by John Verry | Oct 4, 2018 | ISMS Consulting
Recently I discussed a potential vCISO engagement with a mid-size restaurant chain (500+ locations). They asked about our experience with, and our thoughts on, “threat hunting.” Threat hunting is loosely defined as “proactive incident response”—actively looking for...
by John Verry | Oct 2, 2018 | ISMS Consulting
New data privacy regulations like GDPR and the California Consumer Protection Act of 2018 (CCPA) are forcing many organizations to factor privacy into their data security programs like never before. Do these new privacy mandates effectively merge the security and...
by John Verry | Sep 27, 2018 | Government
With the EU’s GDPR now in force and California just enacting its Consumer Privacy Act (AB 375), the two-minute warning has sounded for US businesses that work with consumers’ personal data. You must move to implement privacy policies that align with these...
by John Verry | Aug 16, 2018 | InfoSec Strategies
Entities registered with New York State’s Department of Financial Services (NYDFS) are subject to compliance with the 23 NYCRR 500 (aka “Part 500” or “NYDFS 500”) cybersecurity regulation, and a new deadline is fast approaching. Entities who must comply include: Bank...
by John Verry | Aug 7, 2018 | Government
The most significant privacy regulation enacted to date, the EU’s GDPR, still feels “over the horizon” to many US firms. For companies that have delayed privacy initiatives, it’s still easy to “risk rationalize” away the need to comply with GDPR. After all, there have...
