Information Protection: A Practical Strategy for Identifying and Controlling Your Most Valuable Data (Whitepaper)

Do you have an inventory of your Company’s most critical data and information assets? Do you know where those information assets are located throughout the Company? Do you have confidence that your most valuable information is only accessible to appropriate individuals? If you are wrestling with these questions you aren’t alone. Companies across the globe[…]

Key Due Dates and Deliverables for the NYDFS Cybersecurity Regulation

The NYDFS Cybersecurity regulation is relevant to all financial services, banking, and insurance organizations doing business in the state of New York that have 10 employees or more than $5 million in revenue. If your organization falls into that category you should be aware of the NYDFS Cybersecurity Regulation phased implementation schedule. Each of these[…]

Vendor Due-Diligence: NIST 800-53 vs. NIST 800-171

Organizations may benefit from greater understanding of the difference between and appropriate use of NIST 800-53 vs. NIST 800-171, especially when it comes to understanding which framework is required by law or applicable under vendor due diligence. Marketplace Confusion: Vendor Due-Diligence Often Drives Implementation The proliferation of NIST 800-53 “Security and Privacy Controls for Federal Information[…]

How to Choose a SOC 2 Audit Firm (with Vendor Scorecard Template)

Selecting the right partner to assist with SOC 2 compliance (or anything else) can be challenging. If you are trying to sort through the marketplace to select a vendor here are a few considerations. You can also download our free vendor selection template here. 1| Experience Assess resumes of the individuals who will be performing[…]

New York Cybersecurity Regulations – Path to Compliance (Whitepaper)

Written March 1, 2017, the New York Financial Services Cybersecurity Regulations have been developed to address significant cybersecurity threats to the financial services industry. The regulations prescribe certain standards for a financial service company’s (“regulated entity” or “Covered Entity”) cybersecurity program for the purpose of promoting protection of customer information and protecting regulated information systems.[…]

Simplify Compliance by Creating One Set of Controls to Manage Risk (Unified Control Framework)

Heavily regulated companies spend a lot of time mapping and creating new business processes to meet compliance requirements. This is especially frustrating for businesses that face multiple compliance requirements. We see this often in the financial technology (FinTech) and healthcare technology (HIT) space. Companies like these have an almost unmanageable number of regulatory frameworks to[…]

Petya Ransomware & Mitigation Steps

They Petya Ransomeware outbreak is the second such global attack in the last couple of month. The malware is spreading using same Microsoft Windows vulnerability that was exploited by the recent WannaCry ransomware event. Symantec confirmed that Petya uses the “Eternal Blue” exploit. Microsoft released a patch for the Eternal Blue exploit in March (MS17-010), but if you have put off installing the patch[…]

How to Effectively Communicate Your Security and Compliance Story to Prospective Clients and Business Partners

I read an article last week about Wal-Mart forcing some of their vendors off Amazon’s cloud. Wal-Mart has an incredible amount of leverage over their vendors so my guess is that most SaaS providers probably went along with Wal-Mart’s request. This type of thing isn’t uncommon in the world of vendor management. I have personally[…]