1-888-742-1538 Contact Us

BLOG

Latest Blog

CMMC in Q2 2025: Your Top Questions Answered

Last Updated on June 26, 2025 As the US Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) 2.0 program

EP Post OSCAL How Third Party

How Third-Party Experts Can Help with OSCAL Adoption

Continue Reading

EP Post OSCAL Help with Continuous Compliance

Can OSCAL Help with FedRAMP and CMMC Compliance?

Continue Reading

EP Post OSCAL Got FedRAMP

Got FedRAMP – OSCAL

Continue Reading

EP Post OSCAL Cliff Notes

OSCAL Cliff Notes for Business and Technical Leaders

Continue Reading

banner image with lettering of the title of the article.

AI-Related Roles That ISO 42001 Auditors Will Look For

Continue Reading

banner image with lettering of the title of the article.

5 AI Stakeholder Roles for ISO 42001: Where Does Your Business Fit?

Continue Reading

PPS Blog Banners Reasons vCISO

6 Reasons Why Every SMB Now Needs a vCISO

Continue Reading

PPS Blog Passkey Possible Downsides

Passkeys: 7 Possible Downsides for SMBs

Continue Reading

PPS Blog Is it Time to Start Moving from Passkeys

SMBs—Is It Time to Start Moving from Passwords to Passkeys?

Continue Reading

PPS Blog Why are Passkeys Soooo Much Better

Why are Passkeys So Much Better than Passwords?

Continue Reading

Ep Post Cloud Detection Response Remediation

Cloud Detection and Response: How Much Auto-Remediation is Safe?

Continue Reading

Toward a Platform Approach

Is the Cybersecurity Tool Space Evolving Toward a Platform Approach?

Continue Reading

What is Cloud Detection Rresponse

What is Cloud Detection and Response and How Can It Help My Business?

Continue Reading

Ep Post The Drivers Making vCISO

February 28, 2025

Four Drivers Making Virtual CISO Engagements More Popular than Ever in 2025

Continue Reading

Ep post The Hiring of a vCISO

February 26, 2025

Hiring a vCISO? Make Sure They Know Your Industry

Continue Reading

EP Post The Phases of vCISO

February 24, 2025

What are “The 3 Phases of vCISO” and Which Phase is My SMB In?

Continue Reading

Ep Post Do e need a virtual CISO or VST

February 20, 2025

Do We Need a Virtual CISO? Or a Virtual Security Team?

Continue Reading

Ep Post The Reasons vCISO Engagements fail

February 18, 2025

9 Reasons vCISO Engagements Fail

Continue Reading

PPS Blog Banners DW SMB

February 12, 2025

Dark Web Monitoring for SMBs—7 Features to Look For

Continue Reading

10 Top Dark Web Monitoring Cases

February 10, 2025

10 Top Dark Web Monitoring Use Cases for Your Business

Continue Reading

PPS Blog Banners DW What is DW

February 6, 2025

What is the Dark Web and Why Does My Business Need to Go There?

Continue Reading

PPS Blog Banners Post CMMC Final Rule Key

January 15, 2025

CMMC Final Rule: 5 Key Concerns Around the Annual Affirmation of Compliance

Continue Reading

PPS Blog Banners Blog CMMC Does My MSP Need to be compliant

January 13, 2025

CMMC Final Rule: Does My MSP or CSP Need to be CMMC Compliant?

Continue Reading

PPS Blog Banners Blog CMMC What is the Final Rule on Flowdown

January 10, 2025

CMMC Final Rule: What is the Final Word on Flowdown?

Continue Reading

PPS Blog Banners Blog CMMC When Do we need to be Ready

January 8, 2025

CMMC Final Rule: When Do We Need to be Ready?

Continue Reading

PPS Blog Banners Ransom

December 27, 2024

The Rising Threat from Targeted “Data Ransom” Attacks—and How to Protect Your Business

Continue Reading

PPS Blog Banners Cyber Contingency

January 2, 2025

Cybersecurity Contingency Planning 101

Continue Reading

PPS Blog Banners FEDRAMP

December 27, 2024

Four Major Reasons Why Up To 60% FedRAMP Efforts Fails – And How To Prevent Them.

Continue Reading

PPS Blog Banners TXRAMP

December 30, 2024

TX-RAMP Versus StateRAMP—Which is Right for My Business?

Continue Reading

PPS Blog Banners AZRAMP

December 19, 2024

What is AZRAMP and Does My Business Need to Comply?

Continue Reading

What are the New CMMC 2.0 Flowdown Requirements to Manage Defense Supply Chain Cyber Risk?

October 23, 2024

What are the New CMMC 2.0 Flowdown Requirements to Manage Defense Supply Chain Cyber Risk?

Continue Reading

a poster that says what is swarm al and how can it advance cybersecurity

October 10, 2024

What is Swarm AI and How Can It Advance Cybersecurity?

Continue Reading

How CMMC Enhances Defense Supply Chain Security

October 3, 2024

How CMMC Enhances Defense Supply Chain Security

Continue Reading

a poster that says ' is decentralized cybersecurity mesh the future of cybersecurity '

October 3, 2024

Is Decentralized Cybersecurity Mesh the Future of Cybersecurity?

Continue Reading

poster that says what is a post-quantum strategy and does our business need one

September 27, 2024

What is a Post-Quantum Strategy and Does Our Business Need One?

Continue Reading

the question 'what is Kubernetes security posture management (KSPM) and why should we (as cloud-native developers) care?' with a shield containing a lock in the background

September 27, 2024

What is Kubernetes Security Posture Management (KSPM) and Why Should We (as Cloud-Native Developers) Care?

Continue Reading

a flyer for cbiz pivot point security talks about registered practitioners versus certified cmmc professionals

September 20, 2024

Registered Practitioners Versus Certified CMMC Professionals: What’s the Difference for DIB Orgs Seeking CMMC Compliance?

Continue Reading

the question 'what is a cloud native application protection platform (CNAPPP) and what can it do for my business?' with a pair of hands on a keyboard in the background

September 16, 2024

What is a Cloud Native Application Protection Platform (CNAPP) and What Can It Do for My Business?

Continue Reading

a blue background with the words what is cloud infrastructure entitlement management and why is it becoming so important

September 16, 2024

What is Cloud Infrastructure Entitlement Management (CIEM) and Why Is It Becoming So Important?

Continue Reading

a blue background with the words what is the cmmc assessment process (cap) handbook and why should dib orgs care

September 6, 2024

What is the CMMC Assessment Process (CAP) Handbook and Why Should DIB Orgs Care?

Continue Reading

iso 27001 vs nist 800-53 all you need to know

August 30, 2024

ISO 27001 vs NIST 800-53: All You Need to Know

Continue Reading

the question 'ISO 27001 vs NIST cybersecurity framework: what's the difference?' with blue circuits in the background

August 30, 2024

ISO 27001 vs NIST Cybersecurity Framework: What’s the Difference?

Continue Reading

a poster that says the primary importance of cui scoping for cmmc certification

August 20, 2024

The Primary Importance of CUI Scoping for CMMC Certification

Continue Reading

CBIZ Pivot Point Security banner explaining know the difference between iso 27001 vs 27002 vs 27003

August 20, 2024

Know the Difference between ISO 27001 vs 27002 vs 27003

Continue Reading

a person typing on a keyboard with the words what is content disarm and reconstruction

August 13, 2024

What is Content Disarm and Reconstruction and Why Should I (as a Recipient of Digital Documents) Care?

Continue Reading

a blue background with the words the role of leadership in iso 27001 compliance

The Role of Leadership in ISO 27001 Compliance

Continue Reading

Why file based malware dominates cyberattacks

Why File-Based Malware Dominates Cyberattacks

Continue Reading

a poster for data detection and response for privacy and compliance

Data Detection and Response for Privacy and Compliance

Continue Reading

a poster that says dib smbs rate their cybersecurity as much better than it actually is

DIB SMBs Rate Their Cybersecurity as Much Better than It Actually Is – Why?

Continue Reading

top 5 insights from radic 's dib cybersecurity maturity report 2024

Top 5 Insights from Radicl’s DIB Cybersecurity Maturity Report 2024

Continue Reading

the question 'how should crisis management connect with incident responses?' with two individuals in the background looking at something in the distance

How Should Crisis Management Connect with Incident Response?

Continue Reading

a blue background with the words cmmc certification vs. cmmc compliance which one do you need

CMMC Certification vs. CMMC Compliance: Which One Do You Need?

Continue Reading

CBIZ Pivot Point Security banner explaining how long it takes to get CMMC certification

CMMC Certification: How Long Does It Take to Get Certified?

Continue Reading

a blue background with the words what privacy roles does my business need

What Privacy Roles Does My Business Need?

Continue Reading

the question 'what is secure web gateway and how does it support zero trust?' with a background including a lock and screens

What is a Secure Web Gateway and How Does It Support Zero Trust?

Continue Reading

18 us states have now passed privacy laws time to start building trust

18 US States Have Now Passed Privacy Laws – Time to Start Building Trust

Continue Reading

a woman looking at a tablet with the words 10 most important steps to build a data privacy program

10 Most Important Steps to Build a Data Privacy Program

Continue Reading

the question 'what are SaaS providers doing with your data?' with a globe, a hand holding a phone, and a laptop in the background

What are SaaS Providers Doing with Your Data?

Continue Reading

the text 'the problem with zero trust network access is trusting the service provider' with a pair of hands typing on a keyboard in the background

The Problem with Zero Trust Network Access is Trusting the Service Provider

Continue Reading

Considering ISO 42001? Here are 5 Recommended Guidance Sources

Considering ISO 42001? Here are 5 Recommended Guidance Sources

Continue Reading

top ransomware defenses you probably don 't have in place

Top Ransomware Defenses You Probably Don’t Have in Place

Continue Reading

a woman looking at a tablet with words what is ransomware and how has it morphed in the last decade

What is Ransomware and How Has It Morphed in the Last Decade?

Continue Reading

a poster that says what is iso 42001 and why should we as an org that develops and / or uses ai care

What is ISO 42001 and Why Should We (as an Org that Develops and/or Uses AI) Care?

Continue Reading

the text 'crucial role of cybersecurity in IPO preparation' with a watch displaying a figure of a person in the background

The Crucial Role of Cybersecurity in IPO Preparation

Continue Reading

Pivot Point Security banner explaining the key elements of an iso 42001 AI management system

ISO 42001: What are the Key Elements of an AI Management System?

Continue Reading

iso 42001 27001 and 27701 is this the new " big 3 " for provably secure and compliant ai

ISO 42001, ISO 27001 and ISO 27701: Is This the New “Big 3” for Provably Secure and Compliant AI?

Continue Reading

CBIZ Pivot Point Security banner explaining how much does ISO 27001 certification cost in 2024

How Much Does ISO 27001 Certification Cost in 2024?

Continue Reading

a poster that says what is distributed ledger technology and how can it simplify privacy compliance

What is Distributed Ledger Technology (DLT) and How Can It Simplify Privacy Compliance?

Continue Reading

CBIZ Pivot Point Security banner explaining how virtual ciscos and community banks work together

Virtual CISOs and Community Banks—Perfect Together

Continue Reading

the question 'what is Hedera Hashgraph and how does it solve blockchain privacy issues?' with a background of glowing lines connected by dots

What is Hedera Hashgraph and How Does It Solve Blockchain Privacy Issues?

Continue Reading

a poster that says data privacy compliance in higher ed now is the time

Data Privacy Compliance in Higher Ed: Now is the Time

Continue Reading

what is a tisax simplified group assessment and who can use it

What is a TISAX Simplified Group Assessment and Who Can Use It?

Continue Reading

a blue background with the words cmmc proposed rule changes

CMMC Proposed Rule Changes: What’s Changing and How to Prepare

Continue Reading

a poster that says what is kubescape and why should we ( as cloud-native developers ) care

What is Kubescape and Why Should We (as Cloud-Native Developers) Care?

Continue Reading

the text 'container and Kubernetes security: a nontechnical introduction' featuring glowing lines connected by dots in the background

Container and Kubernetes Security: A Nontechnical Introduction

Continue Reading

Pivot Point Security Banner explaining what is a container & why they are popular with developers

What is a Container and Why are They So Popular with Developers?

Continue Reading

poster that says what is the new jersey data privacy law and how can we streamline compliance

February 27, 2024

What is the New Jersey Data Privacy Law, and How Can We Streamline Compliance?

Continue Reading

the eu ai act 9 top questions answered poster

February 23, 2024

The EU AI Act: 9 Top Questions Answered

Continue Reading

soc 2 reports which trust services criteria do you need

February 22, 2024

SOC 2 Reports – Which Trust Services Criteria Do You Need?

