BLOG Latest Blog May 29, 2023How Poor Cyber Asset Management Enabled the Equifax BreachLast Updated on May 29, 2023 On an April 2023 episode of The Virtual CISO Podcast, our guest Huxley Barbee, Learn More Tags/Blog Search Choose 1 or more topics below to expand your search: Application Security Business Continuity Management CCPA Cloud Security Compliance Cybersecurity Cybersecurity Maturity Model Certification (CMMC) Disaster Recovery Ethical Hacking FedRamp GDPR Government Information Security Industry Trends InfoSec Risk Assessment InfoSec Strategies IoT Security ISMS Consulting ISO 22301 ISO 27001 Certification ISO 27701 Network Security NIST Penetration Testing Phishing Privacy Security Awareness Training SIEM SOC 2 Social Engineering Third Party Risk Management Uncategorized Vendor Due Diligence May 29, 20234 Ways a Strong Cyber Asset Management Program Can Help Block Ransomware AttacksContinue Reading May 29, 2023Active Asset Scanning in OT EnvironmentsContinue Reading May 29, 2023Why Vulnerability Management Tools Fall Short for Cyber Asset DiscoveryContinue Reading May 29, 20232 Biggest Challenges with Cyber Asset ManagementContinue Reading May 24, 2023How ISO 27001:2022 Attributes Might Impact Your Certification Audit (and Improve Your Security)Continue Reading May 24, 2023ISO 27001:2022—What is the Level of Transition Effort?Continue Reading May 24, 2023ISO 27001:2022—When Should My Org Make the Transition?Continue Reading May 24, 2023ISO 27001:2022—Insights into What’s NewContinue Reading May 12, 2023RSA Conference 2023 Takeaway—“Shifting Security Left” is Now in Full SwingContinue Reading May 12, 2023RSA Conference 2023 Takeaway—Privacy Will Drive Data GovernanceContinue Reading May 12, 2023RSA Conference 2023 Takeaway—AI is Coming But It’s Not Here YetContinue Reading May 12, 2023RSA Conference 2023 Takeaway—More Than Ever, a Product-Centric Security Strategy is DangerousContinue Reading May 9, 2023How Long Before Software Bill of Materials (SBOM) Moves from Buzzword to ExpectationContinue Reading May 9, 2023A Software Bill of Materials (SBOM) Benefits Both Vendors and UsersContinue Reading May 9, 2023What is an SBOM and Why Are My Customers Suddenly Asking for One?Continue Reading April 28, 2023When You’re Doing Cyber Asset Management… What’s An Asset?Continue Reading April 28, 2023If your asset management sucks, your security sucksContinue Reading April 17, 2023Beware the Latest Funds Transfer Fraud —Deepfake Voice CloningContinue Reading April 6, 2023Should We Implement DevSecOps? You May Not Have a Choice.Continue Reading April 4, 2023Shifting DevSecOps LeftContinue Reading April 3, 2023DevSecOps Depends on Understanding Application-Specific RiskContinue Reading March 31, 2023Getting Started with DevSecOpsContinue Reading March 30, 2023DevSecOps DefinedContinue Reading March 29, 20234 Tactical Steps to Implementing DevSecOps in 2023Continue Reading March 27, 20237 Reasons Why You Should Get CMMC Certified Ahead of the May 2023 RulemakingContinue Reading March 24, 2023Pros and Cons to a “Hybrid Approach” to Microsoft 365 Commercial and GCC/GCC HighContinue Reading March 23, 2023Why is Microsoft 365 GCC High “So Expensive”?Continue Reading March 21, 2023The “Feature Factor” in Moving to Microsoft 365 GCC or GCC HighContinue Reading March 18, 2023How Long Does a Microsoft 365 “Government Cloud” Migration Take?Continue Reading March 17, 20233 Top Considerations for Migrating to a Microsoft 365 “Government Cloud”Continue Reading March 16, 2023Should My Org Be on a Microsoft 365 “Government Cloud”?Continue Reading March 15, 2023Should we be in Microsoft 365 GCC, GCC High, or Commercial?Continue Reading March 7, 2023Will Implementing the New ISO 27001:2022 Control Set Improve Your ISMS?Continue Reading March 8, 