Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

What is Zero Trust Architecture?

Zero Trust Architecture (ZTA) means exactly that: compliance officers and IT security teams are trained to not trust any network activity, anywhere, at any given time — not even on the inside of their own computer network. Don’t panic; ZTA is not as difficult to work with as it sounds. It’s simply a different way of approaching cybersecurity. So let’s take a look at how it works.

What Are the Types of Information Security Controls?

When safeguarding your business against cyberattacks and data breaches, CISOs and compliance officers can choose from all sorts of information security controls — everything from firewalls to malware detection applications, and much more. Thankfully you don’t have to start from scratch when implementing cybersecurity controls. Many standards and frameworks exist that can help you secure your IT systems properly.

Is NIST Mandatory?

You don’t have to spend a long time in the cybersecurity and information technology world before someone brings up NIST compliance. Since the agency’s inception in 1901 — yes, it’s that old — the National Institute of Standards and Technology has been trusted as the guardian of all proper measurements and standards, including cybersecurity standards meant to increase data security. NIST, which these days is part of the U.S.

What Is Cloud Infrastructure?

The term “cloud infrastructure” refers to both the hardware systems and software applications that support a cloud computing environment. This might include cloud storage, virtualization applications, IT management tools, API connectivity, and relevant cloud service providers. In a cloud computing environment, all of the aforementioned IT infrastructure components would be hosted offsite by a service provider and delivered through an internet network.

What Are the HIPAA Standard Transactions?

The Department of Health and Human Services (HHS) defines a transaction as an electronic exchange of information between two parties, to carry out financial or administrative activities related to healthcare. For example, a health care provider will send a claim to a health plan to request payment for medical services.

What is Cybersecurity Risk Management?

Every time you log on to the Internet, you put your IT systems and the data you handle at risk. At the same time, it’s also impossible to run a successful business without going online, so a key element of modern business management is a strong cybersecurity risk management program. Why? Because the only people in the cybersecurity field working harder than software engineers are the criminals trying to find a new way to breach the latest network security measures.

What Is NIST?

NIST is the abbreviated name of the National Institute of Standards and Technology. It’s one of many federal agencies under the U.S. Department of Commerce, and is one of the oldest physical science laboratories in the United States. As a non-regulatory government agency, NIST was originally founded to enable greater industrial competitiveness in the United States. Its focus stems from the mantra, “One cannot manage what is not measured.

What are the PCI DSS Password Requirements?

The PCI DSS compliance password requirements are mandated by Requirement 8 of the Payment Card Industry Data Security Standard (PCI DSS). Password compliance plays a key role in the PCI standards because it dictates the password complexity necessary to help an organization better defend its systems against unauthorized access.

Reciprocity and ZenGRC Win Four Cyber Defense Magazine InfoSec Awards

SAN FRANCISCO – May 18, 2021 – Reciprocity, a leader in information security risk and compliance with its ZenGRC platform, today announced ZenGRC has been awarded four coveted Cyber Defense Magazine (CDM) InfoSec Awards: Most Innovative in IT Vendor Risk Management, Cutting Edge in Risk Management, Most Innovative in Third Party Risk Management, and Publisher’s Choice in Compliance.

What is FedRAMP?

The Federal Risk and Authorization Management Program, or FedRAMP, is a federal government program to provide a standardized approach for security assessment, authorization, and continuous monitoring for cloud services and cloud products offered by cloud service providers (CSPs). FedRAMP creates a single risk-based standard so government agencies can engage with cloud-based providers more easily.