%term

The ISO/IEC 27001 Standard for InfoSec: Meaning, Importance & Requirements

Apr 10, 2023 By Blessing Onyegbula In Splunk

ISO/IEC 27001 is the international standard on information security. It was established by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to stipulate the framework for implementing Information Security Management Systems (ISMS) in an organized and risk-effective way. For this article, we’ll mostly refer to ISO 27001, but know that we’re referring to both ISO/IEC 27001. Got it? Let’s begin!

Read Post

Splunk

Read more about The ISO/IEC 27001 Standard for InfoSec: Meaning, Importance & Requirements

FedRAMP Compliance: What It Is, Why It Matters & Tips for Achieving It

Apr 10, 2023 By Kayly Lange In Splunk

Data security is a major concern for almost everyone. From organizations to individuals, most of us who use or supply cloud-based services want to ensure that our information stays confidential and accessible. However, these concerns are amplified to national security when government data is the subject. That’s why the U.S.government has a stringent set of security requirements known as FedRAMP®. All cloud vendors that provide services to federal agencies must comply with these standards.

Read Post

Splunk

Read more about FedRAMP Compliance: What It Is, Why It Matters & Tips for Achieving It

Strengthening CJIS Compliance with Keeper Security: Protecting State Agencies and Law Enforcement

Apr 10, 2023 By Mike Eppes In Keeper

In November 2022, the Criminal Justice Information Services (CJIS) division of the FBI updated its cybersecurity policy, impacting state agencies, police departments, and other organizations that handle Criminal Justice Information (CJI). The updated policy poses challenges for organizations, especially smaller ones, to maintain compliance due to limited resources, lack of expertise and the policy’s complexity.

Read Post

Keeper

Read more about Strengthening CJIS Compliance with Keeper Security: Protecting State Agencies and Law Enforcement

What is NIST 800-161? Guide & Compliance Tips

Apr 7, 2023 By Kyle Chin In UpGuard

NIST 800-161 — also identified as NIST Special Publication (SP) 800-161 — was published in April 2015 as Supply Chain Risk Management Practices for Federal Information Systems and Organizations. In May 2022, a year after President Biden’s Executive Order on Improving the Nation’s Cybersecurity, NIST produced a revised version, NIST 800-161 rev. 1 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations.

Read Post

UpGuard

Read more about What is NIST 800-161? Guide & Compliance Tips

The Next Generation of Risk Registers is Here

Apr 6, 2023 By Richa Tiwari In TrustCloud

A risk register is a tool used to manage potential problems or risks within an organization. It helps to identify and prioritize risks, their likelihood of occurrence, and provides ways to mitigate them. Risk registers allow you to play offense and defense – you’re proactively planning for potential challenges and minimizing their impact on your project’s success in the event that the roadmap does veer off course.

Read Post

TrustCloud

Read more about The Next Generation of Risk Registers is Here

SOX VS SOC AICPA Mapping the Differences

Apr 6, 2023 By VISTA InfoSec In VISTA InfoSec

SOX and SOC are regulatory and compliance standards that people often get confused about. They are designed and developed with different purposes and goals. Explaining the two in detail, VISTA InfoSec recently conducted a live webinar on “SOX & SOC- Mapping the Differences”. The webinar maps the similarities and differences between SOX and SOC. In addition to this, the webinar provides information on how your organization can leverage the key overlaps between the two to attain compliance with both the regulation and compliance standards.

View Video

VISTA InfoSec

Read more about SOX VS SOC AICPA Mapping the Differences

Comply Investigations - Tanium Tech Talks #59

Apr 5, 2023 By Tanium In Tanium

Tanium now helps you investigate exact findings on endpoint vulnerability and compliance scans. A common frustration between IT scanning and remediation teams is the back-and-forth over getting every detail right on the fix. Maybe the machine is patched, but it is still missing the proper registry flag. Tanium has solved this by giving you full visibility into EXACTLY what was or was not in the correct state for BOTH vulnerability and configuration compliance scanning. See each test, pass or fail, and the actual values from the compliance scan on the endpoints.

View Video

Tanium

Read more about Comply Investigations - Tanium Tech Talks #59

Say hello to TrustRegister!

Apr 5, 2023 By TrustCloud In TrustCloud

We’re thrilled to announce the launch of TrustRegister! 🚀 Say goodbye to manual risk registers and hello to programmatic and predictive risk tracking with this new risk management solution. Our platform reduces your business liability by helping you identify risks before they become a problem.

View Video

TrustCloud

Read more about Say hello to TrustRegister!

SQL INJECTION ATTACK

Apr 5, 2023 By VISTA InfoSec In VISTA InfoSec

An SQL Injection vulnerability may affect any website or web application that uses an SQL database such as MySQL, Oracle, SQL Server, or others. SQL may be used to gain unauthorized access to sensitive data: customer information, personal data, trade secrets, intellectual property, and more. SQL Injection is one of the oldest, most prevalent, and most dangerous web application vulnerability. The OWASP organization (Open Web Application Security Project) lists injections in their OWASP Top 10 document as the number one threat to web application security.

View Video

VISTA InfoSec

Read more about SQL INJECTION ATTACK

TrustCloud Replaces Manual Risk Registers with Programmatic and Predictive Risk Tracking to Reduce Business Liability

Apr 4, 2023 By TrustCloud In TrustCloud

New TrustRegister™ application introduces programmatic risk assessments, empowering companies to proactively surface risks and remediation plans, map to customer contracts, and understand potential business impact.

Read Post