Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SOC 2 and ISO 27001 are compliance frameworks commonly required of organizations that house data or store sensitive information. Both standards focus on information security management, but they have some key differences in their approach and scope. Let’s take a closer look at the differences between SOC 2 and ISO 27001, and see if one or both are right for your organization.

Out of his 29 years of cloud and security experience, Mick has been with Robin for 6, leading their internal compliance operations and making sure that their customers’ data is secure. Robin needed to get SOC 2. They also wanted a way to answer security questionnaires faster. Continue on to see how Mick was able accomplish both.

As the world fitfully rebounds from the recent Covid-19 pandemic, both our personal and professional lives will be altered. A recent survey by Gartner revealed that 74% of CFOs and Finance leaders said they will move at least 5% of their previously on-site workforce to permanently remote positions post Covid-19. Organizations will evaluate rent costs, health risks, and productivity benefits in the new environment. Some office space will be released.

The term ransomware word perfectly captures the idea behind it, i.e. holding a computer system or software captive until a ransom is paid. Traditionally, attackers use ransomware to target individuals but things are different now.

The C-Suite and other senior executives are frequently the targets of cyberattacks. As the most visible members of an organization, executives have access to sensitive information, influence inside the organization and a public platform, making them valuable targets for cybercriminals. Organizations of all sizes need to actively reduce risk for senior management.

Currently, it is possible to offer managed detection and response services from a SOC that are implemented in different ways. All implementation alternatives have their advantages and disadvantages, which must be carefully evaluated before deciding to adopt one or another deployment model. The most common deployment models include.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. NameCheap last week, and it appears GoDaddy has discovered something too.

Event correlation tools are a fundamental instrument in your toolbox to detect threats from all sources across your organization in real time. A wise use of the right event correlation techniques through log management and analysis is the cornerstone of any reliable security information and event management (SIEM) strategy – a strategy that focuses on prevention rather than reaction.

There are two kinds of CISOs: pre-breach and post-breach. Pre-breach CISOs are overly focused on tools and thinking about investing in prevention technologies. They do this almost to the exclusion of thinking about recovery and timely restoration of services once something bad actually occurs. And something bad will happen; it’s not a matter of if, but when (and how often, I might add, so “breach cadence” seems a more suitable KPI than breach likelihood).