Continue Reading

a poster for key takeaways from the 2023 soc benchmark study

February 21, 2024

6 Key Takeaways from the 2023 SOC Benchmark Study

Continue Reading

a blue background with the words cmmc proposed rule new guidance on cmmc level 3

February 16, 2024

CMMC Proposed Rule: New Guidance on CMMC Level 3

Continue Reading

the text 'the new CMMC proposed rule-answers to your top 9 questions' with glowing lines connected by dots in the background

February 14, 2024

The New CMMC Proposed Rule—Answers to Your Top 9 Questions

Continue Reading

iso 27001 accreditation why it matters for cloud service providers

February 9, 2024

ISO 27001 Accreditation: Why It Matters for Cloud Service Providers

Continue Reading

a blue background with the words how to measure the value of information security

February 6, 2024

Continue Reading

a blue background with the words " 2 principles to revolutionize security awareness training "

February 1, 2024

2 Principles to Revolutionize Security Awareness Training

Continue Reading

a poster that says what is cybersecurity and how can it improve diversity on my cybersecurity team

January 26, 2024

What is Cyversity and How Can It Improve Diversity on My Cybersecurity Team?

Continue Reading

the question 'what is the digital operational resilience act (dora) and how could it impact my business?' with question marks in the background

January 22, 2024

What is the Digital Operational Resilience Act (DORA) and How Will It Impact My Business?

Continue Reading

the text 'empowering diversity in the cybersecurity industry' with vertical glowing lines in the background

January 22, 2024

Empowering Diversity in the Cybersecurity Industry

Continue Reading

the text 'iso 27001 and data protection: the crucial link' is displayed in front of glowing lines going every direct across the background

January 6, 2024

ISO 27001 and Data Protection: The Crucial Link

Continue Reading

a question mark with the words what are the 5 key devops research & assessment ( dora ) metrics

January 4, 2024

What are the 5 Key DevOps Research & Assessment (DORA) Metrics and Why Should I Care?

Continue Reading

cyber essentials plus what is it and how can it help my business

January 3, 2024

Cyber Essentials Plus: What is It and How Can It Help My Business?

Continue Reading

a blue background with a graph and the words a deep dive iso 27001 2022 and its implications for cybersecurity

January 2, 2024

Understanding the ISO 27001:2022 Update

Continue Reading

a blue background with a graph and the words a deep dive iso 27001 2022 and its implications for cybersecurity

January 2, 2024

Getting Certified to ISO 27001:2022? Your Transition Plan is Critical for the External Audit.

Continue Reading

a poster for the future of security: unraveling the world of social engineering

January 2, 2024

Here’s How to Make Sure Your Security Awareness Training is Working

Continue Reading

the text 'CMMC gets posted to the federal registry' and 'CBIZ pivot point security' with a background of a glowing circuit board

December 27, 2023

CMMC Gets Posted to the Federal Registry

Continue Reading

the question 'human-level AI: what can it do, what are the risks, and when will it be here?' with a robot hand on a computer mouse in the background

November 22, 2023

Human-Level AI: What Can It Do, What Are the Risks, and When Will It Be Here?

Continue Reading

iso 27001 security policies what they are and why they 're important

December 12, 2023

ISO 27001 Security Policies: What They Are and Why They’re Important

Continue Reading

the eu 's nis2 directive here 's what you need to know

November 15, 2023

The EU’s NIS2 Directive: Here’s What You Need to Know

Continue Reading

top 10 benefits of iso 27001 compliance for startups

December 6, 2023

Top 10 Benefits of ISO 27001 Compliance for Startups

Continue Reading

a poster titled nist ai risk management framework what you should know and why you should care

December 6, 2023

NIST AI Risk Management Framework: What You Should Know and Why You Should Care

Continue Reading

Pivot Point Security Banner explaining what does that mean for recovery planning

November 22, 2023

“Failure is Not an Option”—What Does That Mean for Recovery Planning?

Continue Reading

cbiz pivot point security explains the basics of iso 27001

November 22, 2023

Understanding the Basics: What is ISO 27001?

Continue Reading

a blue background with the words understanding and applying risk management strategies for cmmc certification

November 2, 2023

Understanding and Applying Risk Management Strategies for CMMC Certification

Continue Reading

a blue background with the words 5 common mistakes when pursuing iso 27001 certification

November 2, 2023

5 Common Mistakes When Pursuing ISO 27001 Certification

Continue Reading

a blue background with the words how to demonstrate compliance with cmmc an overview

November 2, 2023

How to Demonstrate Compliance with CMMC: An Overview

Continue Reading

a blue background with the words the difference between iso 27001 and other certifications

November 2, 2023

The Difference between ISO 27001 and Other Certifications

Continue Reading

a blue background with the words 3 essential tips for maintaining cmmc compliance

October 18, 2023

3 Essential Tips for Maintaining CMMC Compliance

Continue Reading

the text '3 questions to consider before pursuing ISO 27001 certification' and 'CBIZ pivot point security' with a glowing cloud in the background

October 18, 2023

3 Questions to Consider before Pursuing ISO 27001 Certification

Continue Reading

a poster for the importance of maintaining an up-to-date iso 27001 certification

September 5, 2023

The Importance of Maintaining an Up-to-Date ISO 27001 Certification

Continue Reading

how to get cmmc certified 7 steps to take before applying

September 5, 2023

How to Get CMMC Certified: 7 Steps to Take Before Applying

Continue Reading

blue background with the words what is cmmc certification

September 1, 2023

What is CMMC Certification and What Does it Mean for Your Business?

Continue Reading

a blue background with the words cmmc rulemaking update and timeline

August 31, 2023

CMMC Rulemaking Update and Timeline

Continue Reading

CBIZ Pivot Point Security banner explaining what is iso 27001 certification & why it matters

August 29, 2023

What is ISO 27001 Certification and Why Does It Matter?

Continue Reading

the text 'leaking meta's LLaMA AI - the good, the bad, and the very bad' and 'CBIZ pivot point security' in front of a pink and purple background of lines

Leaking Meta’s LLaMA AI – the Good, the Bad, and the Very Bad

Continue Reading

a blurred image of a sphere with the words public and / or shared ai models cannot be trusted

Public and/or Shared AI Models Cannot be Trusted Until an AI Bill of Materials Become the Norm

Continue Reading

mike craig is founding principal ceo at vanaheim security

Time and Cost Factors to Attain a FedRAMP ATO

Continue Reading

mike craig is founding principal ceo at vanaheim security

FedRAMP ATO: 3 Tips to Minimize Cost, Complexity, and Time to Target

Continue Reading

mike craig is founding principal ceo at vanaheim security

Big Pros and Cons of an “Agency” Versus “JAB” Approach to a FedRAMP ATO

Continue Reading

mike craig is founding principal ceo at vanaheim security

Getting Ready for Your FedRAMP Third-Party Assessment

Continue Reading

mike craig is founding principal ceo at vanaheim security

FedRAMP Requirements Can Change Your Solution Architecture

Continue Reading

mike craig is founding principal ceo at vanaheim security

To FedRAMP or Not to FedRAMP: That is the (First) Question

Continue Reading

mike craig is founding principal ceo at vanaheim security

Intro to FedRAMP

Continue Reading

mike craig is founding principal ceo at vanaheim security

A FedRAMP ATO – The Good, The Bad, and the Ugly

Continue Reading

a poster for microservice architecture by pivot point security

What is a Microservice Architecture and How Do I Secure It?

Continue Reading

a poster for microservice architecture by pivot point security

Security and Development Must Work Closely to Secure Microservices

Continue Reading

a poster for microservice architecture by pivot point security

How Do Microservices Change Software Security?

Continue Reading

a poster for microservice architecture by pivot point security

Microservices and APIs—How Do They Connect?

Continue Reading

a poster for microservice architecture by pivot point security

What is a Microservice Architecture?

Continue Reading

a poster for pivot point security with a triangle in the middle

How Poor Cyber Asset Management Enabled the Equifax Breach

Continue Reading

a poster for pivot point security with a triangle in the middle

4 Ways a Strong Cyber Asset Management Program Can Help Block Ransomware Attacks

Continue Reading

a poster for pivot point security with a triangle in the middle

Active Asset Scanning in OT Environments

Continue Reading

a poster for pivot point security with a triangle in the middle

Why Vulnerability Management Tools Fall Short for Cyber Asset Discovery

Continue Reading

a poster for pivot point security with a triangle in the middle

2 Biggest Challenges with Cyber Asset Management – Pivot

Continue Reading

blue background with the words iso 27001 2022 on it

How ISO 27001:2022 Attributes Might Impact Your Certification Audit (and Improve Your Security)

Continue Reading

blue background with the words iso 27001 2022 on it

ISO 27001:2022—What is the Level of Transition Effort?

Continue Reading

blue background with the words iso 27001 2022 on it

ISO 27001:2022—When Should My Org Make the Transition?

Continue Reading

blue background with the words iso 27001 2022 on it

ISO 27001:2022—Insights into What’s New

Continue Reading

Pivot Point Security banner sharing the rsa conference 2023 with a globe in the background

RSA Conference 2023 Takeaway—“Shifting Security Left” is Now in Full Swing

Continue Reading

Pivot Point Security banner sharing the rsa conference 2023 with a globe in the background

RSA Conference 2023 Takeaway—Privacy Will Drive Data Governance

Continue Reading

Pivot Point Security banner sharing the rsa conference 2023 with a globe in the background

RSA Conference 2023 Takeaway—AI is Coming But It’s Not Here Yet

Continue Reading

Pivot Point Security banner sharing the rsa conference 2023 with a globe in the background

RSA Conference 2023 Takeaway—More Than Ever, a Product-Centric Security Strategy is Dangerous

Continue Reading

sbom software bill of materials by pivot point security

How Long Before Software Bill of Materials (SBOM) Moves from Buzzword to Expectation

Continue Reading

sbom software bill of materials by pivot point security

A Software Bill of Materials (SBOM) Benefits Both Vendors and Users

Continue Reading

sbom software bill of materials by pivot point security

What is an SBOM and Why Are My Customers Suddenly Asking for One?

Continue Reading

Pivot Point Security banner explaining asset inventory with a computer screen & shield in background

When You’re Doing Cyber Asset Management… What’s An Asset?

Continue Reading

the words 'asset management' with glowing lines and dots in the background surrounded by a group of icons

If your asset management sucks, your security sucks

Continue Reading

the text 'deepfake ai voice cloning' and 'pivot point security' with audio levels in the background

Beware the Latest Funds Transfer Fraud —Deepfake Voice Cloning

Continue Reading

Should We Implement DevSecOps? You May Not Have a Choice.

Continue Reading

DevSecOps: Recommended Guidance and Standards to Help Get You Started

Continue Reading

Shifting DevSecOps Left

Continue Reading

DevSecOps Depends on Understanding Application-Specific Risk

Continue Reading

the words 'Dev Sec Ops' surrounded by an infinity loop and a shield containing a checkmark

Getting Started with DevSecOps

Continue Reading

DevSecOps Defined

Continue Reading

4 Tactical Steps to Implementing DevSecOps in 2023

Continue Reading

7 reasons why you should get cmmc certified ahead of the may 2023 rulemaking

7 Reasons Why You Should Get CMMC Certified Ahead of the May 2023 Rulemaking

Continue Reading

an advertisement for office 365 by pivot point security

Pros and Cons to a “Hybrid Approach” to Microsoft 365 Commercial and GCC/GCC High

Continue Reading

an advertisement for office 365 by pivot point security

Why is Microsoft 365 GCC High “So Expensive”?

Continue Reading

an advertisement for office 365 by pivot point security

The “Feature Factor” in Moving to Microsoft 365 GCC or GCC High

Continue Reading

an advertisement for office 365 by pivot point security

How Long Does a Microsoft 365 “Government Cloud” Migration Take?

Continue Reading

an advertisement for office 365 by pivot point security

3 Top Considerations for Migrating to a Microsoft 365 “Government Cloud”

Continue Reading

an advertisement for office 365 by pivot point security

Should My Org Be on a Microsoft 365 “Government Cloud”?

Continue Reading

an advertisement for office 365 by pivot point security

Should we be in Microsoft 365 GCC, GCC High, or Commercial?

Continue Reading

Pivot Point Security banner with a hand pointing at a button that says iso 27001

Will Implementing the New ISO 27001:2022 Control Set Improve Your ISMS?

Continue Reading

Pivot Point Security banner with a hand pointing at a button that says iso 27001

2 “Gotchas” to Avoid on Move to ISO 27001:2022 – Pivot

Continue Reading

Pivot Point Security banner with a hand pointing at a button that says iso 27001

3 Things Your ISO 27001:2022 Auditor Would Love to See in Your ISMS

Continue Reading

Pivot Point Security banner with a hand pointing at a button that says iso 27001

Benefits of Moving to ISO 27001:2022 ASAP

Continue Reading

Pivot Point Security banner with a hand pointing at a button that says iso 27001

ISO 27001:2022—How Does It Impact Related Standards?

Continue Reading

Pivot Point Security banner with a hand pointing at a button that says iso 27001

We’re Working Towards Certification to ISO 27001:2013—How Does ISO 27001:2022 Impact Us?

Continue Reading

Pivot Point Security banner with a hand pointing at a button that says iso 27001

When Will Auditors Be Ready to Certify ISO 27001:2022 Compliance?

Continue Reading

Pivot Point Security banner with a hand pointing at a button that says iso 27001

When Should You Move to ISO 27001:2022?

