CMMC Proposed Rule—Answers to Your Top 9 QuestionsContinue Reading February 9, 2024ISO 27001 Accreditation: Why It Matters for Cloud Service ProvidersContinue Reading February 6, 2024CMMC BenefitsContinue Reading February 1, 20242 Principles to Revolutionize Security Awareness TrainingContinue Reading January 26, 2024What is Cyversity and How Can It Improve Diversity on My Cybersecurity Team?Continue Reading January 22, 2024What is the Digital Operational Resilience Act (DORA) and How Will It Impact My Business?Continue Reading January 22, 2024Empowering Diversity in the Cybersecurity IndustryContinue Reading January 6, 2024ISO 27001 and Data Protection: The Crucial LinkContinue Reading January 4, 2024What are the 5 Key DevOps Research & Assessment (DORA) Metrics and Why Should I Care?Continue Reading January 3, 2024Cyber Essentials Plus: What is It and How Can It Help My Business?Continue Reading January 2, 2024Understanding the ISO 27001:2022 UpdateContinue Reading January 2, 2024Getting Certified to ISO 27001:2022? Your Transition Plan is Critical for the External Audit.Continue Reading January 2, 2024Here’s How to Make Sure Your Security Awareness Training is WorkingContinue Reading December 27, 2023CMMC Gets Posted to the Federal RegistryContinue Reading November 22, 2023Human-Level AI: What Can It Do, What Are the Risks, and When Will It Be Here?Continue Reading December 12, 2023ISO 27001 Security Policies: What They Are and Why They’re ImportantContinue Reading November 15, 2023The EU’s NIS2 Directive: Here’s What You Need to KnowContinue Reading December 6, 2023Top 10 Benefits of ISO 27001 Compliance for StartupsContinue Reading December 6, 2023NIST AI Risk Management Framework: What You Should Know and Why You Should CareContinue Reading November 22, 2023“Failure is Not an Option”—What Does That Mean for Recovery Planning?Continue Reading November 22, 2023Understanding the Basics: What is ISO 27001?Continue Reading November 2, 2023Understanding and Applying Risk Management Strategies for CMMC CertificationContinue Reading November 2, 20235 Common Mistakes When Pursuing ISO 27001 CertificationContinue Reading November 2, 2023How to Demonstrate Compliance with CMMC: An OverviewContinue Reading November 2, 2023The Difference between ISO 27001 and Other CertificationsContinue Reading October 18, 20233 Essential Tips for Maintaining CMMC ComplianceContinue Reading October 18, 20233 Questions to Consider before Pursuing ISO 27001 CertificationContinue Reading September 5, 2023The Importance of Maintaining an Up-to-Date ISO 27001 CertificationContinue Reading September 5, 2023How to Get CMMC Certified: 7 Steps to Take Before ApplyingContinue Reading September 1, 2023What is CMMC Certification and What Does it Mean for Your Business?Continue Reading August 31, 2023CMMC Rulemaking Update and TimelineContinue Reading August 29, 2023What is ISO 27001 Certification and Why Does It Matter?Continue Reading August 9, 2023Leaking Meta’s LLaMA AI – the Good, the Bad, and the Very BadContinue Reading August 9, 2023Public and/or Shared AI Models Cannot be Trusted Until an AI Bill of Materials Become the NormContinue Reading June 23, 2023Time and Cost Factors to Attain a FedRAMP ATOContinue Reading June 23, 2023FedRAMP ATO: 3 Tips to Minimize Cost, Complexity, and Time to TargetContinue Reading June 23, 2023Big Pros and Cons of an “Agency” Versus “JAB” Approach to a FedRAMP ATOContinue Reading June 23, 2023Getting Ready for Your FedRAMP Third-Party AssessmentContinue Reading June 23, 2023FedRAMP Requirements Can Change Your Solution ArchitectureContinue Reading June 23, 2023To FedRAMP or Not to FedRAMP: That is the (First) QuestionContinue Reading June 23, 2023Intro to FedRAMPContinue Reading June 23, 2023A FedRAMP ATO – The Good, The Bad, and the UglyContinue Reading June 6, 2023What is a Microservice Architecture and How Do I Secure It?Continue Reading June 6, 2023Security and Development Must Work Closely to Secure MicroservicesContinue Reading June 6, 2023How Do Microservices Change Software Security?Continue Reading June 6, 2023Microservices and APIs—How Do They Connect?Continue Reading June 6, 2023What is a Microservice Architecture?Continue Reading May 29, 2023How Poor Cyber Asset Management Enabled the Equifax BreachContinue Reading May 29, 20234 Ways a Strong Cyber Asset Management Program Can Help Block Ransomware AttacksContinue Reading May 29, 2023Active Asset Scanning in OT EnvironmentsContinue Reading May 29, 2023Why Vulnerability Management Tools Fall Short for Cyber Asset DiscoveryContinue Reading May 29, 20232 Biggest Challenges with Cyber Asset Management – PivotContinue Reading May 24, 2023How ISO 27001:2022 Attributes Might Impact Your Certification Audit (and Improve Your Security)Continue Reading May 24, 2023ISO 27001:2022—What is the Level of Transition Effort?Continue Reading May 24, 2023ISO 27001:2022—When Should My Org Make the Transition?Continue Reading May 24, 2023ISO 27001:2022—Insights into What’s NewContinue Reading May 12, 2023RSA Conference 2023 Takeaway—“Shifting Security Left” is Now in Full SwingContinue Reading May 12, 2023RSA Conference 2023 Takeaway—Privacy Will Drive Data GovernanceContinue Reading May 12, 2023RSA Conference 2023 Takeaway—AI is Coming But It’s Not Here YetContinue Reading May 12, 2023RSA Conference 2023 Takeaway—More Than Ever, a Product-Centric Security Strategy is DangerousContinue Reading May 9, 2023How Long Before Software Bill of Materials (SBOM) Moves from Buzzword to ExpectationContinue Reading May 9, 2023A Software Bill of Materials (SBOM) Benefits Both Vendors and UsersContinue Reading May 9, 2023What is an SBOM and Why Are My Customers Suddenly Asking for One?Continue Reading April 28, 2023When You’re Doing Cyber Asset Management… What’s An Asset?Continue Reading April 28, 2023If your asset management sucks, your security sucksContinue Reading April 17, 2023Beware the Latest Funds Transfer Fraud —Deepfake Voice CloningContinue Reading April 6, 2023Should We Implement DevSecOps? You May Not Have a Choice.Continue Reading April 5, 2023DevSecOps: Recommended Guidance and Standards to Help Get You StartedContinue Reading April 4, 2023Shifting DevSecOps LeftContinue Reading April 3, 2023DevSecOps Depends on Understanding Application-Specific RiskContinue Reading March 31, 2023Getting Started with DevSecOpsContinue Reading March 30, 2023DevSecOps DefinedContinue Reading March 29, 20234 Tactical Steps to Implementing DevSecOps in 2023Continue Reading March 27, 20237 Reasons Why You Should Get CMMC Certified Ahead of the May 2023 RulemakingContinue Reading March 24, 2023Pros and Cons to a “Hybrid Approach” to Microsoft 365 Commercial and GCC/GCC HighContinue Reading March 23, 2023Why is Microsoft 365 GCC High “So Expensive”?Continue Reading March 21, 2023The “Feature Factor” in Moving to Microsoft 365 GCC or GCC HighContinue Reading March 18, 2023How Long Does a Microsoft 365 “Government Cloud” Migration Take?Continue Reading March 17, 20233 Top Considerations for Migrating to a Microsoft 365 “Government Cloud”Continue Reading March 16, 2023Should My Org Be on a Microsoft 365 “Government Cloud”?Continue Reading March 15, 2023Should we be in Microsoft 365 GCC, GCC High, or Commercial?Continue Reading March 7, 2023Will Implementing the New ISO 27001:2022 Control Set Improve Your ISMS?Continue Reading March 8, 20232 “Gotchas” to Avoid on Move to ISO 27001:2022 – PivotContinue Reading March 6, 20233 Things Your ISO 27001:2022 Auditor Would Love to See in Your ISMSContinue Reading March 5, 2023Benefits of Moving to ISO 27001:2022 ASAPContinue Reading March 4, 2023ISO 27001:2022—How Does It Impact Related Standards?Continue Reading March 3, 2023We’re Working Towards Certification to ISO 27001:2013—How Does ISO 27001:2022 Impact Us?Continue Reading March 2, 2023When Will Auditors Be Ready to Certify ISO 27001:2022 Compliance?Continue Reading March 1, 2023When Should You Move to ISO 27001:2022?Continue Reading February 20, 2023Need to Align Your Web App Security Program with NIST’s SSDF or ISO 27001? OWASP SAMM Can Help.Continue Reading February 19, 2023Don’t Dump Application Security on Your DevelopersContinue Reading February 18, 2023Web Application Security—How Mature Are Most Orgs Today?Continue Reading February 17, 2023How (Not) Good is Your Web App Security? OWASP SAMM Can Tell You.Continue Reading February 16, 2023Getting to “Secure by Design” with OWASP SAMMContinue Reading February 15, 2023What is OWASP SAMM and How Can It Elevate Your Application Security?Continue Reading February 10, 2023The TISAX Audit Process: Here’s What to ExpectContinue Reading February 9, 2023TISAX and ISO 27001: How Do They Relate?Continue Reading February 8, 2023TISAX Assessment Objectives, Levels, and LabelsContinue Reading February 7, 2023What is TISAX and Why Should We (as an Auto Industry Supplier) Care?Continue Reading February 6, 2023Understanding TISAX (Trusted Information Security Assessment Exchange)Continue Reading February 3, 2023Emerging Use Cases for Cyber Threat IntelligenceContinue Reading February 3, 2023How Does Cyber Threat Intelligence Relate to Attack Surface Management or Digital Risk Management?Continue Reading February 2, 2023Still Think Your Org Has Nothing Hackers Want?Continue Reading February 2, 2023Cybercrime Business Models and Supply ChainsContinue Reading February 1, 2023How Financially Motivated Cybercriminals Really Operate, and Why You (as an Org with Exploitable Assets) Should CareContinue Reading February 1, 2023Understanding How Cybercriminals Operate Can Protect Your BusinessContinue Reading January 26, 2023What’s New and Exciting with AWS Security?Continue Reading January 25, 2023Public Cloud Consumers: Is Your Management Plane Secure?Continue Reading January 25, 2023What are the Most Important AWS Security Tools that Every Org Should Use?Continue Reading January 25, 2023Why Do So Many Orgs Stumble on Cloud Security?Continue Reading January 25, 2023Different Public Cloud Services Equal Different Shared Security Responsibilities with Your CSPContinue Reading January 25, 20232 Top Security Problems AWS Users Cause – Pivot PointContinue Reading January 25, 2023AWS Cybersecurity Best Practices—From Amazon’s Security Solutions ArchitectContinue Reading January 23, 2023Cyber Insurance Considerations for DIB OrgsContinue Reading January 23, 2023Export Controlled Data: What is It and Why Should We (as a US Government Contractor) Care?Continue Reading January 23, 2023DIB Orgs: Here’s How to Avoid False Claims Act SanctionContinue Reading January 23, 2023Should You Voluntarily Disclose a CUI Incident or Data Breach?Continue Reading January 23, 2023CUI Basic and CUI Specified—What’s the DifferenceContinue Reading January 23, 2023Understanding the Legalities around Controlled Unclassified Information (CUI)Continue Reading January 18, 2023Security Staffing Moves for a Down EconomyContinue Reading January 18, 2023Want to Work Smarter Not Harder in a Down Economy? Embrace Security Automation.Continue Reading January 18, 2023In a Down Economy, Ensure You’re Getting the Max from Security InvestmentsContinue Reading January 18, 2023Why You Should Keep Making Needed Security Investments in a Down EconomyContinue Reading January 18, 2023Why Aligning Cybersecurity