20232 “Gotchas” to Avoid on Your Move to ISO 27001:2022Continue Reading March 6, 20233 Things Your ISO 27001:2022 Auditor Would Love to See in Your ISMSContinue Reading March 5, 2023Benefits of Moving to ISO 27001:2022 ASAPContinue Reading March 4, 2023ISO 27001:2022—How Does It Impact Related Standards?Continue Reading March 3, 2023We’re Working Towards Certification to ISO 27001:2013—How Does ISO 27001:2022 Impact Us?Continue Reading March 2, 2023When Will Auditors Be Ready to Certify ISO 27001:2022 Compliance?Continue Reading March 1, 2023When Should You Move to ISO 27001:2022?Continue Reading February 20, 2023Need to Align Your Web App Security Program with NIST’s SSDF or ISO 27001? OWASP SAMM Can Help.Continue Reading February 19, 2023Don’t Dump Application Security on Your DevelopersContinue Reading February 18, 2023Web Application Security—How Mature Are Most Orgs Today?Continue Reading February 17, 2023How (Not) Good is Your Web App Security? OWASP SAMM Can Tell You.Continue Reading February 16, 2023Getting to “Secure by Design” with OWASP SAMMContinue Reading February 15, 2023What is OWASP SAMM and How Can It Elevate Your Application Security?Continue Reading February 10, 2023The TISAX Audit Process: Here’s What to ExpectContinue Reading February 9, 2023TISAX and ISO 27001: How Do They Relate?Continue Reading February 8, 2023TISAX Assessment Objectives, Levels, and LabelsContinue Reading February 7, 2023What is TISAX and Why Should We (as an Auto Industry Supplier) Care?Continue Reading February 6, 2023Understanding TISAX (Trusted Information Security Assessment Exchange)Continue Reading February 3, 2023Emerging Use Cases for Cyber Threat IntelligenceContinue Reading February 3, 2023How Does Cyber Threat Intelligence Relate to Attack Surface Management or Digital Risk Management?Continue Reading February 2, 2023Still Think Your Org Has Nothing Hackers Want?Continue Reading February 2, 2023Cybercrime Business Models and Supply ChainsContinue Reading February 1, 2023How Financially Motivated Cybercriminals Really Operate, and Why You (as an Org with Exploitable Assets) Should CareContinue Reading February 1, 2023Understanding How Cybercriminals Operate Can Protect Your BusinessContinue Reading January 26, 2023What’s New and Exciting with AWS Security?Continue Reading January 25, 2023Public Cloud Consumers: Is Your Management Plane Secure?Continue Reading January 25, 2023What are the Most Important AWS Security Tools that Every Org Should Use?Continue Reading January 25, 2023Why Do So Many Orgs Stumble on Cloud Security?Continue Reading January 25, 2023Different Public Cloud Services Equal Different Shared Security Responsibilities with Your CSPContinue Reading January 25, 20232 Top Security Problems that AWS Users Cause ThemselvesContinue Reading January 25, 2023AWS Cybersecurity Best Practices—From Amazon’s Security Solutions ArchitectContinue Reading January 23, 2023Cyber Insurance Considerations for DIB OrgsContinue Reading January 23, 2023Export Controlled Data: What is It and Why Should We (as a US Government Contractor) Care?Continue Reading January 23, 2023DIB Orgs: Here’s How to Avoid False Claims Act SanctionContinue Reading January 23, 2023Should You Voluntarily Disclose a CUI Incident or Data Breach?Continue Reading January 23, 2023CUI Basic and CUI Specified—What’s the DifferenceContinue Reading January 23, 2023Understanding the Legalities around Controlled Unclassified Information (CUI)Continue Reading January 18, 2023Security Staffing Moves for a Down EconomyContinue Reading January 18, 2023Want to Work Smarter Not Harder in a Down Economy? Embrace Security Automation.Continue Reading January 18, 2023In a Down Economy, Ensure You’re Getting the Max from Security InvestmentsContinue Reading January 18, 