Continue Reading

a person looking at a computer screen with pivot point security written on the bottom

February 20, 2023

Need to Align Your Web App Security Program with NIST’s SSDF or ISO 27001? OWASP SAMM Can Help.

Continue Reading

a person looking at a computer screen with pivot point security written on the bottom

February 19, 2023

Don’t Dump Application Security on Your Developers

Continue Reading

a person looking at a computer screen with pivot point security written on the bottom

February 18, 2023

Web Application Security—How Mature Are Most Orgs Today?

Continue Reading

a person looking at a computer screen with pivot point security written on the bottom

February 17, 2023

How (Not) Good is Your Web App Security? OWASP SAMM Can Tell You.

Continue Reading

a person looking at a computer screen with pivot point security written on the bottom

February 16, 2023

Getting to “Secure by Design” with OWASP SAMM

Continue Reading

a person looking at a computer screen with pivot point security written on the bottom

February 15, 2023

What is OWASP SAMM and How Can It Elevate Your Application Security?

Continue Reading

pivot point security graphic with a hand pointing at a globe

February 10, 2023

The TISAX Audit Process: Here’s What to Expect

Continue Reading

pivot point security graphic with a hand pointing at a globe

February 9, 2023

TISAX and ISO 27001: How Do They Relate?

Continue Reading

pivot point security graphic with a hand pointing at a globe

February 8, 2023

TISAX Assessment Objectives, Levels, and Labels

Continue Reading

pivot point security graphic with a hand pointing at a globe

February 7, 2023

What is TISAX and Why Should We (as an Auto Industry Supplier) Care?

Continue Reading

pivot point security graphic with a hand pointing at a globe

February 6, 2023

Understanding TISAX (Trusted Information Security Assessment Exchange)

Continue Reading

Pivot Point Security banner with a black hood individual hacking the network

February 3, 2023

Emerging Use Cases for Cyber Threat Intelligence

Continue Reading

Pivot Point Security banner with a black hood individual hacking the network

February 3, 2023

How Does Cyber Threat Intelligence Relate to Attack Surface Management or Digital Risk Management?

Continue Reading

Pivot Point Security banner with a black hood individual hacking the network

February 2, 2023

Still Think Your Org Has Nothing Hackers Want?

Continue Reading

Pivot Point Security banner with a black hood individual hacking the network

February 2, 2023

Cybercrime Business Models and Supply Chains

Continue Reading

Pivot Point Security banner with a black hood individual hacking the network

February 1, 2023

How Financially Motivated Cybercriminals Really Operate, and Why You (as an Org with Exploitable Assets) Should Care

Continue Reading

Pivot Point Security banner with a black hood individual hacking the network

February 1, 2023

Understanding How Cybercriminals Operate Can Protect Your Business

Continue Reading

a cloud with aws written on it next to a padlock

January 26, 2023

What’s New and Exciting with AWS Security?

Continue Reading

a cloud with aws written on it next to a padlock

January 25, 2023

Public Cloud Consumers: Is Your Management Plane Secure?

Continue Reading

a cloud with aws written on it next to a padlock

January 25, 2023

What are the Most Important AWS Security Tools that Every Org Should Use?

Continue Reading

a cloud with aws written on it next to a padlock

January 25, 2023

Why Do So Many Orgs Stumble on Cloud Security?

Continue Reading

a cloud with aws written on it next to a padlock

January 25, 2023

Different Public Cloud Services Equal Different Shared Security Responsibilities with Your CSP

Continue Reading

a cloud with aws written on it next to a padlock

January 25, 2023

2 Top Security Problems AWS Users Cause – Pivot Point

Continue Reading

a cloud with aws written on it next to a padlock

January 25, 2023

AWS Cybersecurity Best Practices—From Amazon’s Security Solutions Architect

Continue Reading

a blue sign that says unclassified on it

January 23, 2023

Cyber Insurance Considerations for DIB Orgs

Continue Reading

a blue sign that says unclassified on it

January 23, 2023

Export Controlled Data: What is It and Why Should We (as a US Government Contractor) Care?

Continue Reading

a blue sign that says unclassified on it

January 23, 2023

DIB Orgs: Here’s How to Avoid False Claims Act Sanction

Continue Reading

a blue sign that says unclassified on it

January 23, 2023

Should You Voluntarily Disclose a CUI Incident or Data Breach?

Continue Reading

a blue sign that says unclassified on it

January 23, 2023

CUI Basic and CUI Specified—What’s the Difference

Continue Reading

a blue sign that says unclassified on it

January 23, 2023

Understanding the Legalities around Controlled Unclassified Information (CUI)

Continue Reading

January 18, 2023

Security Staffing Moves for a Down Economy

Continue Reading

January 18, 2023

Want to Work Smarter Not Harder in a Down Economy? Embrace Security Automation.

Continue Reading

January 18, 2023

In a Down Economy, Ensure You’re Getting the Max from Security Investments

Continue Reading

January 18, 2023

Why You Should Keep Making Needed Security Investments in a Down Economy

Continue Reading

January 18, 2023

Why Aligning Cybersecurity with Trusted Frameworks is More Important than Ever in a Down Economy

Continue Reading

January 17, 2023

A Cybersecurity Strategy is More Critical Than Ever in a Slow Economy

Continue Reading

January 17, 2023

John Verry’s Top 10 Ideas to Advance Security and Compliance Even in a Tight Economy

Continue Reading

a hand is pointing at a button that says pivot point security

CMMC Rulemaking Changes Again—What’s the Timeline Now?

Continue Reading

Pivot Point Security Banner explaining use OOTB policy as code for cloud security posture management

January 5, 2023

Leveraging OOTB “Policy as Code” for Cloud Security Posture Management

Continue Reading

flyer for pivot point security shows a finger pointing at a padlock

January 5, 2023

Addressing False Positives and Alert Fatigue across Enterprise Security Tools

Continue Reading

the text 'your cloud security posture needs both preventive and detective/corrective components' with an index finger reaching for an icon in the background

January 5, 2023

Your Cloud Security Posture Needs Both Preventive and Detective/Corrective Components

Continue Reading

the question 'governance as code-is it the answer to cloud-native security' with a hand pointing to an icon in the background

January 4, 2023

Governance as Code—Is It the Answer to Cloud-Native Security?

Continue Reading

security compliance and governance in the cloud - how do they relate

January 4, 2023

Security, Compliance and Governance in the Cloud—How Do They Relate?

Continue Reading

graphic saying dynamic relationships between governance security and compliance

January 4, 2023

Dynamic Relationships between Governance, Security, and Compliance

Continue Reading

poster with the words is your board prepared for the sec 's new cybersecurity regulations

December 28, 2022

Is Your Board Prepared for the SEC’s New Cybersecurity Regulations?

Continue Reading

the question 'is attack surface management right for SMBs?' with a background of glowing lines connected by dots

December 20, 2022

Is Attack Surface Management Right for SMBs?

Continue Reading

Pivot Point Security banner explaining factoring third-party risk into attack surface management

December 20, 2022

Factoring Third-Party Risk into Attack Surface Management

Continue Reading

graphic for pivot point security asks how much of your attack surface is beyond your visibility

December 19, 2022

How Much of Your Attack Surface is Beyond Your Visibility?

Continue Reading

is it still a data breach if the data was outside your infrastructure

December 19, 2022

Is It Still a Data Breach if the Data was Outside Your Infrastructure?

Continue Reading

a blue background with the words how do assets relate to attack surface management

December 19, 2022

How Do Assets Relate to Attack Surface Management?

Continue Reading

what is digital business risk management and why is it so valuable to security leaders Poster

December 15, 2022

What is Digital Business Risk Management and Why is It So Valuable to Security Leaders?

Continue Reading

the question 'is digital business risk management the future of attack surface management?' with a background of glowing lines connected by dots

December 15, 2022

Is Digital Business Risk Management the Future of Attack Surface Management?

Continue Reading

pivot point security flyer talks about monitoring security of your deployed public cloud application

November 23, 2022

Monitoring Security of Your Deployed Public Cloud Application

Continue Reading

a poster for pivot point security that says " validating security within your devops pipeline "

November 22, 2022

Validating Security Within Your DevOps Pipeline

Continue Reading

a poster for california privacy rights act ( cpra ) compliance

November 10, 2022

Time’s (Almost) Up for California Privacy Compliance

Continue Reading

November 21, 2022

Skills to Look for in Developers to Move Your Applications to the Cloud

Continue Reading

November 18, 2022

Should We Containerize Our Cloud-Based Application?

Continue Reading

the question 'should you outsource managing your app along with building it?' with a background of technological devices pointing to and from a cloud

November 17, 2022

Should You Outsource Managing Your App Along with Building It?

Continue Reading

a flyer for pivot point security asking if there are any simple templates to help manage a secure web app in the public cloud

November 16, 2022

Are There Any Simple Templates to Help Manage a Secure Web App in the Public Cloud?

Continue Reading

the complexities of deploying a secure application in the cloud by pivot point security

November 15, 2022

The Complexities of Deploying a Secure Application in the Cloud

Continue Reading

the question 'what are a new privacy lead's biggest challenges? (from a fortune 500 CPO)' with a hand holding a lock in the background

November 14, 2022

What are a New Privacy Lead’s Biggest Challenges? (From a Fortune 500 CPO)

Continue Reading

the text 'tips from a fortune 500 CPO on automating your privacy program' with an icon branching off into four other icons in the background

November 11, 2022

Tips from a Fortune 500 CPO on Automating Your Privacy Program

Continue Reading

a poster for pivot point security shows a judge 's gavel

November 10, 2022

Tackling the Legal Side of Privacy without Becoming a Lawyer

Continue Reading

a poster saying how does physical security tie into privacy by pivot point security

November 9, 2022

How Does Physical Security Tie into Privacy?

Continue Reading

the new intersection of privacy and security from a fortune 500 cpo

November 7, 2022

The New Intersection of Privacy and Security (from a Fortune 500 CPO)

Continue Reading

an ad for pivot point security shows an intersection at night

November 7, 2022

The Intersection of Privacy & Security

Continue Reading

a purple cybersecurity maturity model certification badge

October 26, 2022

What Will It Take to Survive a Third-Party CMMC Level 2 Assessment?

Continue Reading

a cybersecurity maturity model certification sign with a globe in the background

October 26, 2022

DIB Orgs: Here’s What’s Up with CMMC “Flowdown” and New Pressures from Primes

Continue Reading

a cybersecurity maturity model certification from pivot point security

October 25, 2022

We Don’t Think We Need CMMC Level 2 but the Government Says We Do…

Continue Reading

a cybersecurity maturity model certification is displayed

October 25, 2022

Should We Pursue a Voluntary CMMC Assessment?

Continue Reading

sme infosec leads here's how to kickstart a privacy program

October 24, 2022

Is There a Path for Non-US Companies to be CMMC Certified?

Continue Reading

the text 'ISO 27001 certified orgs - here's the latest on CMMC reciprocity' displayed next to a 'cybersecurity maturity model certification' badge

October 24, 2022

ISO 27001 Certified Orgs—Here’s the Latest on CMMC Reciprocity

Continue Reading

the text 'house approves updated fedRAMP authorization act-1[75]' in front of a glowing cloud

October 24, 2022

House Approves Updated FedRAMP Authorization Act

Continue Reading

Banner with cybersecurity maturity model certification explaining can SMBs afford CMMC level 2

October 21, 2022

Can SMBs Afford CMMC Level 2 Certification?

Continue Reading

graphic that says when do we need to be cmmc 2.0 certified

When Do We “Really” Need to Be CMMC 2.0 Certified?

Continue Reading

a cybersecurity maturity model certification sign with a city in the background

October 20, 2022

DIB Orgs: Here are Answers to Your Top CMMC Encryption and MFA Questions

Continue Reading

a purple cybersecurity maturity model certification badge

Does My DIB Org Need a SIEM for CMMC Compliance

Continue Reading

an advertisement for pivot point security says your top cmmc questions answered

October 19, 2022

Your Top CMMC Questions Answered

Continue Reading

sme infosec leads here's how to kickstart a privacy program

October 14, 2022

SME InfoSec Leads: Here’s How to Kickstart a Privacy Program

Continue Reading

October 17, 2022

How Automation Can Help Operationalize a Privacy Program

Continue Reading

a poster that says how automation can help with data privacy impact assessment

October 13, 2022

How Automation Can Help with Data Privacy Impact Assessment

Continue Reading

the question 'SEMs: do you know where all your customers' personal data resides?' featured next to a lock

October 12, 2022

SMEs: Do You Know Where All Your Customers’ Personal Data Resides?

Continue Reading

a poster for pivot point security says smes are your customers pushing you towards a privacy program

October 11, 2022

SMEs: Are Your Customers Pushing You Towards a Privacy Program?

Continue Reading

the text 'the two audiences for privacy & how they drive data collection' and 'pivot point security' with an unlocked lock in the background surrounded by circuits

October 10, 2022

The Two Audiences For Privacy & How They Drive Data Collection

Continue Reading

is cybersecurity certification worth the effort

October 7, 2022

Is Cybersecurity Certification Worth the Effort?