with Trusted Frameworks is More Important than Ever in a Down EconomyContinue Reading January 17, 2023A Cybersecurity Strategy is More Critical Than Ever in a Slow EconomyContinue Reading January 17, 2023John Verry’s Top 10 Ideas to Advance Security and Compliance Even in a Tight EconomyContinue Reading April 13, 2024CMMC Rulemaking Changes Again—What’s the Timeline Now?Continue Reading January 5, 2023Leveraging OOTB “Policy as Code” for Cloud Security Posture ManagementContinue Reading January 5, 2023Addressing False Positives and Alert Fatigue across Enterprise Security ToolsContinue Reading January 5, 2023Your Cloud Security Posture Needs Both Preventive and Detective/Corrective ComponentsContinue Reading January 4, 2023Governance as Code—Is It the Answer to Cloud-Native Security?Continue Reading January 4, 2023Security, Compliance and Governance in the Cloud—How Do They Relate?Continue Reading January 4, 2023Dynamic Relationships between Governance, Security, and ComplianceContinue Reading December 28, 2022Is Your Board Prepared for the SEC’s New Cybersecurity Regulations?Continue Reading December 20, 2022Is Attack Surface Management Right for SMBs?Continue Reading December 20, 2022Factoring Third-Party Risk into Attack Surface ManagementContinue Reading December 19, 2022How Much of Your Attack Surface is Beyond Your Visibility?Continue Reading December 19, 2022Is It Still a Data Breach if the Data was Outside Your Infrastructure?Continue Reading December 19, 2022How Do Assets Relate to Attack Surface Management?Continue Reading December 15, 2022What is Digital Business Risk Management and Why is It So Valuable to Security Leaders?Continue Reading December 15, 2022Is Digital Business Risk Management the Future of Attack Surface Management?Continue Reading November 23, 2022Monitoring Security of Your Deployed Public Cloud ApplicationContinue Reading November 22, 2022Validating Security Within Your DevOps PipelineContinue Reading November 10, 2022Time’s (Almost) Up for California Privacy ComplianceContinue Reading November 21, 2022Skills to Look for in Developers to Move Your Applications to the CloudContinue Reading November 18, 2022Should We Containerize Our Cloud-Based Application?Continue Reading November 17, 2022Should You Outsource Managing Your App Along with Building It?Continue Reading November 16, 2022Are There Any Simple Templates to Help Manage a Secure Web App in the Public Cloud?Continue Reading November 15, 2022The Complexities of Deploying a Secure Application in the CloudContinue Reading November 14, 2022What are a New Privacy Lead’s Biggest Challenges? (From a Fortune 500 CPO)Continue Reading November 11, 2022Tips from a Fortune 500 CPO on Automating Your Privacy ProgramContinue Reading November 10, 2022Tackling the Legal Side of Privacy without Becoming a LawyerContinue Reading November 9, 2022How Does Physical Security Tie into Privacy?Continue Reading November 7, 2022The New Intersection of Privacy and Security (from a Fortune 500 CPO)Continue Reading November 7, 2022The Intersection of Privacy & SecurityContinue Reading October 26, 2022What Will It Take to Survive a Third-Party CMMC Level 2 Assessment?Continue Reading October 26, 2022DIB Orgs: Here’s What’s Up with CMMC “Flowdown” and New Pressures from PrimesContinue Reading October 25, 2022We Don’t Think We Need CMMC Level 2 but the Government Says We Do…Continue Reading October 25, 2022Should We Pursue a Voluntary CMMC Assessment?Continue Reading October 24, 2022Is There a Path for Non-US Companies to be CMMC Certified?Continue Reading October 24, 2022ISO 27001 Certified Orgs—Here’s the Latest on CMMC ReciprocityContinue Reading October 24, 2022House Approves Updated FedRAMP Authorization ActContinue Reading October 21, 2022Can SMBs Afford CMMC Level 2 Certification?Continue Reading October 21, 2022When Do We Need to Be CMMC 2.0 Certified?Continue Reading October 20, 2022DIB Orgs: Here are Answers to Your Top CMMC Encryption and MFA QuestionsContinue Reading April 20, 2024Does My DIB Org Need a SIEM for CMMC ComplianceContinue Reading October 19, 2022Your Top CMMC Questions AnsweredContinue Reading October 14, 2022SME InfoSec Leads: Here’s How to Kickstart a Privacy ProgramContinue Reading October 17, 2022How Automation Can Help Operationalize a Privacy ProgramContinue Reading October 13, 2022How Automation Can Help with Data Privacy Impact AssessmentContinue Reading October 12, 2022SMEs: Do You Know Where All Your Customers’ Personal Data Resides?Continue Reading October 11, 2022SMEs: Are Your Customers Pushing You Towards a Privacy Program?Continue Reading October 10, 2022The Two Audiences For Privacy & How They Drive Data CollectionContinue Reading October 7, 2022Is Cybersecurity Certification Worth the Effort?Continue Reading October 6, 2022Can Disaster Recovery and Business Continuity Help with Software Supply Chain Risk Assessment?Continue Reading October 5, 2022Can Cybersecurity Frameworks Help with Software Supply Chain Risk Management?Continue Reading October 4, 2022Supply Chain Risk Management and Third-Party Risk Management: What’s the Difference?Continue Reading October 3, 2022What is Software Supply Chain Risk Management and Why Should We (as an Org That Uses Software) Care?Continue Reading October 3, 2022The FTC’s Intensified Prosecution of Deceptive Cybersecurity and Privacy Practices: Here’s What You Should KnowContinue Reading September 30, 2022Unpacking Critical Elements of Supply Chain Risk ManagementContinue Reading September 30, 2022PATCH Act Legislation Could Expand Medical Device Manufacturing Cybersecurity RegulationsContinue Reading September 27, 2022NIST Update on HIPAA Security Rule Can Help Your Org Reduce ePHI Risk ExposureContinue Reading September 19, 2022OMB Mandates US Federal Agencies to Comply with NIST Guidance on Software Supply Chain SecurityContinue Reading August 8, 2022How Does the NIST Secure Software Development Framework (SSDF) Compare with OWASP SAMM, BSIMM, etc.?Continue Reading August 4, 2022What is the Software Development Lifecycle and Why is It Central to Software Security?Continue Reading July 28, 2022The Cyberspace Solarium Commission Report and CMMC—How Do They Connect?Continue Reading July 28, 2022We Need Public/Private Partnership to Fight the Cyber War We’re InContinue Reading July 27, 2022What is the Cyberspace Solarium Commission Report and Why Should I Care?Continue Reading July 22, 2022How Does DevOps Impact Your Database Security?Continue Reading July 21, 2022How Moving to the Cloud Impacts Your Database SecurityContinue Reading July 20, 20223 Reasons Why Database Security is UndervaluedContinue Reading July 20, 20225 Top Database Risks You Didn’t Know You HadContinue Reading July 19, 2022Confronting the Wild West of Database SecurityContinue Reading July 18, 2022The Argument for More Board-Level Cybersecurity ExpertiseContinue Reading July 15, 2022What is “Secure By Default” and How Do We Get There?Continue Reading July 14, 2022Looking Beyond Trusted Frameworks to Achieve Robust CybersecurityContinue Reading July 13, 2022Bridging the Gap Between Cybersecurity and the Business WorldContinue Reading July 8, 2022Does Your Cyber Liability Insurance Fit with Your Total Insurance Coverage?Continue Reading July 8, 20223 Top Reasons Why an Attorney Should Review Your Cyber Liability Insurance PolicyContinue Reading July 8, 2022Are Cyber Liability Insurance Companies (Entirely) to Blame for Today’s Onerous PremiumsContinue Reading July 8, 2022Why Cyber Liability Insurance Has Become the “Wild West”Continue Reading July 7, 2022Legal and Infosec Strategies to Deal with Exploding Cyber Liability Insurance PremiumsContinue Reading September 1, 2022DIB Orgs: Time is Almost Up for DFARS and NIST 800-171 ComplianceContinue Reading August 26, 2022What is the OWASP Software Assurance Maturity Model (SAMM) and Why Should We (as an Org That Develops Software) Care?Continue Reading August 26, 2022Applying the OWASP Software Assurance Maturity Model (SAMM) in Your EnvironmentContinue Reading August 30, 2022OWASP SAMM’s 5 Business Functions UnpackedContinue Reading August 29, 2022BSIMM and OWASP SAMM ComparedContinue Reading August 29, 2022Using OWASP’s Software Assurance Maturity Model (SAMM) and Application Security Verification Standard (ASVS) TogetherContinue Reading August 25, 2022Breaking Down the Latest in Software Security Standards & the Impact on SaaS BusinessesContinue Reading August 23, 2022Top Use Cases for Continuous API SecurityContinue Reading August 22, 2022What is Continuous API Scanning and Why Should We (as App Developers) Care?Continue Reading August 22, 2022What are the Financial Benefits of API-Level Security?Continue Reading August 19, 2022How Does an API-First Architecture Affect Your App Attack Surface?Continue Reading August 19, 2022Application Security and API Security are Becoming Synonymous—Are You Ready?Continue Reading August 18, 2022What You Need to Know about APIs and API SecurityContinue Reading August 12, 2022Aligning Security with Business Goals to Create More ValueContinue Reading August 12, 2022The “Value Creation” Side of Return on Security Investment (ROSI) EstimatesContinue Reading August 11, 2022A Risk-Based Approach to Calculating Return on Security Investment (ROSI)Continue Reading August 11, 2022Return on Security Investment (ROSI): What is It and How Do You Calculate It?Continue Reading August 10, 2022How to Measure the Value of Information SecurityContinue Reading August 8, 2022What’s the Effort to Align Your Dev with the NIST Secure Software Development Framework (SSDF)?Continue Reading August 4, 2022Making the Most of the CMMC Assessment Guidance from the CyberABContinue Reading August 5, 2022Here’s Why Software Vendors Should Align with the SSDF Whether Mandated or NotContinue Reading August 5, 2022Why Does the USG Think We Need the NIST Secure Software Development Framework (SSDF)?Continue Reading August 4, 2022What is the NIST Secure Software Software Development Framework and Why Should We (as a Software Vendor) Care?Continue Reading August 3, 2022What NIST’s Secure Software Development Framework Means to YouContinue Reading July 26, 2022US Gov. Cybersecurity Roadmap: Where it came from and Where is it Going?Continue Reading August 1, 2022US Government Threat Intelligence Programs: Where Are They Headed?Continue Reading July 29, 2022Recent White Papers from the Cyber Solarium Commission—What is Their Purpose?Continue Reading July 29, 2022What is the Cyberspace Solarium Commission 2.0 Project and Why Should I (as a US Citizen) Care?Continue Reading July 27, 2022What is Continuity of the Economy Planning and Why Should I (as a US Citizen) Care?Continue Reading July 21, 2022Your Database Attack Surface is Bigger than You ThinkContinue Reading July 14, 2022The Strategy Behind the Gula Tech Adventures PortfolioContinue Reading July 18, 2022Why Philanthropy is Important in CybersecurityContinue Reading July 14, 2022How Do You Know If Your Business is Really Secure?Continue Reading July 11, 2022What is a Breach Counselor and Why Do We (as an Org with Cyber Liability Insurance) Care?Continue Reading July 11, 2022Do You Know Your Cyber Liability Insurance Obligations?Continue Reading June 30, 2022CMMC 2.0: Is Certification Worth the Cost and