2023Why You Should Keep Making Needed Security Investments in a Down EconomyContinue Reading January 18, 2023Why Aligning Cybersecurity with Trusted Frameworks is More Important than Ever in a Down EconomyContinue Reading January 17, 2023A Cybersecurity Strategy is More Critical Than Ever in a Slow EconomyContinue Reading January 17, 2023John Verry’s Top 10 Ideas to Advance Security and Compliance Even in a Tight EconomyContinue Reading January 13, 2023CMMC Rulemaking Changes Again—What’s the Timeline Now?Continue Reading January 5, 2023Leveraging OOTB “Policy as Code” for Cloud Security Posture ManagementContinue Reading January 5, 2023Addressing False Positives and Alert Fatigue across Enterprise Security ToolsContinue Reading January 5, 2023Your Cloud Security Posture Needs Both Preventive and Detective/Corrective ComponentsContinue Reading January 4, 2023Governance as Code—Is It the Answer to Cloud-Native Security?Continue Reading January 4, 2023Security, Compliance and Governance in the Cloud—How Do They Relate?Continue Reading January 4, 2023Dynamic Relationships between Governance, Security, and ComplianceContinue Reading December 28, 2022Is Your Board Prepared for the SEC’s New Cybersecurity Regulations?Continue Reading December 20, 2022Is Attack Surface Management Right for SMBs?Continue Reading December 20, 2022Factoring Third-Party Risk into Attack Surface ManagementContinue Reading December 19, 2022How Much of Your Attack Surface is Beyond Your Visibility?Continue Reading December 19, 2022Is It Still a Data Breach if the Data was Outside Your Infrastructure?Continue Reading December 19, 2022How Do Assets Relate to Attack Surface Management?Continue Reading December 15, 2022What is Digital Business Risk Management and Why is It So Valuable to Security Leaders?Continue Reading December 15, 2022Is Digital Business Risk Management the Future of Attack Surface Management?Continue Reading November 23, 2022Monitoring Security of Your Deployed Public Cloud ApplicationContinue Reading November 22, 2022Validating Security Within Your DevOps PipelineContinue Reading November 10, 2022Time’s (Almost) Up for California Privacy ComplianceContinue Reading November 21, 2022Skills to Look for in Developers to Move Your Applications to the CloudContinue Reading November 18, 2022Should We Containerize Our Cloud-Based Application?Continue Reading November 17, 2022Should You Outsource Managing Your App Along with Building It?Continue Reading November 16, 2022Are There Any Simple Templates to Help Manage a Secure Web App in the Public Cloud?Continue Reading November 15, 2022The Complexities of Deploying a Secure Application in the CloudContinue Reading November 14, 2022What are a New Privacy Lead’s Biggest Challenges? (From a Fortune 500 CPO)Continue Reading November 11, 2022Tips from a Fortune 500 CPO on Automating Your Privacy ProgramContinue Reading November 10, 2022Tackling the Legal Side of Privacy without Becoming a LawyerContinue Reading November 9, 2022How Does Physical Security Tie into Privacy?Continue Reading November 7, 2022The New Intersection of Privacy and Security (from a Fortune 500 CPO)Continue Reading November 7, 2022The Intersection of Privacy & SecurityContinue Reading October 26, 2022What Will It Take to Survive a Third-Party CMMC Level 2 Assessment?Continue Reading October 26, 2022DIB Orgs: Here’s What’s Up with CMMC “Flowdown” and New Pressures from PrimesContinue Reading October 25, 2022We Don’t Think We Need CMMC Level 2 but the Government Says We Do…Continue Reading October 25, 2022Should We Pursue a Voluntary CMMC Assessment?Continue Reading October 24, 2022Is There a Path for Non-US Companies to be CMMC Certified?Continue Reading October 24, 2022ISO 27001 Certified Orgs—Here’s the Latest on CMMC ReciprocityContinue