Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Business partnerships require trust, but knowing which vendors you can trust to protect your customer's PII and PHI is difficult. With the rise of information technology, there are countless ways that trust can be broken, whether intentionally or unintentionally. As a starting point, you need additional information about information security policies, internal security practices, incident response and disaster recovery plans, and any past security incidents.

Cyber hygiene is the cybersecurity equivalent to the concept of personal hygiene in public health literature. The European Union's Agency for Network and Information Security (ENISA) states that "cyber hygiene should be viewed in the same manner as personal hygiene and, once properly integrated into an organization will be simple daily routines, good behaviors, and occasional checkups to make sure the organization's online health is in optimum condition".

A network security assessment is an audit designed to find security vulnerabilities that are at risk of being exploited, could cause harm to business operations or could expose sensitive information.

Regulatory compliance monitoring is a key component of any cybersecurity program. But it's becoming increasingly difficult to ensure you are meeting your regulatory requirements. Driven by an increasing web of complex extraterritorial laws, industry-specific regulations, and general data protection laws. This is not a valid excuse for non-compliance. Regulators and lawmakers will impose significant fines on organizations that aren't able to align their cybersecurity and compliance programs.

Security ratings or cybersecurity ratings are a data-driven, objective, and dynamic measurement of an organization's security posture. They are created by a trusted, independent security rating platform making them valuable as an objective indicator of an organization's cybersecurity performance. Just as credit ratings and FICO scores aim to provide a quantitative measure of credit risk, security ratings aim to provide a quantitative measure of cyber risk.

Data classification is the process of organizing structured and unstructured data into categories, so it can be used and secured more efficiently. It makes data easier to locate and retrieve while facilitating better risk management, legal discovery, and regulatory compliance. Data classification involves labeling sensitive data and personal information to make it searchable and trackable.

In cybersecurity, the term open port refers to a TCP or UDP port number that is configured to accept packets. In contrast, a port which rejects connections or ignores all packets, is a closed port. Ports are an integral part of the Internet's communication model. All communication over the Internet is exchanged via ports. Every IP address contains two kinds of ports, UDP and TCP ports, and there are up to 65,535 of each for any given IP address.

The Consensus Assessments Initiative Questionnaire (CAIQ) is a security assessment provided by the Cloud Security Alliance (CSA) for cloud consumers and auditors to assess information security capabilities of cloud providers.

The Standardized Information Gathering (SIG) questionnaire is used to perform an initial assessment of vendors, gathering information to determine how security risks are managed across 18 different risk domains. SIG was developed by Shared Assessments and is a holistic tool for risk management assessments of cybersecurity, IT, privacy, data security, and business resiliency. The SIG questionnaire was created by Shared Assessments.

The Vendor Security Alliance (VSA) questionnaire was created by a coalition of companies committed to improving Internet security. It is one of the most well-known, highly respected security questionnaires, alongside: The VSA questionnaire is free to use and accessible on the VSA website.