Risk?Continue Reading June 29, 2022CMMC 2.0: Choose Your Registered Provider Organization CarefullyContinue Reading June 28, 2022CMMC 2.0: DoD Emphasizes “Nothing Has Changed” (So Why Aren’t You Ready?)Continue Reading June 27, 2022CFIUS Cybersecurity Considerations: Here’s What You Need to KnowContinue Reading June 27, 2022CMMC 2.0: DoD Clarifies Rollout Schedule and MoreContinue Reading June 24, 2022Benefits of Categorizing NIST 800-171 Requirements as Technical Versus NontechnicalContinue Reading June 24, 2022Important Clarifications on CMMC v2 from CMMC Day May 9, 2022Continue Reading June 16, 2022What Really Drives Innovation in Cybersecurity?Continue Reading June 16, 2022Are We More or Less Secure than 20 Years Ago?Continue Reading June 15, 2022Investors are Targeting These Emerging Cybersecurity AreasContinue Reading June 15, 20223 Different Types of Private Equity Firms ExplainedContinue Reading June 14, 20225 Top Criteria for Venture Capitalists Evaluating Tech CompaniesContinue Reading June 14, 2022The Past, Present and Future of Cybersecurity From the Viewpoint of a Venture CapitalistContinue Reading June 9, 2022What is OWASP SAMM and Why Should We (as an Org that Develops Software) Care?Continue Reading June 7, 2022How Attack Surface Management Calculates Attack PathsContinue Reading June 7, 2022How Does Attack Surface Management Connect with Patch Management?Continue Reading June 6, 2022Top Scenarios for Implementing Attack Surface ManagementContinue Reading June 6, 2022NopSec’s Vision for Attack Surface ManagementContinue Reading June 3, 2022Attack Surface Management: Should It Cover Configuration Management?Continue Reading June 3, 2022What is Attack Surface Management and Why Should We (as an Org with Vulnerabilities) Care?Continue Reading June 2, 2022Understanding Attack Surface ManagementContinue Reading June 2, 2022Protecting CUI Nonfederal OrganizationsContinue Reading May 27, 2022Here’s What State-of-the-Art Entryway Security Looks LikeContinue Reading May 26, 2022Does My Business Need Better Entryway Security?Continue Reading May 25, 2022Why Physical Security and Cybersecurity are ConvergingContinue Reading May 24, 2022The Convergence of Physical & CybersecurityContinue Reading May 19, 2022CMMC 2.0 Level 3 Certification: What’s Up with That for MSPs/MSSPs?Continue Reading May 19, 2022MSPs/MSSPs: Here’s the Latest CMMC/NIST 800-171 Compliance TimelineContinue Reading May 18, 2022Why MSPs/MSSPs Should Develop a Shared Responsibility MatrixContinue Reading May 18, 2022When is an MSP/MSSP a CSP for CUI Protection Purposes?Continue Reading May 17, 2022MSPs/MSSPs: Are You Subject to “Flowdown” CUI Protection Requirements?Continue Reading May 17, 2022CMMC Compliance for MSPs/MSSPs: Taking a “Cross-Client” ApproachContinue Reading May 16, 2022CMMC Compliance for MSPs/MSSPs: 3 Shared Responsibility AnglesContinue Reading May 16, 2022What New CMMC Guidance Means for MSPs and MSSPsContinue Reading May 10, 2022Got Hardcopy CUI? NIST SP 800-171 Requirements Apply.Continue Reading May 9, 2022Step #8 to Retaining Security Talent: Win-Win CommunicationContinue Reading May 9, 2022Step #7 to Retaining Security Talent: Make Career Promotion Criteria Outlined & TransparentContinue Reading May 6, 2022Step #6 to Retaining Security Talent: Roles & Responsibilities are Clearly Defined & MeasuredContinue Reading May 6, 2022Step #5 to Retaining Security Talent: Consistent Management TrainingContinue Reading May 5, 2022Step #4 to Retaining Security Talent: Kindness-Only CultureContinue Reading May 5, 2022Step #3 to Retaining Security Talent: Self-Care CultureContinue Reading May 4, 2022Step #2 to Retaining Security Talent: Positive Attitude CultureContinue Reading May 4, 2022Step #1 to Retaining Security Talent: Emotionally Intelligent ManagersContinue Reading May 3, 20228 Ingredients for Baking Inclusivity into Your CultureContinue Reading April 22, 2022SEC Proposes New Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident DisclosureContinue Reading April 22, 2022The NIST Cybersecurity Framework Helps Business and Technical Leaders Communicate About SecurityContinue Reading April 22, 2022Understanding the Cloud Controls MatrixContinue Reading April 22, 2024Local Storage Versus Cookies: Which to Use to Securely Store Session TokensContinue Reading May 2, 2022How Panther Helps Get You Real-Time Access to Arbitrary Security DataContinue Reading April 29, 2022Comparing the Cost of “SIEM”: How Much and Time-to-ValueContinue Reading April 28, 2022Get Proactive with Real-Time Streaming Security AnalyticsContinue Reading April 27, 2022Big Data, Snowflake and the Reinvention of SIEMContinue Reading April 26, 2022“The State of SIEM” and Why the Security Industry Needs to Move OnContinue Reading April 25, 2022What is “Serverless SIEM” and Why Should We (as an Org Trying to Detect Cyber Threats) Care?Continue Reading April 22, 2022Becoming More Efficient w/ a Cloud-Native Approach to Data SecurityContinue Reading February 2, 20223 Top Ways to Incorporate NIST 800-171 into Your ISO 27001 or SOC 2 ProgramContinue Reading February 2, 20224 Key Responses to New US Government Cybersecurity RegulationsContinue Reading February 2, 2022CISA, Critical Infrastructure and CUI: 3 New Drivers for the Future of Your ISO 27001 or SOC 2 Cybersecurity ProgramContinue Reading February 2, 2022A Brief History of Recent US Government Cybersecurity Guidance and Why You Should Care—Even If You Don’t Do Business with the USGContinue Reading December 3, 2021Are SaaS Customers a Bigger Business Risk to their Vendors than Vice Versa?Continue Reading December 3, 20214 Top Things Your SaaS Vendors Should Be Doing to Prove They’re SecureContinue Reading December 3, 2021AI-Based Threat Detection for SaaS Applications: “Suspenders to Backup Your Belt”Continue Reading December 3, 2021Customer Managed Encryption Keys: With Great Power Comes Great ResponsibilityContinue Reading December 3, 2021The Cloud Security “Shared Responsibility” Model is EvolvingContinue Reading December 3, 2021Here’s Why Cloud-Based Solutions are Now More Secure than On-PremContinue Reading April 15, 2022Using the CSA STAR Program for ProcurementContinue Reading April 14, 2022How the Cloud Security Alliance Addresses PrivacyContinue Reading April 13, 2022What is the CSA Cloud Controls Matrix and Why Should Everyone on the Cloud Care?Continue Reading April 12, 2022What is the Cloud Security Alliance and Why Should I (as Someone Selling or Buying Cloud Services) Care?Continue Reading April 11, 2022Essential Cloud Security & Compliance Tips from CSAContinue Reading April 8, 2022CMMC 2.0: What’s Ahead for the DIB?Continue Reading April 7, 2022Why is Management Buy-In a Challenge for CMMC Compliance?Continue Reading April 7, 2022Dib Orgs: Here’s How to Apply the CMMC Scoping Guide to OT AssetsContinue Reading April 6, 2022Dib Orgs: Why is Asset Management a Challenge?Continue Reading April 6, 2022Dib Orgs: What to Do If You Don’t Think You Have CUIContinue Reading April 5, 2022CMMC 2.0 ScopingContinue Reading April 5, 20223 Reasons Why It’s So Hard to Identify CUIContinue Reading April 4, 20223 Top Challenges with CMMC 2.0Continue Reading April 4, 2022Ongoing Challenges with CMMCContinue Reading April 8, 2022CMMC 2.0 Rulemaking: What are the Implications for Government Contractors Outside the DIB?Continue Reading April 4, 2022Fleet Device Management: Future PlansContinue Reading April 1, 2022How Malware SpreadsContinue Reading April 1, 2022Using Fleet’s Policy Feature for Configuration ManagementContinue Reading March 31, 2022Open Source Device Management—Can It Improve Your Vulnerability Management?Continue Reading March 30, 2022Open Source Device Management—Is It Right for Your Use Cases?Continue Reading March 29, 2022Open Source Device Management—It’s All About Transparency and FlexibilityContinue Reading March 28, 2022Is Open Source the Future of Endpoint SecurityContinue Reading March 25, 2022IoT Device Security: What to Look for from VendorsContinue Reading March 24, 2022IoT Security Guidance: What is Its Real-World Value?Continue Reading March 23, 2022Remotely Hacking IoT Devices: Here’s How It’s DoneContinue Reading March 23, 2022“AWS for Security” — A One-Stop Shop in the Making?Continue Reading March 22, 2022A Hardware Hacker’s Top Tips for Building Secure IoT DevicesContinue Reading March 22, 2022“AWS for Security” — Can It Also Support Compliance?Continue Reading March 22, 2022The New NIST Secure Software Development Framework: Why It’s So Important for the USG Supply ChainContinue Reading March 21, 2022“AWS for Security”—Can It Reduce Your Security Software Costs?Continue Reading March 21, 2022OK, So… What’s an IoT Device?Continue Reading March 18, 2022Are You Ready for “AWS for Security”?Continue Reading March 17, 2022The “AWS Approach” to Provable SecurityContinue Reading March 16, 2022The New ISO 27002:2022—What Does It Mean for Your ISO 27001 ISMS?Continue Reading March 16, 2022The Value of Attributes in the New ISO 27002:2022Continue Reading March 15, 2022The OMB’s Final Zero Trust Strategy: 8 Key TakeawaysContinue Reading March 15, 2022The New ISO 27002:2022—What’s New with the Controls?Continue Reading March 15, 2022The New ISO 27002:2022—What are “Themes” and Why are They Cool?Continue Reading March 14, 2022The New ISO 27002:2022 — How Was It Developed?Continue Reading March 14, 2022What Does the New ISO 27002 Update Mean for You?Continue Reading March 14, 2022DIB Orgs: Can You Identify CUI?Continue Reading March 14, 2022DIB Orgs: Your SPRS Score, System Security Plan and POAMs Had Better Be for RealContinue Reading March 11, 2022Continuous Compliance: What Are the Business Benefits?Continue Reading March 11, 2022Continuous Compliance for DIB Orgs: What Are Some Examples?Continue Reading March 10, 20223 Inescapable Reasons Why DIB Orgs are Now Reliant on Their Compliance ProgramsContinue Reading March 10, 2022CMMC 2.0 Compliance—What Will It Look Like at Level 1 or Level 2?Continue Reading March 10, 2022Microsoft Just Endorsed ISO 27001 (and ISO 27701) Over SOC 2! Here’s What It Means to YouContinue Reading March 9, 2022CMMC 2.0 Compliance—Here’s What to Focus on NowContinue Reading March 9, 2022Continuous Compliance—What is It and Why Should You (as a DIB Org) Care?Continue Reading March 8, 2022John Verry’s 2022 InfoSec Prediction #8: CSPs Up Their Security GameContinue Reading March 8, 2022John Verry’s 2022 InfoSec Prediction #7: Software Security Goes MainstreamContinue Reading March 7, 2022John Verry’s 2022 InfoSec Prediction #6: Companies Will Look to Shorten Their Vendors ListsContinue Reading March 7, 2022John Verry’s 2022 InfoSec Prediction #5: “Our Compliance Officer” and/or “Our GRC Platform” Enter Your LexiconContinue Reading March 4, 2022John Verry’s 2022 InfoSec Prediction #4: The Use of Fractional/Virtual CISOs Will Continue to Grow RapidlyContinue Reading March 4, 2022John Verry’s 2022 InfoSec Prediction #3: Supply Chain Risk Management Will Continue to Grow in ImportanceContinue Reading March 3, 2022John Verry’s 2022 InfoSec Prediction #2: Cyber Liability Insurance Premiums and Due Diligence Will Increase SignificantlyContinue Reading March 3, 2022John Verry’s 2022 InfoSec Prediction #1: Zero Trust Moves from Buzzword to RealityContinue Reading March 3, 