Reading October 24, 2022House Approves Updated FedRAMP Authorization ActContinue Reading October 21, 2022Can SMBs Afford CMMC Level 2 Certification?Continue Reading October 21, 2022When Do We Need to Be CMMC 2.0 Certified?Continue Reading October 20, 2022DIB Orgs: Here are Answers to Your Top CMMC Encryption and MFA QuestionsContinue Reading October 20, 2022Does My DIB Org Need a SIEM for CMMC ComplianceContinue Reading October 19, 2022Your Top CMMC Questions AnsweredContinue Reading October 14, 2022SME InfoSec Leads: Here’s How to Kickstart a Privacy ProgramContinue Reading October 17, 2022How Automation Can Help Operationalize a Privacy ProgramContinue Reading October 13, 2022How Automation Can Help with Data Privacy Impact AssessmentContinue Reading October 12, 2022SMEs: Do You Know Where All Your Customers’ Personal Data Resides?Continue Reading October 11, 2022SMEs: Are Your Customers Pushing You Towards a Privacy Program?Continue Reading October 10, 2022The Two Audiences For Privacy & How They Drive Data CollectionContinue Reading October 7, 2022Is Cybersecurity Certification Worth the Effort?Continue Reading October 6, 2022Can Disaster Recovery and Business Continuity Help with Software Supply Chain Risk Assessment?Continue Reading October 5, 2022Can Cybersecurity Frameworks Help with Software Supply Chain Risk Management?Continue Reading October 4, 2022Supply Chain Risk Management and Third-Party Risk Management: What’s the Difference?Continue Reading October 3, 2022What is Software Supply Chain Risk Management and Why Should We (as an Org That Uses Software) Care?Continue Reading October 3, 2022The FTC’s Intensified Prosecution of Deceptive Cybersecurity and Privacy Practices: Here’s What You Should KnowContinue Reading September 30, 2022Unpacking Critical Elements of Supply Chain Risk ManagementContinue Reading September 30, 2022PATCH Act Legislation Could Expand Medical Device Manufacturing Cybersecurity RegulationsContinue Reading September 27, 2022NIST Update on HIPAA Security Rule Can Help Your Org Reduce ePHI Risk ExposureContinue Reading September 19, 2022OMB Mandates US Federal Agencies to Comply with NIST Guidance on Software Supply Chain SecurityContinue Reading August 8, 2022How Does the NIST Secure Software Development Framework (SSDF) Compare with OWASP SAMM, BSIMM, etc.?Continue Reading August 4, 2022What is the Software Development Lifecycle and Why is It Central to Software Security?Continue Reading July 28, 2022The Cyberspace Solarium Commission Report and CMMC—How Do They Connect?Continue Reading July 28, 2022We Need Public/Private Partnership to Fight the Cyber War We’re InContinue Reading July 27, 2022What is the Cyberspace Solarium Commission Report and Why Should I Care?Continue Reading July 22, 2022How Does DevOps Impact Your Database Security?Continue Reading July 21, 2022How Moving to the Cloud Impacts Your Database SecurityContinue Reading July 20, 20223 Reasons Why Database Security is UndervaluedContinue Reading July 20, 20225 Top Database Risks You Didn’t Know You HadContinue Reading July 19, 2022Confronting the Wild West of Database SecurityContinue Reading July 18, 2022The Argument for More Board-Level Cybersecurity ExpertiseContinue Reading July 15, 2022What is “Secure By Default” and How Do We Get There?Continue Reading July 14, 2022Looking Beyond Trusted Frameworks to Achieve Robust CybersecurityContinue Reading July 13, 2022Bridging the Gap Between Cybersecurity and the Business WorldContinue Reading July 8, 2022Does Your Cyber Liability Insurance Fit with Your Total Insurance Coverage?Continue Reading July 8, 20223 Top Reasons Why an Attorney Should Review Your Cyber Liability Insurance PolicyContinue Reading July 8, 2022Are Cyber Liability Insurance Companies (Entirely) to