Information Security Blog
3 “First To-Dos” after You Complete Your Privacy Data Mapping Exercise
Chances are your business is concerned about compliance with privacy legislation like CCPA and GDPR. Perhaps you’ve undertaken a data mapping exercise and are starting to wrap your hands around the “now what?” part of the process. What are the practical first steps...
read more5 Tips to Create an Effective Information Security Management Committee (ISMC)
For organizations moving to reduce information security risk, an effective information security management committee (ISMC) is essential to drive security strategy, eliminate redundant security effort and spending, get a grip on complex infrastructure issues and...
read moreHey SaaS Companies! Have an Amazing Product/Service But No Security Program Yet? No Worries!
A number of our current clients, especially in the technology and SaaS sector, are startups or spinoffs with very exciting products. Prospects—including large enterprises—are lining up to evaluate them. But when the discussion turns to security and compliance...
read moreYes, You Still Need Penetration Testing in the Cloud
Just because you moved your virtual servers, databases and/or applications to the public cloud doesn’t mean they are somehow now magically secure. You still need penetration testing to verify your cloud environment is secure and to uncover any potential risks. Full...
read moreRisk Management – If a Thing is Worth Doing, Its Worth Doing Right
On many engagements, part of my role is helping clients see their initial information security objective in the context of a bigger security picture. For example, a new client just came to us having inadequately addressed a questionnaire/risk assessment from one of...
read more