Continue Reading

the question 'can disaster recovery and business continuity help with software supply chain risk assessment?' with linked chains in the background

October 6, 2022

Can Disaster Recovery and Business Continuity Help with Software Supply Chain Risk Assessment?

Continue Reading

the question 'can cybersecurity frameworks help with software supply chain risk management?' featured next to snippets of code

October 5, 2022

Can Cybersecurity Frameworks Help with Software Supply Chain Risk Management?

Continue Reading

a computer screen with the words supply chain risk management and third party risk management

October 4, 2022

Supply Chain Risk Management and Third-Party Risk Management: What’s the Difference?

Continue Reading

Banner explaining what is software supply chain risk management and why should we care

October 3, 2022

What is Software Supply Chain Risk Management and Why Should We (as an Org That Uses Software) Care?

Continue Reading

the ftc 's intensified prosecution of deceptive cybersecurity and privacy practices here 's what you should know

October 3, 2022

The FTC’s Intensified Prosecution of Deceptive Cybersecurity and Privacy Practices: Here’s What You Should Know

Continue Reading

pivot point security poster talks about unpacking critical elements of supply chain risk management

September 30, 2022

Unpacking Critical Elements of Supply Chain Risk Management

Continue Reading

patch act legislation could expand medical device manufacturing cybersecurity regulations

September 30, 2022

PATCH Act Legislation Could Expand Medical Device Manufacturing Cybersecurity Regulations

Continue Reading

Pivot Point Blog Template 16

September 27, 2022

NIST Update on HIPAA Security Rule Can Help Your Org Reduce ePHI Risk Exposure

Continue Reading

the text 'breaking: OMB mandates US federal agencies to comply with NIST guidance on software supply chain security' with an american flag in the background

September 19, 2022

OMB Mandates US Federal Agencies to Comply with NIST Guidance on Software Supply Chain Security

Continue Reading

a blue background with the words how does the nist secure software development framework compare

How Does the NIST Secure Software Development Framework (SSDF) Compare with OWASP SAMM, BSIMM, etc.?

Continue Reading

the words "what is the software development lifecycle and why is it central to software security"

What is the Software Development Lifecycle and Why is It Central to Software Security?

Continue Reading

the question 'the cyberspace solarium commission report and CMMC-how do they connect?' with a background of locks and the white house

The Cyberspace Solarium Commission Report and CMMC—How Do They Connect?

Continue Reading

the statement 'we need public/private partnership to fight the cyber war we're in' with a background of locks and the white house

We Need Public/Private Partnership to Fight the Cyber War We’re In

Continue Reading

a cyberspace solarium commission report and why should i care

What is the Cyberspace Solarium Commission Report and Why Should I Care?

Continue Reading

poster that says how does dev-ops impact your database security

How Does DevOps Impact Your Database Security?

Continue Reading

illustration of a data center with the words how moving to the cloud impacts your database security

How Moving to the Cloud Impacts Your Database Security

Continue Reading

3 reasons why database security is undervalued is displayed

3 Reasons Why Database Security is Undervalued

Continue Reading

graphic of server room with the words 5 top database risks you didn't know you had

5 Top Database Risks You Didn’t Know You Had

Continue Reading

Banner explaining confronting the wild west of database security

Confronting the Wild West of Database Security

Continue Reading

the text 'the argument for more board-level cybersecurity expertise' with an individual pointing their finger towards an icon in the background

The Argument for More Board-Level Cybersecurity Expertise

Continue Reading

the question 'what is 'secure by default' and how do we get there?' with a index finger pointing towards an icon appearing from the computer in the background

What is “Secure By Default” and How Do We Get There?

Continue Reading

the text 'looking beyond trusted frameworks to achieve robust cybersecurity' with an individual pointing their finger towards an icon in the background

Looking Beyond Trusted Frameworks to Achieve Robust Cybersecurity

Continue Reading

person using a laptop with the words bridging the gap between cybersecurity and the business world

Bridging the Gap Between Cybersecurity and the Business World

Continue Reading

the question 'does your cyber liability insurance fit with your total insurance coverage?' featured next to a desktop with a shield and dollar sign

Does Your Cyber Liability Insurance Fit with Your Total Insurance Coverage?

Continue Reading

Banner explaining 3 top reasons why an attorney should review your cyber liability insurance policy

3 Top Reasons Why an Attorney Should Review Your Cyber Liability Insurance Policy

Continue Reading

the question 'are cyber liability insurance companies (entirely) to blame for today's onerous premiums?' featured next to a computer with a shield and money

Are Cyber Liability Insurance Companies (Entirely) to Blame for Today’s Onerous Premiums

Continue Reading

the text 'why cyber liability insurance has become the 'wild west'' featured next to a computer with a shield and money sign

Why Cyber Liability Insurance Has Become the “Wild West”

Continue Reading

Banner explaining legal & infosec strategies to deal with cyber liability insurance premiums

Legal and Infosec Strategies to Deal with Exploding Cyber Liability Insurance Premiums

Continue Reading

a man in a suit is holding a clock in his hand

September 1, 2022

DIB Orgs: Time is Almost Up for DFARS and NIST 800-171 Compliance

Continue Reading

the owasp software assurance maturity model samm

August 26, 2022

What is the OWASP Software Assurance Maturity Model (SAMM) and Why Should We (as an Org That Develops Software) Care?

Continue Reading

Banner explaining apply the owasp software assurance maturity model (SAMM) with padlock

August 26, 2022

Applying the OWASP Software Assurance Maturity Model (SAMM) in Your Environment

Continue Reading

owasp samm's 5 business functions unpacked

August 30, 2022

OWASP SAMM’s 5 Business Functions Unpacked

Continue Reading

Banner with a padlock explaining BSIMM and OWASP SAMM compared

August 29, 2022

BSIMM and OWASP SAMM Compared

Continue Reading

a poster for owasp 's software assurance maturity model

August 29, 2022

Using OWASP’s Software Assurance Maturity Model (SAMM) and Application Security Verification Standard (ASVS) Together

Continue Reading

Banner with a padlock explaining software security standards & the impact on SAAS businesses

August 25, 2022

Breaking Down the Latest in Software Security Standards & the Impact on SaaS Businesses

Continue Reading

top use cases for continuous api security are displayed

August 23, 2022

Top Use Cases for Continuous API Security

Continue Reading

the question 'what is continuous api scanning and why should we (as app developers) care?' featured next to circuits around the word 'api'

August 22, 2022

What is Continuous API Scanning and Why Should We (as App Developers) Care?

Continue Reading

what are the financial benefits of api-level security

August 22, 2022

What are the Financial Benefits of API-Level Security?

Continue Reading

an api-first architecture affects your app attack surface

August 19, 2022

How Does an API-First Architecture Affect Your App Attack Surface?

Continue Reading

application security and api security are becoming synonymous are you ready

August 19, 2022

Application Security and API Security are Becoming Synonymous—Are You Ready?

Continue Reading

Banner explaining what you need to know about APIs and API security

August 18, 2022

What You Need to Know about APIs and API Security

Continue Reading

advertisement for aligning security with business goals to create more value

August 12, 2022

Aligning Security with Business Goals to Create More Value

Continue Reading

value creation side of return on security investment rosi estimates

August 12, 2022

The “Value Creation” Side of Return on Security Investment (ROSI) Estimates

Continue Reading

a risk-based approach to calculating return on security investment ( rosi )

August 11, 2022

A Risk-Based Approach to Calculating Return on Security Investment (ROSI)

Continue Reading

return on security investment ( rosi ) what is it and how do you calculate it

August 11, 2022

Return on Security Investment (ROSI): What is It and How Do You Calculate It?

Continue Reading

CBIZ Pivot Point Security banner explaining how to measure the value of information security

August 10, 2022

How to Measure the Value of Information Security

Continue Reading

Banner explaining how to align your dev with the nist secure software development framework

What’s the Effort to Align Your Dev with the NIST Secure Software Development Framework (SSDF)?

Continue Reading

the word compliance is on a blue background

Making the Most of the CMMC Assessment Guidance from the CyberAB

Continue Reading

a blue background with the words here 's why software vendors should align with the ssdf whether mandated or not

Here’s Why Software Vendors Should Align with the SSDF Whether Mandated or Not

Continue Reading

the question 'why does the USG think we need the NIST secure software development framework (SSDF)?' with blue gears featured in the background

Why Does the USG Think We Need the NIST Secure Software Development Framework (SSDF)?

Continue Reading

a blue background with the words what is the nist secure software software development framework and why should we ( as a software vendor ) care

What is the NIST Secure Software Software Development Framework and Why Should We (as a Software Vendor) Care?

Continue Reading

a blue background that says what nist 's secure software development framework means to you

What NIST’s Secure Software Development Framework Means to You

Continue Reading

us gov. cybersecurity roadmap where it came from and where is it going

US Gov. Cybersecurity Roadmap: Where it came from and Where is it Going?

Continue Reading

the question 'the us government threat intelligence programs: where are they headed?' with illustrated locks and the white house in the background

US Government Threat Intelligence Programs: Where Are They Headed?

Continue Reading

a poster that says recent white papers from the cyber solarium commission what is their purpose

Recent White Papers from the Cyber Solarium Commission—What is Their Purpose?

Continue Reading

a poster that says what is the cyberspace solarium commission 2.0 project and why should i ( as a us citizen ) care

What is the Cyberspace Solarium Commission 2.0 Project and Why Should I (as a US Citizen) Care?

Continue Reading

Capital building banner explaining what is continuity of the economy planning & why should I care

What is Continuity of the Economy Planning and Why Should I (as a US Citizen) Care?

Continue Reading

graphic that says your database attack surface is bigger than you think

Your Database Attack Surface is Bigger than You Think

Continue Reading

the strategy behind the gula tech adventures portfolio

The Strategy Behind the Gula Tech Adventures Portfolio

Continue Reading

Banner explaining why philanthropy is important in cybersecurity

Why Philanthropy is Important in Cybersecurity

Continue Reading

a person typing on a laptop with text saying "how do you know if your business is really secure"

How Do You Know If Your Business is Really Secure?

Continue Reading

what is a breach counselor and why do we ( as an org with cyber liability insurance ) care

What is a Breach Counselor and Why Do We (as an Org with Cyber Liability Insurance) Care?

Continue Reading

the question 'do you know your cyber liability insurance obligations?' featured next to an illustrated desktop with a shield and money sign

Do You Know Your Cyber Liability Insurance Obligations?

Continue Reading

CMMC 2.0: Is Certification Worth the Cost and Risk?

Continue Reading

CMMC 2.0: Choose Your Registered Provider Organization Carefully

Continue Reading

Banner with cybersecurity maturity model certification explaining CMMC 2.0 has not changed

CMMC 2.0: DoD Emphasizes “Nothing Has Changed” (So Why Aren’t You Ready?)

Continue Reading

the text 'CFIUS cybersecurity considerations: here's what you need to know' with right-facing arrows in the background

CFIUS Cybersecurity Considerations: Here’s What You Need to Know

Continue Reading

a table outlining requirements as a technical versus a nontechnical for categorizing nist 800-171

Benefits of Categorizing NIST 800-171 Requirements as Technical Versus Nontechnical

Continue Reading

the text 'important clarifications on CMMC V2 from CMMC day may 9, 2022' featured next to a 'cybersecurity maturity model certification' badge

Is CMMC Level 2 Worth it for DIB SMBs?

Continue Reading

the question 'what really drives innovation in cybersecurity' with right-facing arrows in the background

What Really Drives Innovation in Cybersecurity?

Continue Reading

a sign that says are we more or less secure than 20 years ago

Are We More or Less Secure than 20 Years Ago?

Continue Reading

investors are targeting these emerging cybersecurity areas

Investors are Targeting These Emerging Cybersecurity Areas

Continue Reading

the text 'three different types of private equity firms explained' with right-facing arrows in the background

3 Different Types of Private Equity Firms Explained

Continue Reading

5 top criteria for venture capitalists evaluating tech companies

5 Top Criteria for Venture Capitalists Evaluating Tech Companies

Continue Reading

a blue background with the words "the past present and future of cybersecurity from the viewpoint of a venture capitalist"

The Past, Present and Future of Cybersecurity From the Viewpoint of a Venture Capitalist

Continue Reading

computer screen with the words and coding type graphics

What is OWASP SAMM and Why Should We (as an Org that Develops Software) Care?

Continue Reading

the text 'how attack surface management calculates attack paths' with glowing illustrated locks in the background

How Attack Surface Management Calculates Attack Paths

Continue Reading

a computer screen with a padlock and the words how does attack surface management connect with patch management

How Does Attack Surface Management Connect with Patch Management?

Continue Reading

the text 'top scenarios for implementing attack surface management' with a background of brightly colored locks

Top Scenarios for Implementing Attack Surface Management

Continue Reading

a poster for nopsec's vision for attack surface management

NopSec’s Vision for Attack Surface Management

Continue Reading

computer screen with a padlock and words layered

Attack Surface Management: Should It Cover Configuration Management?

Continue Reading

a computer screen with a padlock and the words what is attack surface management and why should we (as an org with vulnerabilities) care

What is Attack Surface Management and Why Should We (as an Org with Vulnerabilities) Care?