Blame for Today’s Onerous PremiumsContinue Reading July 8, 2022Why Cyber Liability Insurance Has Become the “Wild West”Continue Reading July 7, 2022Legal and Infosec Strategies to Deal with Exploding Cyber Liability Insurance PremiumsContinue Reading September 1, 2022DIB Orgs: Time is Almost Up for DFARS and NIST 800-171 ComplianceContinue Reading August 26, 2022What is the OWASP Software Assurance Maturity Model (SAMM) and Why Should We (as an Org That Develops Software) Care?Continue Reading August 26, 2022Applying the OWASP Software Assurance Maturity Model (SAMM) in Your EnvironmentContinue Reading August 30, 2022OWASP SAMM’s 5 Business Functions UnpackedContinue Reading August 29, 2022BSIMM and OWASP SAMM ComparedContinue Reading August 29, 2022Using OWASP’s Software Assurance Maturity Model (SAMM) and Application Security Verification Standard (ASVS) TogetherContinue Reading August 25, 2022Breaking Down the Latest in Software Security Standards & the Impact on SaaS BusinessesContinue Reading August 23, 2022Top Use Cases for Continuous API SecurityContinue Reading August 22, 2022What is Continuous API Scanning and Why Should We (as App Developers) Care?Continue Reading August 22, 2022What are the Financial Benefits of API-Level Security?Continue Reading August 19, 2022How Does an API-First Architecture Affect Your App Attack Surface?Continue Reading August 19, 2022Application Security and API Security are Becoming Synonymous—Are You Ready?Continue Reading August 18, 2022What You Need to Know about APIs and API SecurityContinue Reading August 12, 2022Aligning Security with Business Goals to Create More ValueContinue Reading August 12, 2022The “Value Creation” Side of Return on Security Investment (ROSI) EstimatesContinue Reading August 11, 2022A Risk-Based Approach to Calculating Return on Security Investment (ROSI)Continue Reading August 11, 2022Return on Security Investment (ROSI): What is It and How Do You Calculate It?Continue Reading August 10, 2022How to Measure the Value of Information SecurityContinue Reading August 8, 2022What’s the Effort to Align Your Dev with the NIST Secure Software Development Framework (SSDF)?Continue Reading August 4, 2022Making the Most of the CMMC Assessment Guidance from the CyberABContinue Reading August 5, 2022Here’s Why Software Vendors Should Align with the SSDF Whether Mandated or NotContinue Reading August 5, 2022Why Does the USG Think We Need the NIST Secure Software Development Framework (SSDF)?Continue Reading August 4, 2022What is the NIST Secure Software Software Development Framework and Why Should We (as a Software Vendor) Care?Continue Reading August 3, 2022What NIST’s Secure Software Development Framework Means to YouContinue Reading July 26, 2022US Gov. Cybersecurity Roadmap: Where it came from and Where is it Going?Continue Reading August 1, 2022US Government Threat Intelligence Programs: Where Are They Headed?Continue Reading July 29, 2022Recent White Papers from the Cyber Solarium Commission—What is Their Purpose?Continue Reading July 29, 2022What is the Cyberspace Solarium Commission 2.0 Project and Why Should I (as a US Citizen) Care?Continue Reading July 27, 2022What is Continuity of the Economy Planning and Why Should I (as a US Citizen) Care?Continue Reading July 21, 2022Your Database Attack Surface is Bigger than You ThinkContinue Reading July 14, 2022The Strategy Behind the Gula Tech Adventures PortfolioContinue Reading July 18, 2022Why Philanthropy is Important in CybersecurityContinue Reading July 14, 2022How Do You Know If Your Business is Really Secure?Continue Reading July 11, 2022What is a Breach Counselor and Why Do We (as an Org with Cyber Liability Insurance) Care?Continue Reading July 11, 2022Do You Know Your Cyber Liability Insurance Obligations?Continue