Information Security Blog
For the past several months I’ve been working on a cyber loss control project performing risk assessments for over 100 New Jersey municipalities. I’m winding down the first phase of the project, which was assessing and identifying vulnerabilities within their IT...read more
An Agreed Upon Procedures document is a great tool for third-party risk management (TPRM) and could be a far better option for smaller businesses when compared to the better-known SOC 2 report. SOC 2 is, by far, the single most requested document in TPRM circles. The...read more
The New York State Department of Financial Services (NYDFS) 23 NYCRR 500 Cybersecurity Requirements for Financial Services Companies is a relatively comprehensive new regulation intended to ensure the security of "Non-Public Information" (largely personally...read more
On March 7, 2017, the self-described “not-for-profit media organization” and whistleblowing website WikiLeaks began releasing the Vault 7 series of documents, which allegedly contain details about activities and capabilities of the CIA to conduct electronic...read more
Want to Proactively Mitigate InfoSec Risk? Have IT Review Contracts with Vendors Before You Sign Them.
Because I have both an audit background and an IT security background, I’m frequently involved in helping clients address contract issues. The activities vendors perform for your organization under contract are an extension of your internal processes. Thus your...read more