2022New False Claims Act Initiative Could Increase Federal Contractors’ Cyber Compliance RiskContinue Reading March 3, 2022It’s Hard to Spell Security with API (Translation: You Need an AppSec Strategy)Continue Reading March 2, 2022John Verry’s 2022 InfoSec Predictions: Challenges & ResponsesContinue Reading March 2, 20222021 Cyber Incident Year in ReviewContinue Reading February 2, 2022Can Attack Surface Management Help with Incident Response?Continue Reading February 1, 2022Can Attack Surface Management Help with Vulnerability Assessment?Continue Reading January 31, 2022How Attack Surface Management Can Help Reduce Supply Chain Security RisksContinue Reading January 27, 2022How I Got root on a ThermostatContinue Reading January 25, 2022Are You Ready for the New ISO 27001:2022?Continue Reading January 24, 2022How (Not) to Perfect Your ISO 27001 Information Security Management System in Only 3 YearsContinue Reading January 21, 2022New Senate Bill Proposes Multiple Changes to FedRAMP ProgramContinue Reading January 17, 2022All Federal Contractors are Already Subject to NIST 800-171 Requirements—Not Just the DIBContinue Reading January 10, 2022Attack Surface Management with RiskIQ’s PassiveTotal PlatformContinue Reading January 6, 2022Attack Surface Management: Dark Web Deep-Dives and MoreContinue Reading January 4, 2022What is Attack Surface Management and Why Should We (as an Organization at Risk of Cyberattack) Care?Continue Reading January 3, 2022Cybersecurity Impacts of COVID-19: 2022 UpdateContinue Reading December 21, 2021Top 10 CMMC Assessment Checklist Resources – Pivot PointContinue Reading December 22, 2021‘Twas the Night after Christmas, and the Hackers were Stirring…Continue Reading December 17, 2021Web Application Attacks are Skyrocketing—Don’t Get Caught in the CrossfireContinue Reading December 14, 2021Go easy on the cookies this holiday season: Stay safe by avoiding unwanted browser cookies!Continue Reading December 13, 2021Severe Log4j 2 Vulnerability Puts Huge Swath of Enterprise and SaaS Apps at Grave RiskContinue Reading December 10, 2021Skills SMBs Should Look for in a Privacy LeadContinue Reading December 9, 2021Why the Latest Raspberry Pi CVE is (Almost) Completely BogusContinue Reading December 7, 2021We Need to Comply with GDPR. Should We Get ISO 27701 Certified?Continue Reading December 8, 2021‘Tis the Season to Be Hacked—Don’t Let It Happen to Your BusinessContinue Reading December 6, 2021We Need ISO 27001 and GDPR/CCPA Compliance. Should We Do ISO 27701 Concurrently?Continue Reading December 3, 20214 Essential Steps to Privacy ComplianceContinue Reading December 2, 2021Privacy Laws Can Be a Matter of Life and DeathContinue Reading December 1, 2021Why Cybersecurity and Privacy Should Be Viewed as Two Entirely Separate DisciplinesContinue Reading November 30, 2021Cyber Standards to Protect CUI are Coming for All US Government SuppliersContinue Reading November 26, 2021CMMC 2.0 and NIST 800-171—Pressure from Primes Could Accelerate Compliance TimeframesContinue Reading November 19, 202195% of Board Members Say Information Security Strategy is Now CriticalContinue Reading November 18, 2021Trusted Information and Its Role in Validating Your Information Security ProgramContinue Reading November 22, 2021Getting to a Trusted Information Security EcosystemContinue Reading November 17, 2021GCC High and Gap Assessments!Continue Reading November 16, 2021CMMC 2.0 and the False Claims Act—Be Careful What You Sign!Continue Reading November 15, 2021CMMC 2.0: What’s New and What’s Not for Orgs Handling CUI?Continue Reading November 12, 2021CMMC 2.0: What’s New and What’s Not at “Level 1” (FCI Only)?Continue Reading November 8, 2021Operationalizing Your Information Security StrategyContinue Reading November 10, 2021What is the NIST SP 800-218 (Draft) “Secure Software Development Framework” and Why Should We (as an Org Selling Software to the USG) Care?Continue Reading November 5, 2021CMMC Piloting Efforts Suspended… Frustrating But Not Surprising (and Optimistic for “CMMC 2.0”)Continue Reading November 2, 2021Got an Information Security Strategy? Here’s How to Get Started.Continue Reading November 1, 2021Why a Trusted Framework Should Be Part of Your Information Security StrategyContinue Reading October 29, 2021What is an Information Security Strategy and Why Do We Need One?Continue Reading October 27, 20215 Pillars of “Continuous Controls Monitoring” in DevOps EnvironmentsContinue Reading October 26, 2021Will External Auditors Accelerate the Move to New Compliance Models?Continue Reading October 28, 20218 Trillion Reasons Why CMMC Matters to You (Even if You’re Not in the Defense Supply Chain)Continue Reading October 21, 2021What Does the Future of Compliance in a CI/CD Pipeline Look Like?Continue Reading October 20, 2021We Need a New Compliance Model for the DevOps EraContinue Reading October 19, 2021What the New ISO 27001:2022 Release Will Mean to YouContinue Reading October 13, 2021Don’t “Over-Commit and Under-Deliver” on Your ISO 27001 ControlsContinue Reading October 12, 2021ISO 27001 Top Tip: Focus on Process, Not ControlsContinue Reading October 11, 2021Think Beyond ISO 27001 Certification While You’re Prepping for ItContinue Reading October 6, 2021Don’t Rush Your ISO 27001 CertificationContinue Reading October 7, 2021Why the DOD’s Review of CMMC Will Mean More to C3PAOs Than It Will to DIB ContractorsContinue Reading October 5, 2021ISO 27001 Doesn’t Require as Much Documentation as You ThinkContinue Reading October 4, 2021Senior Management Can’t Just “Rubber Stamp” ISO 27001 CertificationContinue Reading October 1, 2021Don’t Assume Your IT Staff Will “Handle” ISO 27001 CertificationContinue Reading September 30, 2021ISO 27001 Doesn’t Tell You How to Implement Controls – Your Scope and Risk DoContinue Reading September 28, 2021You Don’t Define Your ISO 27001 Scope – Your Information DoesContinue Reading September 29, 2021Do You Need a Score in SPRS to Be DFARS 7012 Compliant?Continue Reading September 27, 2021ISO 27001 Certification Shouldn’t Start with a Gap AssessmentContinue Reading September 24, 2021This is Why Your Information Security Advisor Should Be Focused on Strategy, Not Tactics/ProductsContinue Reading September 23, 2021Here’s How to Fix Your Cybersecurity ProgramContinue Reading September 22, 2021Why Products are the Least Important Element of Your Cybersecurity ProgramContinue Reading September 21, 2021Pivot Point Security in a NutshellContinue Reading September 20, 2021Step 2 to “Provably Secure and Compliant” – Execute on Your VisionContinue Reading September 16, 20213 Things Every SMB Needs to Become “Provably Secure and Compliant”Continue Reading September 17, 2021Step 1 to “Provably Secure and Compliant” – Establish Your VisionContinue Reading September 15, 2021Sharing is not always caring: Back to Work, Back to School? Protect Your Devices with These Golden Rules!Continue Reading September 14, 2021The Cyber Executive Order: What Does the “SolarWinds Section” Mean for Software Vendors and Their Federal Customers?Continue Reading September 13, 2021The Cyber Executive Order: 5 Coming Changes for Federal AgenciesContinue Reading September 10, 2021The Cyber Executive Order: What Does It Say about Zero Trust?Continue Reading September 9, 2021The Cyber Executive Order: Will It Bring New Regulations for Critical Infrastructure?Continue Reading September 8, 2021The Cyber Executive Order: What is the “Tone from the Top”?Continue Reading September 7, 2021Password Screening Services: How Much Risk Can They Eliminate?Continue Reading September 3, 2021Best-Practice Password Policy and the Research Behind ItContinue Reading September 2, 2021Password Attack! Here’s Why You Want to Prevent Account TakeoversContinue Reading September 1, 2021You Don’t Need to be CMMC Compliant, You Need to Be DFARS Compliant (A Kardashian Parable)Continue Reading August 31, 2021What is BreachSense and Why Do We (as an Org with Password Risk) Care?Continue Reading August 27, 2021Is Information Security an Oxymoron without Information Governance?Continue Reading August 30, 2021When Will Information Governance “Come of Age”?Continue Reading August 26, 2021Information Governance is a Business EnablerContinue Reading August 24, 2021Here’s Why Companies Struggle to Delete DataContinue Reading August 23, 2021How Privacy is Driving the Need for Information GovernanceContinue Reading August 20, 2021Information Governance and Information Security: How Do They Connect?Continue Reading August 19, 2021What is Information Governance and Why Do We (as an Org with PII) Care?Continue Reading August 18, 2021We Passed Our CMMC/NIST 800-171 Assessment! Now What?Continue Reading August 17, 2021What Happens If You Fail Your CMMC/DIBCAC Assessment?Continue Reading August 16, 2021Your CMMC/DIBCAC Assessment – What If You Disagree with an Assessor?Continue Reading August 25, 2021Using Python and Machine Learning to Predict Cyber Attacks: A Summer Intern’s StoryContinue Reading August 13, 2021CMMC/DIBCAC Assessment: Let’s Walk Through the Audit ProcessContinue Reading August 12, 2021CMMC/DIBCAC Assessment: Here’s What to Expect at Your Kickoff MeetingContinue Reading August 11, 2021What Evidence Will CMMC or NIST 800-171 Assessors Ask For?Continue Reading August 10, 20215 Top Prep Steps for Your CMMC or NIST 800-171 AssessmentContinue Reading August 9, 2021IoT Devices: The Lord Giveth and He Taketh AwayContinue Reading August 6, 2021How Does Zero Trust Impact Operations and Business Users?Continue Reading August 5, 2021Here’s How Zero Trust Relates to CMMC, ISO 27001, SOC 2 and Other Cyber FrameworksContinue Reading August 4, 20215 Steps to Zero TrustContinue Reading August 3, 2021Zero Trust Prevents Data Breaches, Not IntrusionsContinue Reading August 2, 2021Why is Zero Trust Suddenly So Hot?Continue Reading July 28, 2021What is Zero Trust and Why Do We (as an Org with Sensitive Data) Care?Continue Reading July 27, 2021SIM Versus DLP – Which Should We Get First?Continue Reading July 26, 2021The Real Reason Why Executives Ignore Security PrioritiesContinue Reading July 23, 2021The True Role of a CISOContinue Reading July 22, 2021Why Detection – Not Prevention – Should be the Goal of Your Cybersecurity ProgramContinue Reading July 21, 2021The 3 (Make that 4) Non-Negotiable Cybersecurity Rules for SMBsContinue Reading July 20, 2021The Right Way to View Cyber Risk AssessmentContinue Reading July 19, 2021Here’s the #1 Cybersecurity MythContinue Reading July 17, 2021Are You Unknowingly at Risk Online?Continue Reading July 16, 2021Got an Internet Connection? Then Your Business is a Cybercrime TargetContinue Reading July 15, 2021Ballpark Costs for a CMMC Level 3 AssessmentContinue Reading July 14, 2021When Will the First CMMC Audits Start Happening?Continue Reading July 13, 2021Government Furnished Equipment: What’s the Impact on Your CMMC Audit?Continue Reading July 12, 2021CUI and FCI: Should You Keep Them Separate for CMMC Level 3 Compliance?Continue Reading July 10, 2021What Objective Evidence Will You Need for Your CMMC Assessment?Continue Reading July 9, 2021Here’s What Your CMMC Level 3 Readiness Assessment Will Look LikeContinue Reading July 8, 2021What is the Expected Level of Effort for a CMMC Level 3 Assessment?Continue Reading