Continue Reading

the text 'understanding attack surface management' with glowing locks in the background

Understanding Attack Surface Management

Continue Reading

a cityscape with the words protecting cui nonfederal organizations

Protecting CUI Nonfederal Organizations

Continue Reading

Banner explaining here's what state of the art entryway security looks like

Here’s What State-of-the-Art Entryway Security Looks Like

Continue Reading

a banner that says does my business need better entryway security

Does My Business Need Better Entryway Security?

Continue Reading

the text 'why physical security and cybersecurity are converging' with a background of a officer's torso and illustrated locks

Why Physical Security and Cybersecurity are Converging

Continue Reading

the text 'the convergence of physical and cybersecurity' with the torso of an officer and illustrated locks in the background

The Convergence of Physical & Cybersecurity

Continue Reading

CMMC 2.0 Level 3 Certification: What’s Up with That for MSPs/MSSPs?

Continue Reading

MSPs/MSSPs: Here’s the Latest CMMC/NIST 800-171 Compliance Timeline

Continue Reading

Why MSPs/MSSPs Should Develop a Shared Responsibility Matrix

Continue Reading

When is an MSP/MSSP a CSP for CUI Protection Purposes?

Continue Reading

the question 'MSPS/MSSPS: are you subject to 'flowdown' cui protection requirements?' featured next to a 'cybersecurity maturity model certification' badge

MSPs/MSSPs: Are You Subject to “Flowdown” CUI Protection Requirements?

Continue Reading

CMMC Compliance for MSPs/MSSPs: Taking a “Cross-Client” Approach

Continue Reading

the text 'CMMC compliance for MSPS/MSSPS: 3 shared responsibility angles' featured next to a 'cybersecurity maturity model certification' badge

CMMC Compliance for MSPs/MSSPs: 3 Shared Responsibility Angles

Continue Reading

the question 'what new CMMC guidance means for MSPS and MSSPS' featured near to a 'cybersecurity maturity model certification' badge

What New CMMC Guidance Means for MSPs and MSSPs

Continue Reading

a man and a boy looking at each other with a caption that says "i see hardcopies of cui"

Got Hardcopy CUI? NIST SP 800-171 Requirements Apply.

Continue Reading

step # 8 to retaining security talent win-win communication

Step #8 to Retaining Security Talent: Win-Win Communication

Continue Reading

Step 7 to Retaining Security Talent Make Career Promotion Criteria Outlined Transparent

Step #7 to Retaining Security Talent: Make Career Promotion Criteria Outlined & Transparent

Continue Reading

the text 'step #6 to retaining security talent: roles & responsibilities are clearly defined & measured' with individuals' figures in the background

Step #6 to Retaining Security Talent: Roles & Responsibilities are Clearly Defined & Measured

Continue Reading

Banner explaining Step 5 to Retaining Security Talent Consistent Management Training

Step #5 to Retaining Security Talent: Consistent Management Training

Continue Reading

Step 4 to Retaining Security Talent Kindness Only Culture

Step #4 to Retaining Security Talent: Kindness-Only Culture

Continue Reading

step #3 to retaining security talent: self-care culture

Step #3 to Retaining Security Talent: Self-Care Culture

Continue Reading

text for step #2 to retaining security talent: 'positive attitude culture' with a background of individual's outlines and various words

Step #2 to Retaining Security Talent: Positive Attitude Culture

Continue Reading

step #1 to retaining security talent emotionally intelligent managers

Step #1 to Retaining Security Talent: Emotionally Intelligent Managers

Continue Reading

8 ingredients for baking inclusivity into your culture

8 Ingredients for Baking Inclusivity into Your Culture

Continue Reading

the text 'sec proposes new rules on cybersecurity risk management, strategy, governance, and incident disclosure' next to a 'securities and exchange commission' badge

SEC Proposes New Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure

Continue Reading

the nist cybersecurity framework helps business and technical leaders communicate about security

The NIST Cybersecurity Framework Helps Business and Technical Leaders Communicate About Security

Continue Reading

blue and white banner that says cloud controls matrix

Understanding the Cloud Controls Matrix

Continue Reading

the text 'local storage versus cookies: which to use to securely store session tokens' with file folders in the background

Local Storage Versus Cookies: Which to Use to Securely Store Session Tokens

Continue Reading

the question 'how panther helps get you real-time access to arbitrary security data' with data center storage units in the background

How Panther Helps Get You Real-Time Access to Arbitrary Security Data

Continue Reading

server room image with the words comparing the cost of siem how much and time-to-value

Comparing the Cost of “SIEM”: How Much and Time-to-Value

Continue Reading

a server room with the words get proactive with real time streaming security analytics

Get Proactive with Real-Time Streaming Security Analytics

Continue Reading

a server room with the words big data snowflake and the reinvention of siem

Big Data, Snowflake and the Reinvention of SIEM

Continue Reading

a server room with the words " the state of siem " and why the security industry needs to move ony

“The State of SIEM” and Why the Security Industry Needs to Move On

Continue Reading

a poster that says what is serverless siem and why should we ( as an org trying to detect cyber threats ) care

What is “Serverless SIEM” and Why Should We (as an Org Trying to Detect Cyber Threats) Care?

Continue Reading

a server room with the words becoming more efficient w / a cloud-native approach

Becoming More Efficient w/ a Cloud-Native Approach to Data Security

Continue Reading

a dark room with the words 3 top ways to incorporate nist 800-171 into your iso 27001 or soc 2 program

February 2, 2022

3 Top Ways to Incorporate NIST 800-171 into Your ISO 27001 or SOC 2 Program

Continue Reading

4 key responses cubersecurity regulations poster

February 2, 2022

4 Key Responses to New US Government Cybersecurity Regulations

Continue Reading

the text 'CISA, critical infrastructure and CUI: 3 new drivers for the future of your ISO 27001 OR SOC 2 cybersecurity program' with a headquarters in the background

February 2, 2022

CISA, Critical Infrastructure and CUI: 3 New Drivers for the Future of Your ISO 27001 or SOC 2 Cybersecurity Program

Continue Reading

brief history cybersecurity guidance

February 2, 2022

A Brief History of Recent US Government Cybersecurity Guidance and Why You Should Care—Even If You Don’t Do Business with the USG

Continue Reading

Banner explaining are SAAS customers a bigger business risk to their vendors than vice versa

December 3, 2021

Are SaaS Customers a Bigger Business Risk to their Vendors than Vice Versa?

Continue Reading

Banner explaining 4 top things your SAAS vendors should be doing to prove they're secure

December 3, 2021

4 Top Things Your SaaS Vendors Should Be Doing to Prove They’re Secure

Continue Reading

a hand is pointing at a cloud with a padlock on it

December 3, 2021

AI-Based Threat Detection for SaaS Applications: “Suspenders to Backup Your Belt”

Continue Reading

a hand is pointing at a cloud with a padlock on it

December 3, 2021

Customer Managed Encryption Keys: With Great Power Comes Great Responsibility

Continue Reading

a hand is pointing at a cloud with a padlock on it

December 3, 2021

The Cloud Security “Shared Responsibility” Model is Evolving

Continue Reading

the text 'here's why cloud-based solutions are now more secure than on-prem' featured next to an index finger pointing to a cloud with a lock in it

December 3, 2021

Here’s Why Cloud-Based Solutions are Now More Secure than On-Prem

Continue Reading

Banner explaining using the csa star program for procurement

Using the CSA STAR Program for Procurement

Continue Reading

a blue circle with a cloud with a padlock in it and the words how the cloud security alliance addresses privacy

How the Cloud Security Alliance Addresses Privacy

Continue Reading

Banner explaining what is the csa cloud controls matrix and why should everyone on the cloud care

What is the CSA Cloud Controls Matrix and Why Should Everyone on the Cloud Care?

Continue Reading

Banner explaining what is the cloud security alliance and why should I care about the service

What is the Cloud Security Alliance and Why Should I (as Someone Selling or Buying Cloud Services) Care?

Continue Reading

essential cloud security and compliance tips from csa

Essential Cloud Security & Compliance Tips from CSA

Continue Reading

CMMC 2.0: What’s Ahead for the DIB?

Continue Reading

Why is Management Buy-In a Challenge for CMMC Compliance?

Continue Reading

Banner with cybersecurity maturity model certification explaining applying the cmmc scoping guide

Dib Orgs: Here’s How to Apply the CMMC Scoping Guide to OT Assets

Continue Reading

Dib Orgs: Why is Asset Management a Challenge?

Continue Reading

Dib Orgs: What to Do If You Don’t Think You Have CUI

Continue Reading

CMMC 2.0 Scoping

Continue Reading

3 Reasons Why It’s So Hard to Identify CUI

Continue Reading

Banner with cybersecurity maturity model certification and explaining 3 top challenges with CMMC 2.0

3 Top Challenges with CMMC 2.0

Continue Reading

Ongoing Challenges with CMMC

Continue Reading

CMMC 2.0 Rulemaking: What are the Implications for Government Contractors Outside the DIB?

Continue Reading

the text 'fleet device management: future plans' featured next to a snippet of code

Fleet Device Management: Future Plans

Continue Reading

a person is typing on a laptop with an envelope that says malware on it

How Malware Spreads

Continue Reading

a blue banner that says using fleet's policy feature for configuration management

Using Fleet’s Policy Feature for Configuration Management

Continue Reading

Banner explaining open source device management and can it improve your vulnerability management

Open Source Device Management—Can It Improve Your Vulnerability Management?

Continue Reading

open source device management is it right for your use cases

Open Source Device Management—Is It Right for Your Use Cases?

Continue Reading

open source device management is all about transparency and flexibility

Open Source Device Management—It’s All About Transparency and Flexibility

Continue Reading

Banner explaining is open source the future of endpoint security

Is Open Source the Future of Endpoint Security

Continue Reading

the text 'IOT device security: what to look for from vendors' with a blue, glowing globe in the background

IoT Device Security: What to Look for from Vendors

Continue Reading

iot security guidance what is its real world value

IoT Security Guidance: What is Its Real-World Value?

Continue Reading

remotely hacking iot devices here's how it's done

Remotely Hacking IoT Devices: Here’s How It’s Done

Continue Reading

a cell phone with a shopping cart and a padlock on it .

“AWS for Security” — A One-Stop Shop in the Making?

Continue Reading

a man is pointing at screen that says " a hardware hacker 's top tips for building secure devices "

A Hardware Hacker’s Top Tips for Building Secure IoT Devices

Continue Reading

a man in a suit holding both his hands out, one holding an unlocked key and the other holding a number of people representing workers

“AWS for Security” — Can It Also Support Compliance?

Continue Reading

a shield with a keyhole in the middle of it .

The New NIST Secure Software Development Framework: Why It’s So Important for the USG Supply Chain

Continue Reading

a green lock surrounded by black circuits

“AWS for Security”—Can It Reduce Your Security Software Costs?

Continue Reading

a person is writing on a screen with a marker that says iot

OK, So… What’s an IoT Device?

Continue Reading

a man in a suit and tie is holding a shield and a person

Are You Ready for “AWS for Security”?

Continue Reading

a hand reach towards a shield with a lock in the middle surrounded by glowing lines connected by dots

The “AWS Approach” to Provable Security

Continue Reading

new iso 27002 what does it mean for your iso 27001 isms

The New ISO 27002:2022—What Does It Mean for Your ISO 27001 ISMS?

Continue Reading

a blue background with the words new iso 27002 the value of attributes

The Value of Attributes in the New ISO 27002:2022

Continue Reading

a person is holding a shield with a padlock on it .

The OMB’s Final Zero Trust Strategy: 8 Key Takeaways

Continue Reading

a blue background with the words new iso 27002 what 's new with the controls

The New ISO 27002:2022—What’s New with the Controls?

Continue Reading

the text 'new ISO 27002' and 'what are 'themes' and why are they cool?' with a blue background featuring hexagons

The New ISO 27002:2022—What are “Themes” and Why are They Cool?

Continue Reading

the text 'new ISO 27002' and 'how was it developed?' with a blue background featuring hexagons

The New ISO 27002:2022 — How Was It Developed?

Continue Reading

a blue background with the words new iso 27002 on it

What Does the New ISO 27002 Update Mean for You?

Continue Reading

a hand is pressing a button on a screen that says compliance

DIB Orgs: Can You Identify CUI?

Continue Reading

a person is writing the word compliance with a marker

DIB Orgs: Your SPRS Score, System Security Plan and POAMs Had Better Be for Real

Continue Reading

a banner that says continuous compliance what are the business benefits

Continuous Compliance: What Are the Business Benefits?

Continue Reading

a group of people are standing in front of a screen that says compliance

Continuous Compliance for DIB Orgs: What Are Some Examples?

Continue Reading

an advertisement for cmmc 2.0 compliance shows two people talking

3 Inescapable Reasons Why DIB Orgs are Now Reliant on Their Compliance Programs

Continue Reading

the text 'CMMC 2.0 compliance' and 'what will it look like at level 1 or level 2?' with a figure and icons in the background

CMMC 2.0 Compliance—What Will It Look Like at Level 1 or Level 2?