Reading June 30, 2022CMMC 2.0: Is Certification Worth the Cost and Risk?Continue Reading June 29, 2022CMMC 2.0: Choose Your Registered Provider Organization CarefullyContinue Reading June 28, 2022CMMC 2.0: DoD Emphasizes “Nothing Has Changed” (So Why Aren’t You Ready?)Continue Reading June 27, 2022CFIUS Cybersecurity Considerations: Here’s What You Need to KnowContinue Reading June 27, 2022CMMC 2.0: DoD Clarifies Rollout Schedule and MoreContinue Reading June 24, 2022Benefits of Categorizing NIST 800-171 Requirements as Technical Versus NontechnicalContinue Reading June 24, 2022Important Clarifications on CMMC v2 from CMMC Day May 9, 2022Continue Reading June 16, 2022What Really Drives Innovation in Cybersecurity?Continue Reading June 16, 2022Are We More or Less Secure than 20 Years Ago?Continue Reading June 15, 2022Investors are Targeting These Emerging Cybersecurity AreasContinue Reading June 15, 20223 Different Types of Private Equity Firms ExplainedContinue Reading June 14, 20225 Top Criteria for Venture Capitalists Evaluating Tech CompaniesContinue Reading June 14, 2022The Past, Present and Future of Cybersecurity From the Viewpoint of a Venture CapitalistContinue Reading June 9, 2022What is OWASP SAMM and Why Should We (as an Org that Develops Software) Care?Continue Reading June 7, 2022How Attack Surface Management Calculates Attack PathsContinue Reading June 7, 2022How Does Attack Surface Management Connect with Patch Management?Continue Reading June 6, 2022Top Scenarios for Implementing Attack Surface ManagementContinue Reading June 6, 2022NopSec’s Vision for Attack Surface ManagementContinue Reading June 3, 2022Attack Surface Management: Should It Cover Configuration Management?Continue Reading June 3, 2022What is Attack Surface Management and Why Should We (as an Org with Vulnerabilities) Care?Continue Reading June 2, 2022Understanding Attack Surface ManagementContinue Reading June 2, 2022Protecting CUI Nonfederal OrganizationsContinue Reading May 27, 2022Here’s What State-of-the-Art Entryway Security Looks LikeContinue Reading May 26, 2022Does My Business Need Better Entryway Security?Continue Reading May 25, 2022Why Physical Security and Cybersecurity are ConvergingContinue Reading May 24, 2022The Convergence of Physical & CybersecurityContinue Reading May 19, 2022CMMC 2.0 Level 3 Certification: What’s Up with That for MSPs/MSSPs?Continue Reading May 19, 2022MSPs/MSSPs: Here’s the Latest CMMC/NIST 800-171 Compliance TimelineContinue Reading May 18, 2022Why MSPs/MSSPs Should Develop a Shared Responsibility MatrixContinue Reading May 18, 2022When is an MSP/MSSP a CSP for CUI Protection Purposes?Continue Reading May 17, 2022MSPs/MSSPs: Are You Subject to “Flowdown” CUI Protection Requirements?Continue Reading May 17, 2022CMMC Compliance for MSPs/MSSPs: Taking a “Cross-Client” ApproachContinue Reading May 16, 2022CMMC Compliance for MSPs/MSSPs: 3 Shared Responsibility AnglesContinue Reading May 16, 2022What New CMMC Guidance Means for MSPs and MSSPsContinue Reading May 10, 2022Got Hardcopy CUI? NIST SP 800-171 Requirements Apply.Continue Reading May 9, 2022Step #8 to Retaining Security Talent: Win-Win CommunicationContinue Reading May 9, 2022Step #7 to Retaining Security Talent: Make Career Promotion Criteria Outlined & TransparentContinue Reading May 6, 2022Step #6 to Retaining Security Talent: Roles & Responsibilities are Clearly Defined & MeasuredContinue Reading May 6, 2022Step #5 to Retaining Security Talent: Consistent Management TrainingContinue Reading May 5, 2022Step #4 to Retaining Security Talent: Kindness-Only CultureContinue Reading May 5, 2022Step #3 to Retaining Security Talent: Self-Care CultureContinue Reading May 4, 2022Step #2 to Retaining Security Talent: Positive Attitude CultureContinue