July 7, 2021What StateRAMP Continuous Monitoring Looks LikeContinue Reading July 6, 2021Why SLEDS are More Risk Averse than US Federal AgenciesContinue Reading July 2, 2021“StateRAMP Verified” and “StateRAMP Ready”: 2 Paths to SLED Security Verification for CSPsContinue Reading July 1, 2021StateRAMP Security Categories: Low, Moderate, High and “Just Right”Continue Reading June 30, 2021Being Asked for a “FedRAMP ATO” by a State or Local Government? StateRAMP is the SolutionContinue Reading June 29, 2021What is StateRAMP and Why Do We (as a SLED Org or CSP) Care?Continue Reading June 28, 2021Yes! – There is a StateRAMP Fast-Track for FedRAMP Authorized ServicesContinue Reading June 24, 2021Not Everyone is Who They “Post” to Be: Stay Secure While Staying Connected on Social MediaContinue Reading June 25, 2021How Vigilant’s Managed Security Solutions Can Help with CMMC ComplianceContinue Reading June 24, 2021Managed Detection and Response (MDR): Which Firms are Using It?Continue Reading June 23, 2021Why It Now Takes 315 Days to Contain a Malicious Cyber AttackContinue Reading June 22, 2021What is Managed Detection and Response (Really)?Continue Reading June 21, 2021The Pros and Cons of Automated Threat Detection and ResponseContinue Reading June 19, 2021What is Endpoint Detection & Response (EDR) and How Does It Differ from Traditional Antivirus?Continue Reading June 17, 2021ISO 27701 Privacy Extension “Lessons Learned”: Data MappingContinue Reading June 16, 2021Does My Company Need a (Virtual) Data Protection Officer?Continue Reading June 15, 2021Does ISO 27701 Certification Mean You Comply with GDPR and CCPA?Continue Reading June 14, 2021ISO 27701 Privacy Extension “Lessons Learned”: ScopeContinue Reading June 11, 2021Processor Versus Controller: What Do These Privacy Terms Mean? And Does One or Both Apply to Your Business?Continue Reading June 10, 2021What is the ISO 27701 Privacy Extension to ISO 27001 and Why Do I (as a Regulated SMB) Care?Continue Reading June 9, 2021Real-World Time and Effort to Implement PreVeil Encrypted Email and File SharingContinue Reading June 8, 20214 Top Tools for Maximum CMMC Compliance Benefit with Minimum EffortContinue Reading June 7, 2021CMMC Compliant Access Control: How PreVeil Can Help You Get ThereContinue Reading June 4, 2021What is a Zero Trust Security Model and Why Should We (as a Business with Sensitive Data) Care?Continue Reading June 3, 2021Why a Technical Geek Might Not Be the Best Choice to Run Your CMMC ProgramContinue Reading June 2, 2021DIB Orgs – Here’s How Your ISO 9001 Improvement Clause Helps with CMMCContinue Reading June 1, 2021DIB Orgs – Here’s How Your ISO 9001 Performance Evaluation Clause Helps with CMMCContinue Reading May 31, 2021DIB Orgs – Here’s How Your ISO 9001 Operation Clause Helps with CMMCContinue Reading May 28, 2021DIB Orgs – Here’s How Your ISO 9001 Support Clause Helps with CMMCContinue Reading May 27, 2021DIB Orgs – Here’s How Your ISO 9001 Planning Clause Helps with CMMCContinue Reading May 26, 2021DIB Orgs – Here’s How Your ISO 9001 Leadership Clause Helps with CMMCContinue Reading May 25, 2021DIB Orgs – Here’s How Your ISO 9001 Context Clause Helps with CMMCContinue Reading May 24, 2021DIB Orgs – Get Ready to Leverage Your ISO 9001 Investment for CMMC!Continue Reading May 21, 2021CXOs: Here are the Top 3 Questions to Ask IT Leaders about Technology SpendContinue Reading May 20, 2021IT Leaders: Here’s How to Talk to Your CxO About RiskContinue Reading May 18, 2021Why You Should Tell Your ISO 27001 or SOC 2 Auditor That You Want as Many Nonconformities as PossibleContinue Reading May 17, 2021Do We Need a Virtual CISO?Continue Reading May 14, 2021Need to Sway Your CFO on a Big Project? Leave Jargon at the Door.Continue Reading May 13, 2021IT Leaders: Here’s How Your CFO ThinksContinue Reading May 12, 2021IT Leaders: Here’s the #1 Way to Influence Your CFOContinue Reading May 11, 2021MSPs – Here’s How to Choose Good Customers and Avoid the “Wildcards”Continue Reading May 10, 2021What is MSP Verify and Why Do I (as an MSP or Outsourcer) Care?Continue Reading May 7, 202113 Million Reasons to Scope Before Gap Assessment – PivotContinue Reading May 6, 2021MSPs and MSSPs: What’s the Difference?Continue Reading May 5, 2021How Will Cloud Computing Impact MSPs?Continue Reading May 4, 2021CMMC and MSPs – Opportunity or Threat?Continue Reading May 3, 2021What’s the Next Evolutionary Step for MSPs?Continue Reading April 30, 2021Is Geography Still a Factor in Choosing an MSP?Continue Reading April 29, 2021Need to Evaluate an MSP? Here’s What to Look For.Continue Reading April 26, 2021Virginia Consumer Data Protection Act vs. California Privacy Rights Act – How They Differ and What to Watch Out ForContinue Reading April 23, 2021Virginia Consumer Data Protection Act: Here’s the Cliff NotesContinue Reading April 22, 2021Can There Ever Be “Just One” Cybersecurity Standard?Continue Reading April 21, 2021The 2 Types of Organizations that Fail Information Security: Which One Are You?Continue Reading April 20, 2021The Not-So-Great State of Third-Party Risk ManagementContinue Reading April 19, 2021The SolarWinds Breach and CMMC – What’s the Impact?Continue Reading April 17, 2021Battle of the Cyber Standards – Which Will Thrive, Survive or Take a Dive?Continue Reading April 16, 2021What Do We REALLY Need to Do to Get CMMC Level 1 Certified?Continue Reading April 15, 20213 Ways to Know If You Should Worry about CMMC Level 1Continue Reading April 14, 2021What’s the Difference between Controlled Unclassified Information (CUI) and Federal Contract Information (FCI)?Continue Reading April 13, 2021What is CMMC? A Quick Primer for SMBs in the DIBContinue Reading April 10, 2021Government Staffing Agencies – Here’s How to “Right-Size” CMMC Level 3Continue Reading April 9, 2021Government Staffing Agencies – Do You Need to Comply with CMMC Level 1?Continue Reading April 7, 2021Shared Responsibility for Cybersecurity in Government Staffing ScenariosContinue Reading April 6, 2021Government Staffing Agencies – Do You Need (or Want!) CMMC Level 3 Security?Continue Reading April 5, 2021Government Staffing Agencies – Is Your FCI Really CUI?Continue Reading April 2, 2021Government Staffing Agencies: Do You Have CUI in Your Environment?Continue Reading April 1, 2021Aerospace Firms – Do You Need ISO 27001 or SOC 2 Certification?Continue Reading March 31, 2021Securing Your Aerospace Business – Here’s How to Address “Flowdown” RequirementsContinue Reading March 30, 2021Aerospace & Defense Firms – Got a Low SPRS Score? Don’t Fret…You’re Not Alone.Continue Reading March 29, 2021Biggest Security and Compliance Challenges for Aerospace CompaniesContinue Reading March 27, 2021What is an IoT Ecosystem and How Do You Test One?Continue Reading March 26, 2021OWASP ISVS vs. CSA IoT Security Controls Framework – Which to Use WhenContinue Reading March 25, 2021OWASP ISVS Levels ExplainedContinue Reading March 24, 2021The New OWASP IoT Security Verification Standard (ISVS) – What Does It Include?Continue Reading March 23, 2021The FSA’s New Campus Cybersecurity Program – Here’s What It Means for Higher EdContinue Reading March 19, 2021The New OWASP ISVS – What, Why and Who?Continue Reading March 17, 2021What is OWASP and Why Should You (as Someone Securing IoT) Care?Continue Reading March 16, 2021What is FedRAMP Tailored and Who Does It Apply To?Continue Reading March 12, 2021FedRAMP and CMMC – Here’s How They RelateContinue Reading March 10, 2021FedRAMP – What’s the Cost to Achieve and Maintain Your ATO?Continue Reading March 8, 2021FedRAMP – What’s the Timeline from “Go to ATO”?Continue Reading March 4, 2021FedRAMP Authorization – Key Players and How They RelateContinue Reading March 3, 2021FedRAMP: The 2 Routes to Get There – Agency Sponsored vs. JAB GSAContinue Reading March 2, 2021FedRAMP Levels Explained: Low, Moderate and HighContinue Reading February 26, 2021FedRAMP – What is It and Who Needs to Know?Continue Reading February 19, 2021CMMC System and Information Integrity Domain: Quick SketchContinue Reading February 18, 2021CMMC System and Communications Protection Domain: Rapid RundownContinue Reading February 17, 2021CMMC Situational Awareness Domain: SummaryContinue Reading February 16, 2021CMMC Security Assessment Domain: SynopsisContinue Reading February 15, 2021CMMC Risk Management Domain: Executive FlyoverContinue Reading February 12, 2021CMMC Recovery Domain: Here’s the 101 CourseContinue Reading February 11, 2021CMMC Physical Protection Domain: Here’s the Nitty-GrittyContinue Reading February 10, 2021CMMC Personnel Security Domain: Get the GestaltContinue Reading February 9, 2021CMMC Media Protection Domain: Cliff NotesContinue Reading February 8, 2021CMMC Maintenance Domain: Top TakeawaysContinue Reading January 29, 2021Where the GRC Marketplace is Headed… And Why It Could Be a “Happy Place” for Your BusinessContinue Reading February 2, 2021What to Look for in a Modern GRC ToolContinue Reading February 3, 2021Why Don’t NIST 800-171 or CMMC Cover Supply Chain Risk Management?Continue Reading January 21, 2021DIB Orgs—ITAR Can Impact Your Whole Compliance PictureContinue Reading February 4, 2021DIB Orgs: What You Don’t Know about the CUI Requirements in Your Contract Can Hurt YouContinue Reading February 5, 2021What Every DIB Org Needs to Do NOW If You Have a DFARS 7012 Clause in ANY of Your DoD ContractsContinue Reading December 29, 2020CMMC Configuration Management Domain: OverviewContinue Reading December 23, 2020What is the Defense Federal Acquisition Regulation Supplement (DFARS) 7012 Clause?Continue Reading December 22, 2020What is the DFARS 7021 Clause?Continue Reading December 21, 2020What is the DFARS 7020 Clause?Continue Reading December 18, 2020What is the DFARS 7019 Clause?Continue Reading December 28, 2020CMMC Awareness and Training Domain: ABC’s and FAQ’sContinue Reading December 17, 2020Why “Tone at the Top” is So Critical for SaaS SecurityContinue Reading December 16, 2020What Cybersecurity Attestations Should You Look for in a SaaS Provider?Continue Reading December 15, 2020Security “Gotchas” in SaaS Production ApplicationsContinue Reading December 10, 2020Where SaaS Firms Stumble on CybersecurityContinue Reading December 11, 2020The Cloud Security Alliance (CSA) Plans to Certify IoT TestersContinue Reading December 1, 2020SB 327—What It Means for IoT Device Manufacturers and DevelopersContinue Reading November 25, 2020CMMC Audit and Accountability Domain: FAQsContinue Reading November 25, 2020CMMC Asset Management Domain: Here are the EssentialsContinue Reading November 9, 2020CMMC Access Control Domain: Here are the BasicsContinue Reading November 10, 2020How NIST Cybersecurity Guidance Can Help Organizations Address “Silos of Risk”Continue Reading November 16, 2020US Federal Agencies: Here’s How to Put NIST SP 800-53 and the NIST Cybersecurity Framework (NCSF) TogetherContinue Reading November 11, 2020What is the NIST Cybersecurity Framework (NCSF) and How Can It Help My Company?Continue Reading November 23, 2020“Harmonizing” ISO 27001 and NIST Cybersecurity GuidanceContinue Reading November 24, 2020Here’s How to Tailor NIST Cybersecurity Guidance to Your Unique NeedsContinue Reading November 19, 2020How SMBs Across Industries Can Best Leverage NIST Cybersecurity