Continue Reading

a blue background with the words endorsed iso 27001 and iso 27701 over soc 2

Microsoft Just Endorsed ISO 27001 (and ISO 27701) Over SOC 2! Here’s What It Means to You

Continue Reading

a person is pressing a button that says continuous compliance

Continuous Compliance—What is It and Why Should You (as a DIB Org) Care?

Continue Reading

John Verry's 2022 infosec prediction #8: 'CSPS up their security game'

John Verry’s 2022 InfoSec Prediction #8: CSPs Up Their Security Game

Continue Reading

John Verry's 2022 prediction #7: 'software security goes mainstream'

John Verry’s 2022 InfoSec Prediction #7: Software Security Goes Mainstream

Continue Reading

john verry 's 2022 infosec prediction # 6 companies will look to shorten their vendors lists

John Verry’s 2022 InfoSec Prediction #6: Companies Will Look to Shorten Their Vendors Lists

Continue Reading

John Verry's 2022 prediction #5: ''Our compliance offer' and/or 'GRC platform' enter your lexicon'

John Verry’s 2022 InfoSec Prediction #5: “Our Compliance Officer” and/or “Our GRC Platform” Enter Your Lexicon

Continue Reading

john verry 's 2022 infosec prediction # 4 : the use of fractional / virtual cios will continue to grow rapidly

John Verry’s 2022 InfoSec Prediction #4: The Use of Fractional/Virtual CISOs Will Continue to Grow Rapidly

Continue Reading

John Verry's 2022 infosec prediction #3: 'supply chain risk management will continue to grow in importance'

John Verry’s 2022 InfoSec Prediction #3: Supply Chain Risk Management Will Continue to Grow in Importance

Continue Reading

john verry 's 2022 infosec prediction # 2

John Verry’s 2022 InfoSec Prediction #2: Cyber Liability Insurance Premiums and Due Diligence Will Increase Significantly

Continue Reading

john verry 's 2022 infosec prediction # 1 : zero trust moves from buzzword to reality

John Verry’s 2022 InfoSec Prediction #1: Zero Trust Moves from Buzzword to Reality

Continue Reading

a person is typing on a laptop with an envelope that says malware on it

New False Claims Act Initiative Could Increase Federal Contractors’ Cyber Compliance Risk

Continue Reading

the text 'it's hard to spell security with API' featured next to hands holding a lock

It’s Hard to Spell Security with API (Translation: You Need an AppSec Strategy)

Continue Reading

John Verry's 2022 infosec predictions: 'challenges & responses'

John Verry’s 2022 InfoSec Predictions: Challenges & Responses

Continue Reading

a cityscape with the words protecting cui nonfederal organizations

2021 Cyber Incident Year in Review

Continue Reading

a man in a suit is touching a screen with icons on it

February 2, 2022

Can Attack Surface Management Help with Incident Response?

Continue Reading

an illustrated man looking up at a giant needle in a small haystack

February 1, 2022

Can Attack Surface Management Help with Vulnerability Assessment?

Continue Reading

an illustration of a supply chain with the words reduce supply chain security risks

January 31, 2022

How Attack Surface Management Can Help Reduce Supply Chain Security Risks

Continue Reading

the question 'got root?' in white letters against a black background

January 27, 2022

How I Got root on a Thermostat

Continue Reading

a blackboard with a drawing of a megaphone and the words " are you ready "

January 25, 2022

Are You Ready for the New ISO 27001:2022?

Continue Reading

a quote by winston churchill with a beach in the background

January 24, 2022

How (Not) to Perfect Your ISO 27001 Information Security Management System in Only 3 Years

Continue Reading

a building with the words "News Alert: Focus on FedRAMP"

January 21, 2022

New Senate Bill Proposes Multiple Changes to FedRAMP Program

Continue Reading

a man standing in snow with words cuil program implementation winter is coming

January 17, 2022

All Federal Contractors are Already Subject to NIST 800-171 Requirements—Not Just the DIB

Continue Reading

a man in a suit is writing the word investigate threats

January 10, 2022

Attack Surface Management with RiskIQ’s PassiveTotal Platform

Continue Reading

January 6, 2022

Attack Surface Management: Dark Web Deep-Dives and More

Continue Reading

a person typing on a laptop with the words what is attack surface management

January 4, 2022

What is Attack Surface Management and Why Should We (as an Organization at Risk of Cyberattack) Care?

Continue Reading

the words 'IT security' surrounded by '2022' and words like 'hardware', 'software', and 'support'

January 3, 2022

Cybersecurity Impacts of COVID-19: 2022 Update

Continue Reading

the world rewards you for value provided not time spent with hourglass sand counter placed down with sand falling

December 21, 2021

Top 10 CMMC Assessment Checklist Resources – Pivot Point

Continue Reading

a poster that says and the hackers were stirring

December 22, 2021

‘Twas the Night after Christmas, and the Hackers were Stirring…

Continue Reading

computer generated image of a globe surrounded by numbers and icons

December 17, 2021

Web Application Attacks are Skyrocketing—Don’t Get Caught in the Crossfire

Continue Reading

a cartoon of a cookie monster asking to delete cookies

December 14, 2021

Go easy on the cookies this holiday season: Stay safe by avoiding unwanted browser cookies!

Continue Reading

the text 'severe log4j 2 vulnerability puts enterprise and saas aps at grave risk' with a hand smashing a lock in the background

December 13, 2021

Severe Log4j 2 Vulnerability Puts Huge Swath of Enterprise and SaaS Apps at Grave Risk

Continue Reading

a man is holding a sign that says dpo

December 10, 2021

Skills SMBs Should Look for in a Privacy Lead

Continue Reading

a screenshot of the cve details page

December 9, 2021

Why the Latest Raspberry Pi CVE is (Almost) Completely Bogus

Continue Reading

White maze with a red line poing to the word gdpr in red letters

December 7, 2021

We Need to Comply with GDPR. Should We Get ISO 27701 Certified?

Continue Reading

an individual dressed like Santa in a red and white striped shirt with a red hat is holding a laptop

December 8, 2021

‘Tis the Season to Be Hacked—Don’t Let It Happen to Your Business

Continue Reading

December 6, 2021

We Need ISO 27001 and GDPR/CCPA Compliance. Should We Do ISO 27701 Concurrently?

Continue Reading

an infographic outlining the '4 essential steps to privacy compliance'

December 3, 2021

4 Essential Steps to Privacy Compliance

Continue Reading

a blue background with the words privacy policy on it

December 2, 2021

Privacy Laws Can Be a Matter of Life and Death

Continue Reading

a yin and yang symbol featuring the words 'cybersecurity' and 'privacy'

December 1, 2021

Why Cybersecurity and Privacy Should Be Viewed as Two Entirely Separate Disciplines

Continue Reading

a silhouette of a woman with a red cape and the words cyber standards to protect cui

November 30, 2021

Cyber Standards to Protect CUI are Coming for All US Government Suppliers

Continue Reading

a row of columns with the words " the more things change the more they stay the same "

November 26, 2021

CMMC 2.0 and NIST 800-171—Pressure from Primes Could Accelerate Compliance Timeframes

Continue Reading

a man sitting at a desk looking at a computer screen

November 19, 2021

95% of Board Members Say Information Security Strategy is Now Critical

Continue Reading

a yellow sign that says reality check ahead

November 18, 2021

Trusted Information and Its Role in Validating Your Information Security Program

Continue Reading

a quote from chris dorr the virtual chief information security officer at pivot point security

November 22, 2021

Getting to a Trusted Information Security Ecosystem

Continue Reading

a man helping another man climb a mountain with an african proverb

November 17, 2021

GCC High and Gap Assessments!

Continue Reading

the text 'CMMC 2.0 and the false claims act' and 'what is this?' with a white and yellow spotted background

November 16, 2021

CMMC 2.0 and the False Claims Act—Be Careful What You Sign!

Continue Reading

November 15, 2021

CMMC 2.0: What’s New and What’s Not for Orgs Handling CUI?

Continue Reading

Blue background with the capital building and words CMC 2.0 level 1 and what's new

November 12, 2021

CMMC 2.0: What’s New and What’s Not at “Level 1” (FCI Only)?

Continue Reading

quote from charles darwin is on a poster

November 8, 2021

Operationalizing Your Information Security Strategy

Continue Reading

SSDF

November 10, 2021

What is the NIST SP 800-218 (Draft) “Secure Software Development Framework” and Why Should We (as an Org Selling Software to the USG) Care?

Continue Reading

Blue background with the capital building and words CMC 2.0 level 1 and what's new

November 5, 2021

CMMC Piloting Efforts Suspended… Frustrating But Not Surprising (and Optimistic for “CMMC 2.0”)

Continue Reading

the secret of getting ahead is getting started by mark twain

November 2, 2021

Got an Information Security Strategy? Here’s How to Get Started.

Continue Reading

venn diagram showing trusted frameworks proven process

November 1, 2021

Why a Trusted Framework Should Be Part of Your Information Security Strategy

Continue Reading

two men holding blue puzzle pieces in front of a circuit board

October 29, 2021

What is an Information Security Strategy and Why Do We Need One?

Continue Reading

a woman in a suit and white shirt holds up five fingers

October 27, 2021

5 Pillars of “Continuous Controls Monitoring” in DevOps Environments

Continue Reading

man is holding a tablet with a speedometer on it

October 26, 2021

Will External Auditors Accelerate the Move to New Compliance Models?

Continue Reading

Yellow neon sign that says reasons on a brick wall

October 28, 2021

8 Trillion Reasons Why CMMC Matters to You (Even if You’re Not in the Defense Supply Chain)

Continue Reading

two heads with the words devops and compliance on them

October 21, 2021

What Does the Future of Compliance in a CI/CD Pipeline Look Like?

Continue Reading

a man in a suit is holding a tablet and writing on a screen that says devsecops

October 20, 2021

We Need a New Compliance Model for the DevOps Era

Continue Reading

a blue background with a globe and the words " what the new iso 27001 2022 release will mean to you "

October 19, 2021

What the New ISO 27001:2022 Release Will Mean to You

Continue Reading

hand writes underpromise overdeliver with a marker

October 13, 2021

Don’t “Over-Commit and Under-Deliver” on Your ISO 27001 Controls

Continue Reading

wooden letter blocks spelling out the word 'process'

October 12, 2021

ISO 27001 Top Tip: Focus on Process, Not Controls

Continue Reading

a pair of hands is holding a sign that reads 'think different'

October 11, 2021

Think Beyond ISO 27001 Certification While You’re Prepping for It

Continue Reading

Sign that says don't rush the process

October 6, 2021

Don’t Rush Your ISO 27001 Certification

Continue Reading

a man in a military uniform shakes hands with a man in a white shirt

October 7, 2021

Why the DOD’s Review of CMMC Will Mean More to C3PAOs Than It Will to DIB Contractors

Continue Reading

the word documentation is written on a puzzle piece

October 5, 2021

ISO 27001 Doesn’t Require as Much Documentation as You Think

Continue Reading

a wooden stamp that says rejected on it

October 4, 2021

Senior Management Can’t Just “Rubber Stamp” ISO 27001 Certification

Continue Reading

a man in a suit and tie is holding a card that says don't assume

October 1, 2021

Don’t Assume Your IT Staff Will “Handle” ISO 27001 Certification

Continue Reading

a man in a suit is walking across a bridge held by a hand

September 30, 2021

ISO 27001 Doesn’t Tell You How to Implement Controls – Your Scope and Risk Do

Continue Reading

September 28, 2021

You Don’t Define Your ISO 27001 Scope – Your Information Does

Continue Reading

what do you need is written in colorful letters on a white background

September 29, 2021

Do You Need a Score in SPRS to Be DFARS 7012 Compliant?

Continue Reading

five signs all featuring the word 'scope'

September 27, 2021

ISO 27001 Certification Shouldn’t Start with a Gap Assessment

Continue Reading

a torn piece of material revealing the quote 'a goal without a plan is just a wish!'

September 24, 2021

This is Why Your Information Security Advisor Should Be Focused on Strategy, Not Tactics/Products

Continue Reading

Blue padlock banner surrounded by the words cybersecurity plan

September 23, 2021

Here’s How to Fix Your Cybersecurity Program

Continue Reading

a woman with glasses in her hand looking pensively at a computer screen

September 22, 2021

Why Products are the Least Important Element of Your Cybersecurity Program

Continue Reading

quote from albert einstein that says we are not alone in thinking vision is the key

September 21, 2021

Pivot Point Security in a Nutshell

Continue Reading

a blackboard with the words how do we get there written in white chalk

September 20, 2021

Step 2 to “Provably Secure and Compliant” – Execute on Your Vision

Continue Reading

diagram of a proven process so fundamental it scales from a single device to a global organization

September 16, 2021

3 Things Every SMB Needs to Become “Provably Secure and Compliant”

Continue Reading

a road with the word vision painted on it

September 17, 2021

Step 1 to “Provably Secure and Compliant” – Establish Your Vision

Continue Reading

a cartoon about securing work devices by d fletcher for cloudtweaks.com

September 15, 2021

Sharing is not always caring: Back to Work, Back to School? Protect Your Devices with These Golden Rules!