Reading May 4, 2022Step #1 to Retaining Security Talent: Emotionally Intelligent ManagersContinue Reading May 3, 20228 Ingredients for Baking Inclusivity into Your CultureContinue Reading April 22, 2022SEC Proposes New Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident DisclosureContinue Reading April 22, 2022The NIST Cybersecurity Framework Helps Business and Technical Leaders Communicate About SecurityContinue Reading April 22, 2022Cloud Controls MatrixContinue Reading April 22, 2022Local Storage Versus Cookies: Which to Use to Securely Store Session TokensContinue Reading May 2, 2022How Panther Helps Get You Real-Time Access to Arbitrary Security DataContinue Reading April 29, 2022Comparing the Cost of “SIEM”: How Much and Time-to-ValueContinue Reading April 28, 2022Get Proactive with Real-Time Streaming Security AnalyticsContinue Reading April 27, 2022Big Data, Snowflake and the Reinvention of SIEMContinue Reading April 26, 2022“The State of SIEM” and Why the Security Industry Needs to Move OnContinue Reading April 25, 2022What is “Serverless SIEM” and Why Should We (as an Org Trying to Detect Cyber Threats) Care?Continue Reading April 22, 2022Becoming More Efficient w/ a Cloud-Native Approach to Data SecurityContinue Reading February 2, 20223 Top Ways to Incorporate NIST 800-171 into Your ISO 27001 or SOC 2 ProgramContinue Reading February 2, 20224 Key Responses to New US Government Cybersecurity RegulationsContinue Reading February 2, 2022CISA, Critical Infrastructure and CUI: 3 New Drivers for the Future of Your ISO 27001 or SOC 2 Cybersecurity ProgramContinue Reading February 2, 2022A Brief History of Recent US Government Cybersecurity Guidance and Why You Should Care—Even If You Don’t Do Business with the USGContinue Reading December 3, 2021Are SaaS Customers a Bigger Business Risk to their Vendors than Vice Versa?Continue Reading December 3, 20214 Top Things Your SaaS Vendors Should Be Doing to Prove They’re SecureContinue Reading December 3, 2021AI-Based Threat Detection for SaaS Applications: “Suspenders to Backup Your Belt”Continue Reading December 3, 2021Customer Managed Encryption Keys: With Great Power Comes Great ResponsibilityContinue Reading December 3, 2021The Cloud Security “Shared Responsibility” Model is EvolvingContinue Reading December 3, 2021Here’s Why Cloud-Based Solutions are Now More Secure than On-PremContinue Reading April 15, 2022Using the CSA STAR Program for ProcurementContinue Reading April 14, 2022How the Cloud Security Alliance Addresses PrivacyContinue Reading April 13, 2022What is the CSA Cloud Controls Matrix and Why Should Everyone on the Cloud Care?Continue Reading April 12, 2022What is the Cloud Security Alliance and Why Should I (as Someone Selling or Buying Cloud Services) Care?Continue Reading April 11, 2022Essential Cloud Security & Compliance Tips from CSAContinue Reading April 8, 2022CMMC 2.0: What’s Ahead for the DIB?Continue Reading April 7, 2022Why is Management Buy-In a Challenge for CMMC Compliance?Continue Reading April 7, 2022Dib Orgs: Here’s How to Apply the CMMC Scoping Guide to OT AssetsContinue Reading April 6, 2022Dib Orgs: Why is Asset Management a Challenge?Continue Reading April 6, 2022Dib Orgs: What to Do If You Don’t Think You Have CUIContinue Reading April 5, 2022CMMC 2.0 ScopingContinue Reading April 5, 20223 Reasons Why It’s So Hard to Identify CUIContinue Reading April 4, 20223 Top Challenges with CMMC 2.0Continue Reading April 4, 2022Ongoing Challenges with CMMCContinue Reading April 8, 2022CMMC 2.0 Rulemaking: What are the Implications for Government Contractors Outside the DIB?Continue Reading April 4, 2022Fleet Device Management: Future PlansContinue Reading April 1, 2022How Malware SpreadsContinue Reading April 1, 2022Using Fleet’s Policy