GuidanceContinue Reading November 20, 2020Here’s How the DCMA Fits with the CMMC-ABContinue Reading November 13, 2020Supplier Risk Management for DoD Subcontractors—What is Required?Continue Reading November 18, 2020What Can My Company Expect from a DCMA Cybersecurity Audit?Continue Reading November 17, 2020CSA’s New IoT Security Controls Framework—How it Came About and Why it’s so EffectiveContinue Reading November 12, 2020Think You Know What an Internet of Things (IoT) Device Is These Days?Continue Reading December 9, 2020Who is the Cloud Security Alliance (CSA) and How They Can It Help Your Company’s Security and Security People?Continue Reading October 27, 2020DFARS: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041)Continue Reading October 19, 20205 Ways to Hit the Reset Button on Your Cybersecurity ProgramContinue Reading October 20, 20203 Reasons You (Probably) Need to Rethink Your CybersecurityContinue Reading October 26, 2020Surviving the Cybersecurity Squeeze: Shrinking Talent Pool, Growing WorkloadContinue Reading October 28, 2020A Risk-Based Approach to “Doing Less” with CybersecurityContinue Reading October 21, 2020Beat the Toughest CMMC Level 3 Requirements: Logging and AlertingContinue Reading October 21, 2020Beat the Toughest CMMC Level 3 Requirements: Email Spam Protection and SandboxingContinue Reading October 21, 2020Beat the Toughest CMMC Level 3 Requirements: End-to-End EncryptionContinue Reading October 21, 2020Beat the Toughest CMMC Level 3 Requirements: Multifactor AuthenticationContinue Reading October 21, 2020Beat the Toughest CMMC Level 3 Requirements: Mobile Device ManagementContinue Reading October 14, 2020End-To-End Encryption – This is What “Real Security” Looks LikeContinue Reading October 13, 20204 Top Considerations for Choosing an ISO 27001 Registrar/AuditorContinue Reading October 16, 2020ISO 27001 Certification Audits: What are Stage 1 and Stage 2 All About?Continue Reading October 15, 2020Top Management’s Role in ISO 27001 ISMSContinue Reading October 7, 2020“Shared Responsibility” is Key to Managing Third-Party RiskContinue Reading October 5, 2020Consolidation Strategies to Help You Do More with LessContinue Reading October 12, 2020Legacy Web Application Code: Secure It or Flush It?Continue Reading October 6, 20204 First Steps to Jumpstart Secure Web App DevelopmentContinue Reading October 29, 20203 Steps to Success with OWASP Guidance for WebAppSecContinue Reading October 8, 2020How CREST Professional Certifications Compare to Other Industry QualificationsContinue Reading December 8, 2020How Automated Testing and Code Review Fit into the OWASP ASVSContinue Reading November 2, 2020Does Your SMB Need a Business Continuity Plan?Continue Reading October 15, 2020Wherever You Do Business, CMMC is ComingContinue Reading December 7, 2020A Day in the Life of an SMB That Needs a Data Forensics Service ProviderContinue Reading December 4, 2020Why You Need a Data Forensics Expert on Speed-DialContinue Reading November 4, 2020Keeping Data Forensics Costs in CheckContinue Reading October 13, 20203 Easy Ways to Shrink Your Attack Surface—From a Data Forensics ExpertContinue Reading December 24, 2020Data Forensics: What is It (Really) and When Do I Need It?Continue Reading November 5, 2020There are 2 Kinds of CISOs—Which Kind Does Your Business Need?Continue Reading December 2, 2020Testing Against the OWASP ASVS—It’s Easier Than You ThinkContinue Reading October 9, 2020Visualize the Internet of Things (IoT)Continue Reading November 6, 2020Small DoD Suppliers: Time to Wake Up and Smell the CMMC Level 1 Compliance ChallengesContinue Reading October 2, 2020The Economics for CMMC Compliant Email and File SharingContinue Reading October 1, 2020OWASP Top 10 Versus the OWASP ASVS—When to Use Which?Continue Reading September 30, 2020ISO 27001 Certification Audits: The Answers to Who, How Long and How much?Continue Reading September 29, 2020Better, Faster AND Less Expensive Vendor Risk Assessments: Here’s How It WorksContinue Reading September 28, 2020Great Vendor Tools Does Not = SecurityContinue Reading September 25, 2020How Much Do Vendor Due Diligence Reviews Cost?Continue Reading September 24, 2020How Much Does a Standardized Control Assessment (SCA) Cost?Continue Reading September 23, 2020What Will a SOC 2 Type 2 Report Cost Your Company?Continue Reading September 22, 2020IoT Security Assessment CostsContinue Reading September 21, 2020Looking to Capitalize or Sell Your SaaS Business? Get Out in Front of Data Privacy Issues NowContinue Reading September 18, 2020The Role of “Top Management” in Your ISO 27001 ISMSContinue Reading September 17, 2020Exostar Certification Assistant Simplifies CMMC CertificationContinue Reading September 16, 2020How Deep Will an Auditor Dive into Your ISO 27001 ISMS?Continue Reading September 15, 2020Upping the Due Diligence with Your ISO 27001 Certified VendorsContinue Reading September 14, 2020The “Huge Value” of Consolidating Your Cybersecurity AuditsContinue Reading September 11, 20203 Ways a SaaS Solution Will Help You Achieve and Maintain CMMC ComplianceContinue Reading September 10, 2020“Transitioning to a Post-Password Future” with OWASP ASVS V4Continue Reading September 9, 2020SaaS Firms: Invest in Data Security and Privacy Now to Raise Capital or Sell the Business LaterContinue Reading September 8, 2020SaaS Security – How Your Security Impacts Your Investment DealsContinue Reading September 4, 2020The CMMC Framework – Lets Get FamiliarContinue Reading September 3, 2020CMMC Levels – Here’s What You Need to KnowContinue Reading September 2, 2020CMMC Registered Practitioners – How Can They Help You Prepare for CMMC Certification?Continue Reading September 1, 2020CMMC Registered Provider Organization – What is an RPO and Why You Should Care?Continue Reading August 31, 20204 Quick Tips to Manage IoT Security RisksContinue Reading August 25, 2020What is Threat Modeling and How Does It Differ from Risk Assessment?Continue Reading August 21, 2020Vendor Consolidation—The Silver Bullet to Gun Down IT/InfoSec Costs?Continue Reading August 20, 2020Better, Faster AND Cheaper Vendor Risk Assessment? Yes!!Continue Reading August 7, 2020How a CREST Certification Can Advance Your Technical Cybersecurity CareerContinue Reading August 24, 2020Is the CISO Evolving to Embrace More Risk?Continue Reading August 18, 2020What is CUI and Why is It Such a Big Deal?Continue Reading August 17, 2020Alternatives to Microsoft GCC High Cloud for CMMC Compliant Email and File SharingContinue Reading August 12, 20205 Critical Steps to Add CMMC Certification to Your ISO 27001 AttestationContinue Reading August 11, 2020CMMC and NIST 800-171 Email Encryption Compliance Challenges are Here – Are You Ready?Continue Reading August 10, 2020Will ISO 27701 Certification Make Your Business GDPR and CCPA Compliant?Continue Reading August 6, 2020How CREST Makes Cybersecurity Less Like Proctology… Stay with me hereContinue Reading August 5, 20205 Critical Steps to Add CMMC Certification to Your ISO 27001 ISMSContinue Reading August 4, 2020Cutting IT/InfoSec Costs with Fractional ResourcingContinue Reading August 3, 2020CMMC Assessment Pilot Programs: When, What and Who?Continue Reading July 31, 2020What’s the Cost of ISO 27701 Certification?Continue Reading July 29, 2020Data Controller vs. Data Processor: Are We Neither, Either or Both?Continue Reading July 28, 2020Why Data Flow Mapping is Key to Web App Security TestingContinue Reading April 5, 2024CMMC and ISO 27001 Audit Requirements ComparedContinue Reading July 27, 2020Like Drogon Changed King’s Landing… CV-19 is Changing Information SecurityContinue Reading July 24, 2020What Makes a Great CIO or vCIO?Continue Reading July 23, 2020Just Like the Fox and the Hen House: Keeping IT and Information Security Assessment SeparateContinue Reading July 22, 2020What’s a vCIO? Wait… What’s a CIO?Continue Reading July 20, 2020This is Why DoD Suppliers Need to Move Soon to CMMC ReadinessContinue Reading July 17, 2020OWASP ASVS Levels: Which is Right for My Application?Continue Reading July 16, 2020What Being “Audit-Ready” Means Today for DoD SuppliersContinue Reading July 15, 20204 Top Reasons to Consider ISO 27701 for Privacy ComplianceContinue Reading July 14, 2020Visualizing the Internet of Things – 6 Main ComponentsContinue Reading July 13, 2020OWASP Top 10 Versus OWASP ASVS: Recommendations and RoadmapContinue Reading July 10, 2020You Should Probably Rethink How You’re Using the OWASP Top 10Continue Reading July 9, 2020Insider Info: Early CMMC Certification + Provable NIST 800-171 Compliance can be a Competitive Advantage for DoD SuppliersContinue Reading July 8, 2020What is ISO 27701 and How Can It Help Your Business?Continue Reading July 7, 2020Top 4 Ways to Beat Your IoT Security ChallengesContinue Reading July 2, 20203 Reasons Why You Should Probably Focus on NIST SP 800-171, Not CMMCContinue Reading July 2, 2020Application Security is a Team Sport. Is Your Team Winning?Continue Reading June 30, 2020Who is Exostar and Why You (As a DoD Supplier) Should Care?Continue Reading July 6, 2020How High a Hurdle is CMMC Compliance for Today’s DoD Suppliers?Continue Reading July 2, 2020Web App Developers Don’t Need to Be Security Experts to Use the OWASP ASVSContinue Reading July 3, 2020OWASP ASVS: Web Application Testing Comes of AgeContinue Reading July 1, 202070% of Web Apps Have Open Source Security Flaws—Here’s How to Fix YoursContinue Reading June 25, 2020Your ISO 27001 ISMS Internal Audit Sucks (Here’s How to Fix It)Continue Reading June 24, 2020When Less Really is MoreContinue Reading June 17, 2020Leveraging ISO 27001 for CMMC RequirementsContinue Reading June 9, 2020How CREST Supports Your Security PurchasingContinue Reading June 2, 2020You Need to Re-Think The OWASP Top 10 – Here’s WhyContinue Reading June 5, 2020Concerned about the security of your Cloud Services? Demand CREST.Continue Reading June 4, 2020IoT Testing Guidance: Is OWASP ASVS Better than NIST 8259?Continue Reading June 3, 2020Should I Use NIST 8228 or NIST 8259 for IoT Design or IoT Testing?Continue Reading June 2, 2020CA SB-327—Why So Little IoT Guidance Means So MuchContinue Reading May 26, 2020Why (and When) You Need Computer ForensicsContinue Reading May 19, 2020ISO 27701- A Roadmap to ImplementationContinue Reading June 9, 2020“SOC 2 or ISO 27001?” is Not the Right QuestionContinue Reading June 10, 2020SOC 2 & ISO 27001… The ULTIMATE Security AttestationContinue Reading May 25, 2020The Difference between Threat Data and Threat Intelligence—and Why It MattersContinue Reading May 22, 2020Why Your SIEM Tool Needs to Monitor Cloud Environments… or ElseContinue Reading May 21, 2020The #1 Most Important Feature of a Security Information Management Solution for SMBsContinue Reading May 20, 2020SIEM, a SOC, an MSSP… Choosing Correctly is Crucial for every SMBContinue Reading May 19, 2020A “Less is More” Mentality Will Save Your SIEM Deployment & OperationContinue Reading June 8, 2020SOC 2 vs. ISO 27001: The “Philosophical” Differences (That Make All the Difference)Continue Reading May 12, 2020Business Continuity Is Fundamentally About ResilienceContinue Reading May 5, 2020The OWASP ASVS and Why It’s an Application Security Game ChangerContinue Reading May 13, 20204 Tips to “Quarantine” the Latest Ransomware ThreatsContinue Reading May 6, 2020Internal Penetration Testing FAQContinue Reading May 13, 2020The Shared Assessments SIG and SCA—“Trust” and “Verify” Tools for SMBs’ High-Risk VendorsContinue Reading May 12, 2020How Including a Standardized Control Assessment in Your ISO 27001 Internal Audit Can Pay Huge Dividends for SMEsContinue Reading May 11, 2020Leveraging SIEM Technology for Regulatory ComplianceContinue Reading May 8, 2020How SMEs Can Stay Ahead of Emerging Risks and Regulations with the Standardized Control AssessmentContinue Reading May 7, 2020Don’t Be the Slowest SMB in Today’s Cybercrime JungleContinue Reading May 6, 2020The Standardized Control Assessment: 3 Key Use Cases for SMBsContinue Reading May 5, 2020Is a Security Information & Event Management (SIEM) Solution Right for Your Business?Continue Reading May 4, 2020The Standardized Control Assessment: Better, Faster and Cheaper for Both Outsourcers and Service Providers?Continue Reading April 28, 2020Exostar and Their Role in Your CMMC CertificationContinue Reading April 21, 2020Is Any SMB Too Small for a SIEM?Continue Reading April 24, 2020Health Innovations to Watch: Dr. Joel Kahn’s PicksContinue Reading April 23, 2020Dr. Joel Kahn’s Top 3 Strategies to Help InfoSec Pros De-StressContinue Reading April 22, 2020“Test Don’t Guess” – 5 Proactive Steps to Reduce Heart Health Risk for InfoSec, IT and Business LeadersContinue Reading April 21, 2020Mindset is Step One to Health for Stressed-Out InfoSec ProfessionalsContinue Reading April 20, 2020Is Job Stress the Biggest Challenge in Information Security?Continue Reading April 15, 2020SOC 2 vs. ISO 27001 – Dollars and SenseContinue Reading April 13, 2020SMBs, Meet the SCAContinue Reading April 9, 2020Using Zoom for your Seder Gathering? Follow NJCCIC GuidanceContinue Reading April 13, 2020COVID-19 InfoSec Impacts: Third-Party Risk ManagementContinue Reading April 10, 2020The Cyber Skills Gap is a National Security ThreatContinue Reading April 9, 2020Top 10 Tips to Retain Security Talent (and Only #1 Matters)Continue Reading April 8, 2020COVID-19 InfoSec Impacts: Social Engineering and PhishingContinue Reading April 7, 2020Stress is Killing You, But it Doesn’t Have ToContinue Reading April 6, 2020COVID-19 InfoSec Impacts: Remote Workforce IssuesContinue Reading April 2, 2020SOC 3 Report: A SOC 2 “Summary” You Can Share OpenlyContinue Reading April 1, 2020How Big is the Information Security Talent Gap (Really) and What Can We Do About It?Continue Reading March 31, 2020Get to Know The Virtual CIOContinue Reading March 30, 2020Tips for Personal Device Use for the Forced Remote Workforce under COVID-19 PandemicContinue Reading March 27, 2020Don’t Let Fear Be the Reason You Don’t Hire a vCISOContinue Reading March 25, 2020A vCISO’s Role in a Growing SaaS BusinessContinue Reading March 24, 2020Staying Secure in a COVID-19 WorldContinue Reading July 29, 2021Keep Your Remote Workforce Safe & Secure – Free Security Awareness Education Videos about Phishing & PasswordsContinue Reading March 23, 2020Is the vCISO Role Really “Business First and Technology Second”?Continue Reading March 24, 2020True Confessions of a Real Life Virtual CISOContinue Reading March 19, 2020CMMC Audits—When and How?Continue Reading March 18, 2020The DoD’s New CMMC: Think of It as Your Cyber Driver’s LicenseContinue Reading March 3, 2020Cybersecurity Talent Shortage Insights & AnswersContinue Reading February 25, 2020Security as an “Allowable Cost” in DoD Contracts—Is It Really that Simple?Continue Reading February 11, 2020How Much Will CMMC Certification Cost My Business?Continue Reading February 10, 2020Does Your Organization Need to Get CMMC Certified with the Limited Rollout? – Let’s Read the Tea LeavesContinue Reading February 7, 2020What CMMC Level Should Your Organization Pursue?Continue Reading February 13, 2020GDPR, CCPA and the NIST Privacy Framework, OH MY!Continue Reading February 5, 2020Why OFIs in Your Internal ISO 27001 Audit Report are a “Good Thing”Continue Reading January 26, 2012How much does ISO 27001 Certification Cost?Continue Reading January 23, 2020How Does the CCPA Affect You and Your Vendors? – Quick SummaryContinue Reading January 21, 2020Using the Shared Assessments SCA for Added Benefits—Even If You’re Already ISO 27001 CertifiedContinue Reading January 10, 2020Even The Greatest Jeopardy Contestants of All Time Struggle with CybersecurityContinue Reading December 18, 2019ISO 27701 and ISO 27001—Better TogetherContinue Reading December 18, 2019Why Business Impact Analysis and Recovery Planning Should Be Facility-SpecificContinue Reading December 17, 2019General Counsels are Taking the Lead in Privacy ComplianceContinue Reading December 17, 2019OpenTable possibly Opening Issues for Restaurant SecurityContinue Reading December 16, 2019Think of Your vCISO as Your Security BlanketContinue Reading December 16, 2019Real Life “Sneakers” Report: I’m Looking at the Back of an ATM MachineContinue Reading December 13, 20193 Top Reasons Why You Can’t Wait Any Longer to Start Managing Vendor RiskContinue Reading December 13, 2019You Don’t Really Need the Avengers to Protect Your Data (Sometimes It Just Feels that Way…)Continue Reading November 26, 2019How to Know When You’re Ready for a Fractional CISOContinue Reading November 22, 2019Humility (Not Ignorance) is BlissContinue Reading November 18, 2019Higher Education Faces a New Information Security Compliance CheckContinue Reading November 15, 2019You Probably Don’t Know Who Your Vendors AreContinue Reading November 14, 2019Ransomware: The Game ChangerContinue Reading November 13, 2019When It Comes to Patching Vulnerabilities, “Missing Some Spots” Isn’t Good EnoughContinue Reading November 7, 2019Certified or Not—If You Got Breached, You Didn’t Do EnoughContinue Reading November 6, 2019The Bright Side of InfoSec – I Love Being an Information Security ConsultantContinue Reading November 5, 2019Information Security Policy Documentation: Simple is BetterContinue Reading November 4, 2019A Strong Information Security Posture is a Business EnablerContinue Reading October 31, 2019Role of the CISO in 2020: It’s Like Playing the Classic Board Game “Risk” (All Day Every Day)Continue Reading October 30, 2019Your ISO 27001 Scope – It’s All About that Data, bout that Data, no TrebleContinue Reading October 25, 2019Don’t Mistake a SOC 2 Attestation for Proof of SecurityContinue Reading October 24, 20193 Reasons Why It’s Getting Harder to Respond to Security QuestionnairesContinue Reading October 22, 2019“Keeping Up with the Joneses” Should Not Be Your Network Security StrategyContinue Reading October 21, 2019Two-Factor Authentication and the New OWASP ASVS 4.0Continue Reading October 17, 2019The Zero-Day Monster: One More Reason I’m Really Excited for HalloweenContinue Reading October 16, 2019Who Are Your Critical Operational Superheroes?Continue Reading October 9, 2019SOC 2 vs ISO 27001: The 2 Biggest Reasons to Choose One Over the Other (with Help From Bono)Continue Reading October 4, 2019Does Your SaaS Platform Need AlienVault to be ISO 27001 Certified?Continue Reading October 2, 2019CCPA is Only the Tip of the (First) IcebergContinue Reading September 27, 2019Come at Me Bro (Auditor)!… Why You Should Have an ISMS ManualContinue Reading September 25, 2019ISO 27701: It’s Like a Smoked Salmon Ice Cream that’s Actually Delicious!Continue Reading September 24, 2019Don’t Lose a Deal Because of a Security QuestionnaireContinue Reading September 19, 2019What the New OWASP ASVS 4.0 Levels Really MeanContinue Reading September 18, 2019Leveraging Metrics to Address the “Business” of Information SecurityContinue Reading September 16, 2019How to Re-Energize Your ISO 27001 EffortsContinue Reading September 11, 2019Goldilocks and the Three SIEMsContinue Reading September 10, 2019A Troubling Observation from the American Association of Justice Annual Convention, Part 2Continue Reading September 6, 2019OWASP ASVS Version 4.0 Controls Checklist Spreadsheet + 5 BenefitsContinue Reading August 29, 2019Data Privacy Terms – The Language of PrivacyContinue Reading August 28, 2019SOC 2 and ISO 27001 Dual Implementation: Does It Make Sense for Your Business?Continue Reading August 27, 2019The Future of Cyber Risk Management Revolves around C-Level CommunicationContinue Reading August 19, 2019With Security Attestations, Size Matters (Not Yours… Your Clients’)Continue Reading August 14, 2019Analysis of the Capital One BreachContinue Reading August 15, 20195 Reasons to Kickstart Your Vendor Risk Management Program with a Vendor Risk Assessment TemplateContinue Reading August 21, 201980/20 Cyber Security, Part 4—The 3 “Damage Control” ControlsContinue Reading August 20, 201980/20 Cyber Security, Part 3—The 3 Essential Technical ControlsContinue Reading August 13, 2019A Troubling Observation from the American Association of Justice Annual Convention, Part 1Continue Reading August 12, 201980/20 Cyber Security, Part 2—The 3 Most Critical ControlsContinue Reading August 9, 201980/20 Cyber Security—How to Reduce 80% of Your Cyber Risk with 20% of the EffortContinue Reading August 8, 2019Virtual CISO (vCISO) Pricing and Cost DriversContinue Reading August 7, 2019ISO 27001 Certification Proven Process Explained! Step 8: Maintenance, Continuous Improvement and RecertificationContinue Reading August 6, 2019ISO 27001 Certification Proven Process Explained! Step 7: Certify Your ISMSContinue Reading August 5, 2019ISO 27001 Certification Proven Process Explained! Step 6: Conduct an Internal AuditContinue Reading August 2, 2019ISO 27001 Certification Proven Process Explained! Step 5: Execute the Risk Treatment PlanContinue Reading August 1, 2019ISO 27001 Certification Proven Process Explained! Step 4: Build a Risk Treatment PlanContinue Reading July 31, 2019ISO 27001 Certification Proven Process Explained! Step 3: Identify and Analyze Information Related RiskContinue Reading July 30, 2019ISO 27001 Certification Proven Process Explained! Step 2: Understand Your InfoSec ControlsContinue Reading July 29, 2019ISO 27001 Certification Proven Process Explained! Step 1: Understand Your ScopeContinue Reading July 24, 2019“Letting Go of the Bicycle” on an ISO 27001 ProjectContinue Reading July 23, 20194 Reasons to Establish and Exercise Your Right to Audit VendorsContinue Reading July 22, 2019Why “Check-the-Box” Policies are a VERY Bad IdeaContinue Reading July 15, 20193 “First To-Dos” after You Complete Your Privacy Data Mapping ExerciseContinue Reading July 11, 20195 Tips to Create an Effective Information Security Management Committee (ISMC)Continue Reading July 10, 2019Hey SaaS Companies! Have an Amazing Product/Service But No Security Program Yet? No Worries!Continue Reading July 2, 2019Risk Management – If a Thing is Worth Doing, Its Worth Doing RightContinue Reading July 3, 2019Yes, You Still Need Penetration Testing in the CloudContinue Reading July 1, 2019“From the Server Room to the Board Room”: The 4 Top Concerns of Security-Aware C-SuitesContinue Reading June 28, 2019Hiring Security Talent? Give Professional Certifications the Weight They Deserve (Not More)Continue Reading June 24, 2019The Importance of Scope in Penetration TestingContinue Reading June 21, 201914 Million Reasons to