Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

What is NIST SP 800-171? Tips for NIST SP 800-171 Compliance

NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST SP 800-171 or NIST 800-171), provides federal agencies with a set of guidelines designed to ensure that Controlled Unclassified Information (CUI) remains confidential and unchanged in nonfederal systems and organizations.

What is Cybersecurity Performance Management?

Cybersecurity performance management is the process of evaluating your cybersecurity program's maturity based on top-level risks and the associated level of investment (people, processes and technology) needed to improve your security security to meet regulatory requirements and business outcomes. Security metrics improve decision making by helping risk management and security teams take a risk-based, outcome-driven approach to assessing and managing their organization's cybersecurity capabilities.

What is NIST SP 800-53? Tips for NIST SP 800-53 Compliance

NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems and Organizations (NIST SP 800-53 or NIST 800-53), establishes an information security standard for the federal government. Specifically, NIST 800-53 establishes security controls and privacy controls for federal information systems and organizations excluding those involved with national security.

Vendor Risk Management Best Practices

Vendor risk management is hard. And it's getting harder. But it doesn't have to be. Business units are outsourcing more of their operations to third-party suppliers. In turn, these suppliers outsource to their own service providers. It's undeniable, the average organization's exposure to third-party risk and fourth-party risk has never been higher.

What is the SHIELD Act?

The New York Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) or Senate Bill 5575, was enacted on July 25, 2019 as an amendment to the New York State Information Security Breach and Notification Act. The law goes into effect on March 21, 2020. The motivation behind the SHIELD Act is to update New York's data breach notification law to keep pace with current technology.

SecurityScorecard Alternative for Managing Cybersecurity Risk

There are many SecurityScorecard alternatives that offer the same core functionality your organization needs to successfully manage first-party, third-party and fourth-party risk. SecurityScorecard is one of the most well-known security ratings platforms but let's look at an alternative and see how they stack up. These security ratings providers are promising to reduce cybersecurity risk by continuously monitoring the security posture of any company in the world, instantly and non-intrusively.

What is a Security Posture and How Can You Evaluate It?

An organization's security posture (or cybersecurity posture) is the collective security status of all software, hardware, services, networks, information, vendors and service providers. Your security posture encompasses information security (InfoSec), data security, network security, penetration testing, security awareness training to prevent social engineering attacks, vendor risk management, vulnerability management, data breach prevention and other security controls.

14 Cybersecurity Metrics + KPIs to Track

When it comes to protecting sensitive data, preventing data breaches and detecting cyber attacks, you need a way to track whether you're meeting your goals. Key performance indicators (KPIs) are an effective way to measure the success of your cybersecurity program and aid in decision-making. According to PwC, just 22 percent of Chief Executive Officers believe their risk exposure data is comprehensive enough to form decisions. A figure that - alarmingly - hasn't changed in 10 years.

What are the CIS Controls for Effective Cyber Defense?

The CIS Critical Security Controls are a prioritized set of actions for cybersecurity that form a defense-in-depth set of specific and actionable best practices to mitigate the most common cyber attacks. A principle benefit of the CIS Controls are that they prioritize and focus on a small number of actions that greatly reduce cybersecurity risk.

What is the LGPD? Brazil's General Data Protection Law

The Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais or LGPD) is a new law that was passed by the National Congress of Brazil on August 14, 2018 and comes into effect on August 15, 2020. The LGPD creates a legal framework for the use of personal data of individuals in Brazil, regardless of where the data processor is located.