ISO 27001 Path to Certification: The Business Case for ISO 27001 Implementation (Whitepaper Part 1 of 3)

Cybersecurity is a business problem impacting the livelihoods of companies and their owners. As a result, Management and Leadership must take steps to proactively mature their information security posture. A great place to begin (or continue) maturing your security environment is through the implementation of a security framework such as ISO 27001. If you are[…]

Penetration Test Engagement Types: A Comprehensive Guide to Defending Against Real-World Attackers by Simulating Real-World Attacks (Whitepaper)

  Cybersecurity is a business problem impacting the livelihoods of companies and their owners. As a  result, Management and Leadership must take steps to proactively identify and resolve security vulnerabilities to protect company value. A great place to begin (or continue) maturing your security environment is through penetration test activities. Penetration tests can be a[…]

Security Due Diligence: An Analysis of Security in the Sales Cycle for Companies Serving the Banking Sector (Whitepaper)

Studies performed by the Ponemon Institute linked 56-59% of security breaches to third parties. At the same time, companies are increasingly leveraging specialty service providers to perform critical business functions. Combined, third-party risk is being elevated to the board level and banks are scrambling to manage their vendor-related risks. The net result for service providers[…]

Mapping California Consumer Privacy Act (CCPA) with GDPR (Whitepaper)

Many organizations are bracing for the recent wave of Privacy regulations announced this year. In May, GDPR became enforceable, then in June California passed the California Consumer Privacy Act (effective starting 2020).  These landmark regulations provide new privacy requirements for businesses collecting and/or processing data. The purpose of this whitepaper is to compare requirements under[…]

Executive Summary of the California Consumer Privacy Act (CCPA)

On June 28, 2018, California signed into law Assembly Bill 375, the California Consumer Privacy Act (“CCPA”).  Scheduled to be effective January 1, 2020, the CCPA is based on the principles that, “California consumers should be able to exercise control over their personal information, and they want to be certain that there are safeguards against[…]

GDPR: Understanding the Impact of Automated Decision Making and Profiling (Whitepaper)

Profiling and automated decision-making are not prohibited under GDPR.  However, both of these activities are subject to detailed requirements on when they can legitimately be performed and what must be communicated to data subjects. Key Questions: 1| How are automated decision-making and profiling defined under GDPR? 2| How do the general rules of GDPR apply[…]

GDPR: Understanding the Roles and Responsibilities of Cloud Service Providers (Whitepaper)

Whether it is a software or infrastructure as a service (SaaS/IaaS) almost everyone is relying on the cloud. Have you considered how this impacts your GDPR strategy? In this whitepaper we set out to clarify the role of cloud service providers as well as users of cloud services.  Key Questions: 1) What is your role(s)[…]

Navigating the CMS Enhanced Direct Enrollment Audit (Whitepaper)

Beginning enrollment period 2019, all qualified health plan issuer or web-broker in the Federally-facilitated Exchange must follow the Direct Enrollment rules and obtain a CMS audit from an independent auditor to host application and enrollment services on your website. What is in the Whitepaper: 1 | CMS Requirements including business requirements audit, the security and[…]

State-by-State Breakdown of Cybersecurity Legislation (Whitepaper)

As cybersecurity incidents, such as the Equifax data breach, continue to occur, states are beginning to recognize the need to impose cybersecurity requirements on companies in order to protect the personal information of individuals resident in the state. Many states’ cybersecurity laws have traditionally been focused on penalizing hackers and cybercriminals for criminal behavior. However,[…]

GDPR: Simplifying the Data Protection Impact Assessment Requirement (Whitepaper)

The EU’s new General Data Protection Regulation (“GDPR”) introduces the concept of a Data Protection Impact Assessment (“DPIA”); defined as an analysis of the risks of processing operations on the “rights and freedoms” of data subjects.This means that if your company is processing the data of individuals who are EU citizens you may have to[…]