Update Data Classification PolicyContinue Reading June 20, 2019Discover Why CCPA Will Make All Your Data More Secure (Not Just PII)Continue Reading June 14, 2019Why You Need a Crisis Communications PlanContinue Reading June 13, 2019A “Phishing” Story — Beware of This New TwistContinue Reading June 11, 2019Taking a “Business Process” Approach to ISO 27001Continue Reading June 5, 2019Address CCPA before September 2019… or Pay the PriceContinue Reading May 30, 2019Why Medium-Sized Businesses Are Ideal Candidates for an InfoSec ProgramContinue Reading May 23, 2019CREST vs. SANSContinue Reading May 22, 2019Why ISO 27001 is like Managing an NFL TeamContinue Reading May 22, 2019How Being in Information Security Has Changed My Annual OBGYN Visit by Carla HigginbothamContinue Reading May 23, 2019“Where to Start” for Security and Privacy Initiatives in the Legal VerticalContinue Reading May 21, 20195 Success Factors: Law Firm Data Security & Privacy Initiatives (Part 3)Continue Reading May 16, 20195 Success Factors: Information Security for Law Firms (Part 2)Continue Reading May 14, 20195 Success Factors: Cyber Security for Law Firms (Part 1)Continue Reading May 10, 2019Don’t Pay the Price for an Unsecured Managed Services VendorContinue Reading May 9, 2019You Can’t Afford to Ignore CCPA Like You Ignored GDPRContinue Reading May 8, 2019Discover the 4 Steps to Building an Information Security PlanContinue Reading May 3, 2019Engaging a vCISO: 4 Key Questions (Plus Advice from Mike Tyson)Continue Reading May 2, 2019Is the CISO’s Role to Preserve Value—Or Create It?Continue Reading April 30, 2019Password Security Tips #2 and 1: Sharing PasswordsContinue Reading April 25, 2019Password Security Tips #5, 4 and 3: Password Resetting, 2FA, and StorageContinue Reading April 24, 2019Password Security Tips #8, 7 and 6: Reuse, Emails, and Default PasswordsContinue Reading April 22, 2019Why Your Vendor Risk Management Program Won’t Protect You from Supply Chain Risk Like the Wipro BreachContinue Reading April 18, 2019Password Security Tip #10: Avoid Easily Guessable Passwords (Obvious but Crucial)Continue Reading April 23, 2019Password Security Tip #9: Make Passwords as Strong as They Need to BeContinue Reading April 17, 2019Free Open Source Software (FOSS) RisksContinue Reading April 16, 2019Have I Been Pwned?Continue Reading April 16, 2019Passwords Just Aren’t Enough Anymore: Why the Move to MFA is InevitableContinue Reading April 11, 2019Do You Really Know Who’s Handling Your Security in the Public Cloud?Continue Reading April 5, 20193 Top Tips to Streamline Your Vendor Questionnaires without Compromising Risk ManagementContinue Reading April 2, 2019Longer Minimum Passwords Can Help Prevent Password ReuseContinue Reading March 28, 2019Why Your Business Continuity Plan Must Cover Cyber Incident ResponseContinue Reading March 26, 2019Why Scanning Your Company’s Full IP Address Block Could Save Your ButtContinue Reading March 21, 2019As IoT Devices Multiply Like Rabbits, Hackers Move in for the KillContinue Reading March 19, 2019Collection 1 Breach – Why You Need Password Management (and 2FA)Continue Reading March 14, 2019When and How to Hire a vCISOContinue Reading March 7, 2019Why Outsourcing Information Security is an Advantage for Most OrganizationsContinue Reading February 28, 2019What the SOC 2 Changes Mean for Businesses Seeking an InfoSec AttestationContinue Reading February 22, 2019Why Your Company Should Consider a Privacy Impact Assessment (PIA)Continue Reading February 19, 2019You are Missing the Most Important Security Awareness Training Module…Continue Reading February 13, 2019I Was Wrong about Risk Assessments—and You Probably Are as WellContinue Reading February 4, 2019NIST CSF Tiers and Profiles for Dummies… (or Senior Management)Continue Reading January 31, 2019What Batman and Alfred Reveal about Information Security Project ManagementContinue Reading January 24, 20193-Step Guidance on Managing Outsourcing RiskContinue Reading January 22, 2019The Collection #1 Data Breach—Should You Worry?Continue Reading January 4, 20199 Benefits of ISO 27001 Certification—Some You Know, Some You Probably Don’tContinue Reading January 2, 2019ABA Opinion 483 from an Information Security Expert’s Point of ViewContinue Reading December 20, 2018How to TPRM? Embrace the Art and Science.Continue Reading December 27, 2018To Pay or Not to Pay Your Hackers? Why There’s Really No Debate on Ransomware ResponseContinue Reading December 18, 2018Yes: Your Law Firm Needs to Do a Business Impact AnalysisContinue Reading December 14, 2018How a vCISO Strategy Can Save You Money—Because Nature Abhors a VacuumContinue Reading December 4, 2018Recovery Time Objectives (RTOs) & Your Disaster Recovery PlanContinue Reading November 27, 2018How Long Does It Take You to Patch a Critical Vulnerability?Continue Reading November 20, 2018ISO 27017 vs. CSA STAR – The Two Leading Cloud Security Standards Compared Continue Reading November 6, 20183 Reasons Why “Project Verify” Scares MeContinue Reading October 16, 2018The Time Has Come to Move to Windows 10Continue Reading October 11, 2018What Does “Failure is Not an Option” Mean for Recovery Planning? Continue Reading October 9, 2018Credential Harvesting: It’s More Than Just Phishing and More Common Than EverContinue Reading October 2, 2018Do New Regulations Mean that Data Security and Data Privacy Should Merge?Continue Reading September 27, 2018GDPR and the California Consumer Privacy Act of 2018 Compared Continue Reading October 4, 2018What Threat Hunting and Pinot Noir Have in Common Continue Reading September 24, 2018Why “Hacker” Gatherings Like DEF CON Matter for Your Business Continue Reading September 10, 2018How the Fiserv Application Vulnerability Validates a Strength of OWASP ASVSContinue Reading August 30, 2018Is “Business as Usual” the Biggest Business Continuity Trend? Continue Reading August 28, 2018Recovery Planning Neglect – Excuses That Make a BC/DR Professional’s Head Spin Continue Reading August 16, 2018September 3, 2018: NYDFS 500 “Covered Entities” Compliance DeadlineContinue Reading August 9, 2018Why Pivot Point Security is Now Offering ISO-27001 “As-a-Service” for Certification & MaintenanceContinue Reading August 10, 20186 Strange-but-True Tales of IoT HacksContinue Reading August 7, 2018California’s New Privacy Law Means US Firms Can’t Delay Privacy Initiatives Any Longer (Part 2)Continue Reading August 7, 2018California Consumer Privacy Act of 2018: What Could It Mean for Your Business? (Part 1)Continue Reading August 7, 2018Challenges in IoT Security—Is It Getting Better or Worse?Continue Reading August 2, 20189 Data Security Questions Law Firms Should Ask Their SaaS Vendors Continue Reading July 31, 2018NYDFS, NAIC’s Model Law: Just the Tip of the Cybersecurity Regulation IcebergContinue Reading July 30, 2018Maintaining Security in the Public Cloud: Look Before You LeapContinue Reading July 26, 2018News Flash: 25% of Your Users Reuse the Same Password for EverythingContinue Reading July 24, 2018Protecting your Office Printer from CyberattackContinue Reading July 23, 2018How Much vCISO Do I Need to Be Successful?Continue Reading July 19, 2018EKG Device Hacks Underscore Growing IoT Risks in HealthcareContinue Reading July 18, 2018Conflict of Interest Checking for Vendor Risk ManagementContinue Reading July 12, 20185 Critical Steps to Align Security Policy with Your Cyber Liability Insurance PolicyContinue Reading July 17, 2018A Guide to Managing Technical Vulnerabilities for MunicipalitiesContinue Reading July 10, 2018How Municipal Governments Can Manage Third-Party RiskContinue Reading July 5, 2018Disaster Recovery Planning for Hurricane SeasonContinue Reading July 3, 2018Contingency Planning: Cyber Security Disaster Recovery in Local GovernmentContinue Reading June 26, 2018Cyber Security Training for Municipal Government EmployeesContinue Reading June 19, 2018Staying Safe from Local Government Malware and Social Engineering AttacksContinue Reading June 21, 2018Why Businesses Struggle to Protect Knowledge Assets—and How Virtual Security Services Can HelpContinue Reading June 14, 2018NSA Says Hackers Stick to the Basics—Which is Why We Should, Too Continue Reading June 12, 2018Data Backup and Encryption for Municipal GovernmentsContinue Reading June 8, 2018How Will Your Network Fare on The Penetration Test Trail?Continue Reading June 7, 2018Failing to Plan is Planning to Fail—Download Our Business Continuity Plan (BCP) Tabletop Exercise Template Today!Continue Reading June 5, 2018Password Management and Access Control for State and Local GovernmentsContinue Reading May 31, 2018Municipal Cyber Security 101: Covering the BasesContinue Reading May 29, 2018What Simon Sinek and Security Awareness Training Have in CommonContinue Reading May 23, 2018Will You Be Able to Find Your Critical Records During a Disaster?Continue Reading May 22, 2018Does Your Security Awareness Training Feel Critical to Employees?Continue Reading May 17, 2018Business Continuity Planning is a Living LegacyContinue Reading May 4, 2018Why Your Team Needs Disaster Recovery Tabletop ExercisesContinue Reading May 4, 2018Standardized Control Assessment – Why the AUP Became the SCAContinue Reading May 1, 2018The Four ISO 27001 Audit Categories, ExplainedContinue Reading May 8, 2018Tweaking Your TPRM Strategy to Improve Cloud Security Continue Reading April 25, 2018Why Cryptocurrency Mining Malware is Targeting Corporate Networks—and Why You Should CareContinue Reading May 2, 20185 Android Smartphone Cyber Security Tips for SMBsContinue Reading April 24, 2018Pros and Cons of Cyber Security Self-AuditsContinue Reading April 19, 2018Why a Business Impact Analysis Must Cover the Entire BusinessContinue Reading April 17, 20185 Bonus Benefits of a Network Vulnerability AssessmentContinue Reading April 5, 2018The New Face of DDoS Attacks: Bigger, Badder, & Available “as-a-Service” Continue Reading April 3, 2018File Inclusion Vulnerabilities and Defenses Against ThemContinue Reading March 27, 2018New OWASP Top 10 Includes 3 New Web App Vulnerabilities Continue ReadingLoad more Search our Blogs Choose 1 or more topics below to expand your search: AI Application Security | Category - Pivot Point Security Business Continuity Management CCPA CISO Cloud Security | Category - Pivot Point Security Compliance | Category - Pivot Point Security Cybersecurity | Category - Pivot Point Security Cybersecurity Maturity Model Certification (CMMC) Data Privacy Devops Disaster Recovery Ethical Hacking FedRamp GDPR | Category - Pivot Point Security Government | Category - Pivot Point Security Information Security Industry Trends InfoSec Risk Assessment InfoSec Strategies | Category - Pivot Point Security IoT Security | Category - Pivot Point Security ISMS Consulting ISO 22301 ISO 27001 Certification | Category - Pivot Point Security ISO 27701 | Category - Pivot Point Security ISO 42001 Network Security NIST | Category - Pivot Point Security Penetration Testing Phishing | Category - Pivot Point Security Popup Testing Privacy SaaS Security Awareness Training | Category - Pivot Point Security SIEM | Category - Pivot Point Security SOC 2 | Category - Pivot Point Security Social Engineering Third Party Risk Management Uncategorized vCISO Vendor Due Diligence