Feature for Configuration ManagementContinue Reading March 31, 2022Open Source Device Management—Can It Improve Your Vulnerability Management?Continue Reading March 30, 2022Open Source Device Management—Is It Right for Your Use Cases?Continue Reading March 29, 2022Open Source Device Management—It’s All About Transparency and FlexibilityContinue Reading March 28, 2022Is Open Source the Future of Endpoint SecurityContinue Reading March 25, 2022IoT Device Security: What to Look for from VendorsContinue Reading March 24, 2022IoT Security Guidance: What is Its Real-World Value?Continue Reading March 23, 2022Remotely Hacking IoT Devices: Here’s How It’s DoneContinue Reading March 23, 2022“AWS for Security” — A One-Stop Shop in the Making?Continue Reading March 22, 2022A Hardware Hacker’s Top Tips for Building Secure IoT DevicesContinue Reading March 22, 2022“AWS for Security” — Can It Also Support Compliance?Continue Reading March 22, 2022The New NIST Secure Software Development Framework: Why It’s So Important for the USG Supply ChainContinue Reading March 21, 2022“AWS for Security”—Can It Reduce Your Security Software Costs?Continue Reading March 21, 2022OK, So… What’s an IoT Device?Continue Reading March 18, 2022Are You Ready for “AWS for Security”?Continue Reading March 17, 2022The “AWS Approach” to Provable SecurityContinue Reading March 16, 2022The New ISO 27002:2022—What Does It Mean for Your ISO 27001 ISMS?Continue Reading March 16, 2022The Value of Attributes in the New ISO 27002:2022Continue Reading March 15, 2022The OMB’s Final Zero Trust Strategy: 8 Key TakeawaysContinue Reading March 15, 2022The New ISO 27002:2022—What’s New with the Controls?Continue Reading March 15, 2022The New ISO 27002:2022—What are “Themes” and Why are They Cool?Continue Reading March 14, 2022The New ISO 27002:2022 — How Was It Developed?Continue Reading March 14, 2022What Does the New ISO 27002 Update Mean for You?Continue Reading March 14, 2022DIB Orgs: Can You Identify CUI?Continue Reading March 14, 2022DIB Orgs: Your SPRS Score, System Security Plan and POAMs Had Better Be for RealContinue Reading March 11, 2022Continuous Compliance: What Are the Business Benefits?Continue Reading March 11, 2022Continuous Compliance for DIB Orgs: What Are Some Examples?Continue Reading March 10, 20223 Inescapable Reasons Why DIB Orgs are Now Reliant on Their Compliance ProgramsContinue Reading March 10, 2022CMMC 2.0 Compliance—What Will It Look Like at Level 1 or Level 2?Continue Reading March 10, 2022Microsoft Just Endorsed ISO 27001 (and ISO 27701) Over SOC 2! Here’s What It Means to YouContinue Reading March 9, 2022CMMC 2.0 Compliance—Here’s What to Focus on NowContinue Reading March 9, 2022Continuous Compliance—What is It and Why Should You (as a DIB Org) Care?Continue Reading March 8, 2022John Verry’s 2022 InfoSec Prediction #8: CSPs Up Their Security GameContinue Reading March 8, 2022John Verry’s 2022 InfoSec Prediction #7: Software Security Goes MainstreamContinue Reading March 7, 2022John Verry’s 2022 InfoSec Prediction #6: Companies Will Look to Shorten Their Vendors ListsContinue Reading March 7, 2022John Verry’s 2022 InfoSec Prediction #5: “Our Compliance Officer” and/or “Our GRC Platform” Enter Your LexiconContinue Reading March 4, 2022John Verry’s 2022 InfoSec Prediction #4: The Use of Fractional/Virtual CISOs Will Continue to Grow RapidlyContinue Reading March 4, 2022John Verry’s 2022 InfoSec Prediction #3: Supply Chain Risk Management Will Continue to Grow in ImportanceContinue Reading March 3, 2022John Verry’s 2022 InfoSec Prediction #2: Cyber Liability Insurance Premiums and Due Diligence Will Increase SignificantlyContinue Reading March 3, 2022John Verry’s 2022 InfoSec Prediction #1: Zero Trust Moves from Buzzword to RealityContinue Reading