Continue Reading

a man in a suit is using a tablet in a warehouse

September 14, 2021

The Cyber Executive Order: What Does the “SolarWinds Section” Mean for Software Vendors and Their Federal Customers?

Continue Reading

a man stands in front of a wall that says the cyber executive order with arrows for the old and new way

September 13, 2021

The Cyber Executive Order: 5 Coming Changes for Federal Agencies

Continue Reading

a person is signing an executive order zero trust

September 10, 2021

The Cyber Executive Order: What Does It Say about Zero Trust?

Continue Reading

a man with his fingers on his chin, thinking, with the words 'compliance regulations' above his head surrounded by some doodles

September 9, 2021

The Cyber Executive Order: Will It Bring New Regulations for Critical Infrastructure?

Continue Reading

American flag with a note that says executive order on it

September 8, 2021

The Cyber Executive Order: What is the “Tone from the Top”?

Continue Reading

a keyboard with sticky notes on it that have passwords written on them

September 7, 2021

Password Screening Services: How Much Risk Can They Eliminate?

Continue Reading

a newspaper with the word password security on it

September 3, 2021

Best-Practice Password Policy and the Research Behind It

Continue Reading

Illustration of a thief fishing for a software license

September 2, 2021

Password Attack! Here’s Why You Want to Prevent Account Takeovers

Continue Reading

rob kardashian sits at a table with flowers with kim kardashian in front

September 1, 2021

You Don’t Need to be CMMC Compliant, You Need to Be DFARS Compliant (A Kardashian Parable)

Continue Reading

a phone displays a screen that says have i been pwned

August 31, 2021

What is BreachSense and Why Do We (as an Org with Password Risk) Care?

Continue Reading

a magnifying glass shows the definition of bittersweet

August 27, 2021

Is Information Security an Oxymoron without Information Governance?

Continue Reading

Person fertilizing a plant that is growing out of the ground

August 30, 2021

When Will Information Governance “Come of Age”?

Continue Reading

three white flags blowing in the wind with the word 'enable' on them

August 26, 2021

Information Governance is a Business Enabler

Continue Reading

sign that says the valley of big data on it

August 24, 2021

Here’s Why Companies Struggle to Delete Data

Continue Reading

a hand writes the word data governance with a marker

August 23, 2021

How Privacy is Driving the Need for Information Governance

Continue Reading

Man in a suit and tie is holding two wooden puzzle pieces

August 20, 2021

Information Governance and Information Security: How Do They Connect?

Continue Reading

an open book with the word governance coming out of it

August 19, 2021

What is Information Governance and Why Do We (as an Org with PII) Care?

Continue Reading

the text 'we passed our CMMC/NIST 800-171 assessment!' and the question 'what's next?' on a notebook with a hand hovering holding a pen

August 18, 2021

We Passed Our CMMC/NIST 800-171 Assessment! Now What?

Continue Reading

cartoon man covering his face with his hands and a speech bubble that says oh no

August 17, 2021

What Happens If You Fail Your CMMC/DIBCAC Assessment?

Continue Reading

Business man and woman standing at a table looking at each other & discussing disagreement

August 16, 2021

Your CMMC/DIBCAC Assessment – What If You Disagree with an Assessor?

Continue Reading

robotic hand is pointing at the word machine learning

August 25, 2021

Using Python and Machine Learning to Predict Cyber Attacks: A Summer Intern’s Story

Continue Reading

the word audit that is on a blue background

August 13, 2021

CMMC/DIBCAC Assessment: Let’s Walk Through the Audit Process

Continue Reading

the text 'CMMC / DIBCAC assessment: what to expect at your kickoff meeting' with a tablet displaying icons in the background highlighting 'assessment'

August 12, 2021

CMMC/DIBCAC Assessment: Here’s What to Expect at Your Kickoff Meeting

Continue Reading

a magnifying glass with the words what are you looking for on it

August 11, 2021

What Evidence Will CMMC or NIST 800-171 Assessors Ask For?

Continue Reading

a blue and white hello i am prepared name tag

August 10, 2021

5 Top Prep Steps for Your CMMC or NIST 800-171 Assessment

Continue Reading

IoT Devices

IoT Devices: The Lord Giveth and He Taketh Away

Continue Reading

a newton's cradle with balls that say clarity and success

How Does Zero Trust Impact Operations and Business Users?

Continue Reading

numerous light bulbs all featuring different words inside the light bulbs, like 'compliance', 'regulation', and 'transparency'

Here’s How Zero Trust Relates to CMMC, ISO 27001, SOC 2 and Other Cyber Frameworks

Continue Reading

five steps to zero trust are shown on a white background

5 Steps to Zero Trust

Continue Reading

words placed in the shape of a cloud, featuring phrases like 'data breach', 'networking', 'business', and 'system'

Zero Trust Prevents Data Breaches, Not Intrusions

Continue Reading

Why is Zero Trust Suddenly So Hot?

Continue Reading

the word malware is in the middle of the word cloud

What is Zero Trust and Why Do We (as an Org with Sensitive Data) Care?

Continue Reading

a man standing in front of a sign that says sim dlp which

SIM Versus DLP – Which Should We Get First?

Continue Reading

The Real Reason Why Executives Ignore Security Priorities

Continue Reading

The True Role of a CISO

Continue Reading

the text 'incident management' featuring different forms of incident management

Why Detection – Not Prevention – Should be the Goal of Your Cybersecurity Program

Continue Reading

sign that says they don't need patches

The 3 (Make that 4) Non-Negotiable Cybersecurity Rules for SMBs

Continue Reading

a puzzle featuring the words 'assessment' and 'risk' on a puzzle piece and in an empty spot that piece fits into

The Right Way to View Cyber Risk Assessment

Continue Reading

the text 'myths' and 'facts' in front of a red and black background

Here’s the #1 Cybersecurity Myth

Continue Reading

Are You Unknowingly at Risk Online?

Continue Reading

the phrase 'cyber crime' with a hand pointing towards the screen where icons are displayed

Got an Internet Connection? Then Your Business is a Cybercrime Target

Continue Reading

a blue and orange sign that says how much

Ballpark Costs for a CMMC Level 3 Assessment

Continue Reading

the text 'CMMC audits... when?' and the word 'when' is sketched out

When Will the First CMMC Audits Start Happening?

Continue Reading

GFE

Government Furnished Equipment: What’s the Impact on Your CMMC Audit?

Continue Reading

a blue pawn and a red pawn are standing in front of a wall made of wooden blocks

CUI and FCI: Should We Keep Them Separate for CMMC Level 2 Compliance?

Continue Reading

a magnifying glass is looking at a piece of paper that says evidence

What Objective Evidence Will You Need for Your CMMC Assessment?

Continue Reading

a diagram showing the steps of policies and procedures

Here’s What Your CMMC Level 3 Readiness Assessment Will Look Like

Continue Reading

colorful sticky notes that set a plan

What is the Expected Level of Effort for a CMMC Level 3 Assessment?

Continue Reading

a index finger pointing towards gears beside the words 'continuous monitoring'

What StateRAMP Continuous Monitoring Looks Like

Continue Reading

rules strategy policies and risk are written on a white board

Why SLEDS are More Risk Averse than US Federal Agencies

Continue Reading

a road that is going through a forest

“StateRAMP Verified” and “StateRAMP Ready”: 2 Paths to SLED Security Verification for CSPs

Continue Reading

StateRamp Security Categories shown by bowls with sticky notes

StateRAMP Security Categories: Low, Moderate, High and “Just Right”

Continue Reading

a large brick building with the words StateRamp is the solution

Being Asked for a “FedRAMP ATO” by a State or Local Government? StateRAMP is the Solution

Continue Reading

three speech bubbles with the words `` what is it '' written on them .

What is StateRAMP and Why Do We (as a SLED Org or CSP) Care?

Continue Reading

the word 'yes' is featured in the center of a thought bubble with a background that is half blue and half yellow

Yes! – There is a StateRAMP Fast-Track for FedRAMP Authorized Services

Continue Reading

a graphic of batman and robin where batman is pointing to a screen and says 'the location of our bat cave is meant to be secret, so stop checking in!'

Not Everyone is Who They “Post” to Be: Stay Secure While Staying Connected on Social Media

Continue Reading

The word compliance written on a piece of paper with people writing what all goes into compliance

How Vigilant’s Managed Security Solutions Can Help with CMMC Compliance

Continue Reading

MDR

Managed Detection and Response (MDR): Which Firms are Using It?

Continue Reading

an elderly woman staring down with the text 'it's been 84 years...' displayed on screen

Why It Now Takes 315 Days to Contain a Malicious Cyber Attack

Continue Reading

a light box with the words "i like it what is it '' written on it

What is Managed Detection and Response (Really)?

Continue Reading

a little girl is writing pros and cons on a white board

The Pros and Cons of Automated Threat Detection and Response

Continue Reading

the letters 'e', 'd', and 'r' are featured in gold gears above the text 'endpoint detection and response'

What is Endpoint Detection & Response (EDR) and How Does It Differ from Traditional Antivirus?

Continue Reading

a collection of charts and graphs with the words data mapping in red

ISO 27701 Privacy Extension “Lessons Learned”: Data Mapping

Continue Reading

the text 'data protection offer' and 'pivot point security' with an illustration of an officer surrounded by a computer, key, lock, and magnifying glass

Does My Company Need a (Virtual) Data Protection Officer?

Continue Reading

a woman is sitting on a couch using a laptop computer .

Does ISO 27701 Certification Mean You Comply with GDPR and CCPA?

Continue Reading

piece of paper with the words lessons learned written on it

ISO 27701 Privacy Extension “Lessons Learned”: Scope

Continue Reading

a woman is using a tablet computer to answer the question what does it mean

Processor Versus Controller: What Do These Privacy Terms Mean? And Does One or Both Apply to Your Business?

Continue Reading

What is the ISO 27701 Privacy Extension to ISO 27001 and Why Do I (as a Regulated SMB) Care?

Continue Reading

a group of people standing around a cloud with a padlock on it

Real-World Time and Effort to Implement PreVeil Encrypted Email and File Sharing

Continue Reading

the text '4 top tools for maximum CMMC compliance' featuring four hands holding between one and four fingers up

4 Top Tools for Maximum CMMC Compliance Benefit with Minimum Effort

Continue Reading

a signpost with advice, help, support, tips, assistance, and guidance written on it

CMMC Compliant Access Control: How PreVeil Can Help You Get There

Continue Reading

Red stamp that says zero trust on a white background

What is a Zero Trust Security Model and Why Should We (as a Business with Sensitive Data) Care?

Continue Reading

little girl wearing glasses is sitting in front of a laptop computer

Why a Technical Geek Might Not Be the Best Choice to Run Your CMMC Program

Continue Reading

a chalkboard with the words make things and better written on it

DIB Orgs – Here’s How Your ISO 9001 Improvement Clause Helps with CMMC

Continue Reading

Group of people holding up chalkboards with the word benefits written on them

DIB Orgs – Here’s How Your ISO 9001 Performance Evaluation Clause Helps with CMMC

Continue Reading

a woman in a suit is holding a clipboard in front of a city

DIB Orgs – Here’s How Your ISO 9001 Operation Clause Helps with CMMC

Continue Reading

a hand points to a silhouette of a man walking up stairs

DIB Orgs – Here’s How Your ISO 9001 Support Clause Helps with CMMC

Continue Reading

a man and a woman are jumping in the air with iso 9001 and cmmc written above them

DIB Orgs – Here’s How Your ISO 9001 Planning Clause Helps with CMMC

Continue Reading

a banner with the word leadership surrounded by icons .

DIB Orgs – Here’s How Your ISO 9001 Leadership Clause Helps with CMMC

Continue Reading

hands holding a sphere with the word context on it

DIB Orgs – Here’s How Your ISO 9001 Context Clause Helps with CMMC

Continue Reading

a clock with the words time to get ready written on it

DIB Orgs – Get Ready to Leverage Your ISO 9001 Investment for CMMC!

Continue Reading

a hand holding three fingers up and the text 'pivot point security'

CXOs: Here are the Top 3 Questions to Ask IT Leaders about Technology Spend

Continue Reading

a man is walking on a tightrope over a mountain

IT Leaders: Here’s How to Talk to Your CxO About Risk

Continue Reading

a row of stuffed chickens standing next to each other on a green background .

Why You Should Tell Your ISO 27001 or SOC 2 Auditor That You Want as Many Nonconformities as Possible

Continue Reading

Business man in a suit pointing at a screen that says ciso

Do We Need a Virtual CISO?

Continue Reading

a hand is holding a piece of paper with blah written all over it

Need to Sway Your CFO on a Big Project? Leave Jargon at the Door.

Continue Reading

a cartoon of a man sitting at a desk and a woman pointing at a dollar sign

IT Leaders: Here’s How Your CFO Thinks

Continue Reading

An open book with the word influence coming out of it with different types of graphs

IT Leaders: Here’s the #1 Way to Influence Your CFO

Continue Reading

a pair of joker playing cards sticking out of a pocket

MSPs – Here’s How to Choose Good Customers and Avoid the “Wildcards”

Continue Reading

two separate index fingers reaching out towards two separate icons featured within the graphic

What is MSP Verify and Why Do I (as an MSP or Outsourcer) Care?

