Information Security Blog
As IoT Devices Multiply Like Rabbits, Hackers Move in for the Kill
The latest security research confirms across the board what we see in our practice and in the news: weak Internet of Things (IoT) security is creating more vulnerabilities and greater risk than ever. And with devices proliferating and hackers targeting them...
read moreCollection 1 Breach – Why You Need Password Management (and 2FA)
Even this era of near-daily data breach headlines, the Collection 1 trove gives one pause. What is being called the largest public breach ever is apparently just the tip of a gargantuan, 4TB iceberg of unique emails and passwords, all available to hackers worldwide at...
read moreWhen and How to Hire a vCISO
Is a virtual Chief Information Security Officers (vCISO) relationship right for your business? As an experienced vCISO currently serving several clients, these are some of the best reasons my colleagues and I see for “when” it makes sense to hire a vCISO: To meet...
read moreWhy Outsourcing Information Security is an Advantage for Most Organizations
In-source or out-source? … This is a big decision for so many of our clients and prospects. The question most organizations are asking is, “Should we hire a (or another) full-time information security expert, or hire a fractional expert—and how should we decide?” We...
read moreWhat the SOC 2 Changes Mean for Businesses Seeking an InfoSec Attestation
The new SOC 2 Trust Services Criteria (TSC), which the AICPA updated back in April 2017, are now required for SOC 2 reports as of December 15, 2018. These updates reflect the biggest change to the SOC 2 criteria to date. Key Changes New "buckets" parallel ISO 27001 –...
read more
