SOC 2 – which stands for System and Organization Control 2 – is a cybersecurity compliance framework that specifies how third-party service providers should store and process organizational and client data. SOC 2 is part of the American Institute of Certified Public Accountants’ (AICPA) SOC reporting framework and utilizes the AICPA Statement on Standards for Attestation Engagements No. 18 (SSAE 18) standard.

The International Society of Automation (ISA) and the International Electrotechnical Commission (IEC) started creating the 62443 series of standards in 2002.

According to Vanta’s State of Trust Report, 54% of businesses say that regulating AI would make them more comfortable investing in it. But with regulation still in flux, how can companies adopt AI safely and responsibly to minimize risk while accelerating innovation?

In 2022, Twitter suffered a massive data breach, which exposed the personal data of 5.4 million caused by broken authentication. Threat actors exploited Twitter's API vulnerability to gain unauthorized access to users' sensitive personal data. The incident resulted in reputational loss and hefty fines from the regulatory body for failing to protect users' data. This shows that no organization, regardless of size, is immune to data breaches.

While working towards a mission of building better, more secure mobile applications, the Open Web Application Security Project (OWASP) has spearheaded this effort with the Mobile Application Security Verification Standard (MASVS) and the Mobile Application Security Testing Guide (MASTG). These invaluable resources provide a comprehensive framework for safeguarding your mobile apps, ensuring trust, and protecting user data.

In our last discussion, we explored the evolution of Requirement 1 in the transition from PCI DSS v3.2.1 to v4.0, with a particular emphasis on the move towards ‘network security controls’. As we continue our exploration of the updated PCI DSS v4.0, today’s focus will be on the transformations in Requirement 2.

The number of tools organizations use is growing everyday. According to Zylo 2023 SaaS Management Index Report, the average organization has 291 SaaS applications in their tech stack — a number which only increases as your organization grows. The more tools that are added to your tech stack, the more third-party risk your business incurs. These risks could result in threats like data theft, service outages, or loss of revenue and customer trust. ‍

Trustwave Government Solutions (TGS) is proud to announce its designation as “In Process Program Management Office (PMO) Review" by the Federal Risk and Authorization Management Program (FedRAMP) for its Government Fusion platform. TGS expects to receive full authorization in early 2024.