ISO/IEC 27002 offers guidance on implementing an Information Security Management System (ISMSP). This international standard is very effective at helping organizations protect themselves against various information security risks through a series of security control categories. However, with the standard addressing such diverse information security risks, cybersecurity teams often find implementation and maintaining alignment a significant challenge.

The International Standardization Organization (ISO) introduced the latest version of ISO 22301 in 2019. This framework includes strategies, standards, and requirements organizations can use to implement a business continuity management system (BCMS). To appeal to and assist the most comprehensive array of organizations, ISO 22301 includes generic regulatory requirements that organizations can implement to improve organizational resilience in various contexts.

In this series, you’ll hear directly from Vanta’s own Security, Enterprise Engineering, and Privacy, Risk, & Compliance Teams to learn about the teams’ approaches to keeping the Vanta organization secure. We’ll also share some guidance for teams of all sizes — whether you’re just getting started or looking to uplevel your operations.

In the fast-paced world of software development, the clash between developers and security experts could greatly benefit from some much-needed balance. On one side, developers strive for success based on metrics like delivery time, deployment frequency, and number of features. On the other side, security professionals are measured on vulnerability and compliance metrics.

The education industry is facing a growing threat from malicious cyberattackers, both external and internal. According to the Cyber Attack Trends report by Check Point Research, the education and research industry suffered from 44% more cyberattacks in the first half of 2022 compared to the same period in 2021. Therefore, cybersecurity in the academic industry is of paramount importance now.

In the UK, the Information Commissioner’s Office (ICO) has the responsibility of upholding information rights in the public interest. The ICO work with businesses and public sector organisations to offer guidance and best practices for using data and information responsibly, as well as regulating and enforcing relevant laws.

Imagine that you work in IT and security for a federal entity. How do you manage your event data across different systems and networks? When something goes wrong, how do you detect, investigate and remediate these security incidents? That’s what the Office of Management and Budget (OMB) addresses in M-21-31: a memorandum that provides guidance for federal agencies to increase their visibility and response capabilities before, during and after a cybersecurity incident.

Non-compliance in cybersecurity marks a grave oversight. It involves neglecting established security protocols, leaving organizations vulnerable to malicious actors. Read on as we examine the potential risks of non-compliance, including heightened susceptibility to cyberattacks, the specter of data breaches, and the erosion of a company's hard-earned reputation.

In the world of technology, few concepts have captured our collective imagination like Artificial Intelligence (AI). It’s the promise of machines that can think, learn, and perform tasks with a level of sophistication that mimics human intelligence. Yet, the allure of AI has also given rise to a web of confusion, myths, and misunderstandings.

Software supply chain attacks are increasingly complex and damaging — underscoring the importance of increased government visibility throughout a cybersecurity incident. Over the last two years, the U.S.