Continue Reading

a person is holding a sign that says crucial reasons

13 Million Reasons to Scope Before Gap Assessment – Pivot

Continue Reading

a woman in a yellow sweater is holding two question marks in her hands .

MSPs and MSSPs: What’s the Difference?

Continue Reading

an individual in a suit standing in frame with two of their fingers pointed forwards towards a selection of icons and the text 'managed services provider'

How Will Cloud Computing Impact MSPs?

Continue Reading

a street sign that says threats and opportunities on it

CMMC and MSPs – Opportunity or Threat?

Continue Reading

cartoon shows the evolution of man from monkey to businessman

What’s the Next Evolutionary Step for MSPs?

Continue Reading

a woman is sitting on a balcony using a laptop computer

Is Geography Still a Factor in Choosing an MSP?

Continue Reading

the words trust but verify are written in wooden letterpress type

Need to Evaluate an MSP? Here’s What to Look For.

Continue Reading

the phrase 'data privacy' featured next to a lock with a checkmark in it

Virginia Consumer Data Protection Act vs. California Privacy Rights Act – How They Differ and What to Watch Out For

Continue Reading

a man holding his index finger up to his lips, indicating to be quiet while sitting at a desk behind a computer

Virginia Consumer Data Protection Act: Here’s the Cliff Notes

Continue Reading

Silhouette of a man holding a medal in front of the ocean

Can There Ever Be “Just One” Cybersecurity Standard?

Continue Reading

a cartoon of thing 1 and thing 2 jumping in the air

The 2 Types of Organizations that Fail Information Security: Which One Are You?

Continue Reading

a person is stacking wooden blocks on top of each other

The Not-So-Great State of Third-Party Risk Management

Continue Reading

The SolarWinds Breach and CMMC – What’s the Impact?

Continue Reading

a group of comic book heroes including batman superman wonder woman and robin

Battle of the Cyber Standards – Which Will Thrive, Survive or Take a Dive?

Continue Reading

a chalkboard with a light bulb and the words what do i need

What Do We REALLY Need to Do to Get CMMC Level 1 Certified?

Continue Reading

Three colorful bins with the numbers 1, 2 and 3 on them

3 Ways to Know If You Should Worry about CMMC Level 1

Continue Reading

a person is holding a red apple and a green apple in their hands

What’s the Difference between Controlled Unclassified Information (CUI) and Federal Contract Information (FCI)?

Continue Reading

figures of several individuals interacting and holding hands with a backdrop of a city in the background

What is CMMC? A Quick Primer for SMBs in the DIB

Continue Reading

four pink piggy banks are lined up in a row on a white background

Government Staffing Agencies – Here’s How to “Right-Size” CMMC Level 3

Continue Reading

a large building with a blue sky and clouds in the background .

Government Staffing Agencies – Do You Need to Comply with CMMC Level 1?

Continue Reading

boy and a girl are sitting on steps eating apples

Shared Responsibility for Cybersecurity in Government Staffing Scenarios

Continue Reading

Hand pointing at government agency word cloud with key administrative terms

Government Staffing Agencies – Do You Need (or Want!) CMMC Level 3 Security?

Continue Reading

a cartoon of scooby doo putting his hand on a ghost 's head .

Government Staffing Agencies – Is Your FCI Really CUI?

Continue Reading

the word unclassified that is on a yellow background

Government Staffing Agencies: Do You Have CUI in Your Environment?

Continue Reading

woman is holding a sign that says what do you need to succeed

Aerospace Firms – Do You Need ISO 27001 or SOC 2 Certification?

Continue Reading

a pair of hands holding a miniature commercial plane with the backdrop of a city

Securing Your Aerospace Business – Here’s How to Address “Flowdown” Requirements

Continue Reading

a group of people are sitting at a table holding score cards

Aerospace & Defense Firms – Got a Low SPRS Score? Don’t Fret…You’re Not Alone.

Continue Reading

a fighter jet is flying over the ocean at sunset

Biggest Security and Compliance Challenges for Aerospace Companies

Continue Reading

IoT Security Controls

What is an IoT Ecosystem and How Do You Test One?

Continue Reading

an aerial view of a city with a lot of icons on it .

OWASP ISVS vs. CSA IoT Security Controls Framework – Which to Use When

Continue Reading

a person is stacking wooden blocks with arrows on them

OWASP ISVS Levels Explained

Continue Reading

a banner that says internet of things any device anybody anywhere any business any network anytime

The New OWASP IoT Security Verification Standard (ISVS) – What Does It Include?

Continue Reading

a person is using a laptop computer while holding a cup of coffee

The FSA’s New Campus Cybersecurity Program – Here’s What It Means for Higher Ed

Continue Reading

a young boy holds a marker in his mouth in front of a sign that says what who where when why

The New OWASP ISVS – What, Why and Who?

Continue Reading

a laptop with a screen that says iot on it

What is OWASP and Why Should You (as Someone Securing IoT) Care?

Continue Reading

a woman in a red jacket is shrugging her shoulders while holding a cell phone

What is FedRAMP Tailored and Who Does It Apply To?

Continue Reading

a blue background with circles and the words how does it work

FedRAMP and CMMC – Here’s How They Relate

Continue Reading

a scale with 'value' on one side and 'price' on the other surrounded by several doodles

FedRAMP – What’s the Cost to Achieve and Maintain Your ATO?

Continue Reading

a man is stopping a row of wooden blocks from falling on a table

FedRAMP – What’s the Timeline from “Go to ATO”?

Continue Reading

a group of people are helping each other climb a mountain

FedRAMP Authorization – Key Players and How They Relate

Continue Reading

a view from behind a person looking down two similar-looking paths, deciding which one to go down

FedRAMP: The 2 Routes to Get There – Agency Sponsored vs. JAB GSA

Continue Reading

a button with the word risk on it

FedRAMP Levels Explained: Low, Moderate and High

Continue Reading

a group of people are sitting around a table with a sign that says " are you ready "

February 26, 2021

FedRAMP – What is It and Who Needs to Know?

Continue Reading

February 19, 2021

CMMC System and Information Integrity Domain: Quick Sketch

Continue Reading

February 18, 2021

CMMC System and Communications Protection Domain: Rapid Rundown

Continue Reading

February 17, 2021

CMMC Situational Awareness Domain: Summary

Continue Reading

February 16, 2021

CMMC Security Assessment Domain: Synopsis

Continue Reading

February 15, 2021

CMMC Risk Management Domain: Executive Flyover

Continue Reading

February 12, 2021

CMMC Recovery Domain: Here’s the 101 Course

Continue Reading

February 11, 2021

CMMC Physical Protection Domain: Here’s the Nitty-Gritty

Continue Reading

February 10, 2021

CMMC Personnel Security Domain: Get the Gestalt

Continue Reading

February 9, 2021

CMMC Media Protection Domain: Cliff Notes

Continue Reading

February 8, 2021

CMMC Maintenance Domain: Top Takeaways

Continue Reading

January 29, 2021

Where the GRC Marketplace is Headed… And Why It Could Be a “Happy Place” for Your Business

Continue Reading

February 2, 2021

What to Look for in a Modern GRC Tool

Continue Reading

February 3, 2021

Why Don’t NIST 800-171 or CMMC Cover Supply Chain Risk Management?

Continue Reading

Close up of an American flag with stars and stripes on it

January 21, 2021

DIB Orgs—ITAR Can Impact Your Whole Compliance Picture

Continue Reading

February 4, 2021

DIB Orgs: What You Don’t Know about the CUI Requirements in Your Contract Can Hurt You

Continue Reading

February 5, 2021

What Every DIB Org Needs to Do NOW If You Have a DFARS 7012 Clause in ANY of Your DoD Contracts

Continue Reading

December 29, 2020

CMMC Configuration Management Domain: Overview

Continue Reading

What is the DFARS 7012 Clause and Why Should DIB Orgs Care?

Continue Reading

What is the DFARS 7021 Clause and Why Should DIB Orgs Care?

Continue Reading

December 21, 2020

What is the DFARS 7020 Clause and Why Should DIB Orgs Care?

Continue Reading

What is the DFARS 7019 Clause and Why Should DIB Orgs Care?

Continue Reading

December 28, 2020

CMMC Awareness and Training Domain: ABC’s and FAQ’s

Continue Reading

three silhouettes of people standing and sitting on a black background

December 17, 2020

Why “Tone at the Top” is So Critical for SaaS Security

Continue Reading

a laptop with a bunch of code on it

December 16, 2020

What Cybersecurity Attestations Should You Look for in a SaaS Provider?

Continue Reading

a woman is sitting on the ground next to a spilled cup of coffee

December 15, 2020

Security “Gotchas” in SaaS Production Applications

Continue Reading

a smurf laying down spilling his basket of red and green items

December 10, 2020

Where SaaS Firms Stumble on Cybersecurity

Continue Reading

Illustration of a laptop and a cell phone with graphs on them

December 11, 2020

The Cloud Security Alliance (CSA) Plans to Certify IoT Testers

Continue Reading

December 1, 2020

SB 327—What It Means for IoT Device Manufacturers and Developers

Continue Reading

November 25, 2020

CMMC Audit and Accountability Domain: FAQs

Continue Reading

November 25, 2020

CMMC Asset Management Domain: Here are the Essentials

Continue Reading

CMMC 2.0 Access Control Domain: Here are the Basics

Continue Reading

a woman standing in front of a dry erase board pointing to a graph that is trending up

November 10, 2020

How NIST Cybersecurity Guidance Can Help Organizations Address “Silos of Risk”

Continue Reading

two hands drawn in chalk are shaking

November 16, 2020

US Federal Agencies: Here’s How to Put NIST SP 800-53 and the NIST Cybersecurity Framework (NCSF) Together

Continue Reading

Aerial view of the skyline of new york city on a sunny day

November 11, 2020

What is the NIST Cybersecurity Framework (NCSF) and How Can It Help My Company?

Continue Reading

a hand holding a pen to paper checking off boxes

November 23, 2020

“Harmonizing” ISO 27001 and NIST Cybersecurity Guidance

Continue Reading

compass is sitting on top of a piece of paper with numbers on it

November 24, 2020

Here’s How to Tailor NIST Cybersecurity Guidance to Your Unique Needs

Continue Reading

a neon sign that says ask is hanging from a street light

November 19, 2020

How SMBs Across Industries Can Best Leverage NIST Cybersecurity Guidance

Continue Reading

a hand displaying a peace sign covered in the design of an American flag

November 20, 2020

Here’s How the DCMA Fits with the CMMC-AB

Continue Reading

a pug dog is laying on the floor and looking at the camera

November 13, 2020

Supplier Risk Management for DoD Subcontractors—What is Required?

Continue Reading

a group of people are sitting around a table looking at blueprints

November 18, 2020

What Can My Company Expect from a DCMA Cybersecurity Audit?

Continue Reading

a laptop computer is sitting on a desk next to a cell phone and a notebook .

November 17, 2020

CSA’s New IoT Security Controls Framework—How it Came About and Why it’s so Effective

Continue Reading

a person is touching a cell phone with their finger

November 12, 2020

Think You Know What an Internet of Things (IoT) Device Is These Days?

Continue Reading

December 9, 2020

Who is the Cloud Security Alliance (CSA) and How They Can It Help Your Company’s Security and Security People?

Continue Reading

Cybersecurity maturity model certification (CMMC) badge

October 27, 2020

DFARS: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041)

Continue Reading

a view from behind a woman's face with her arm extended out towards a sunset

October 19, 2020

5 Ways to Hit the Reset Button on Your Cybersecurity Program

Continue Reading

three statues of monkeys sitting on a bench covering their ears and mouths .

October 20, 2020

3 Reasons You (Probably) Need to Rethink Your Cybersecurity

Continue Reading

a man in a suit holds a tablet with the word skills on it

October 26, 2020

Surviving the Cybersecurity Squeeze: Shrinking Talent Pool, Growing Workload

Continue Reading

a 3d rendering of a graph with an arrow pointing up

October 28, 2020

A Risk-Based Approach to “Doing Less” with Cybersecurity

Continue Reading

a laptop with a red warning sign on the screen

October 21, 2020

Beat the Toughest CMMC Level 3 Requirements: Logging and Alerting

Continue Reading

a magnifying glass shows an envelope on a laptop screen

October 21, 2020

Beat the Toughest CMMC Level 3 Requirements: Email Spam Protection and Sandboxing

Continue Reading

there is a padlock in the middle of a circle

October 21, 2020

Beat the Toughest CMMC Level 3 Requirements: End-to-End Encryption

Continue Reading

a pair of keys hanging from a lock

October 21, 2020

Beat the Toughest CMMC Level 3 Requirements: Multifactor Authentication

Continue Reading

woman is standing in front of a garage door using a tablet computer

October 21, 2020

Beat the Toughest CMMC Level 3 Requirements: Mobile Device Management

Continue Reading

a padlock with a keyhole in the middle is surrounded by binary code .

October 14, 2020

End-To-End Encryption – This is What “Real Security” Looks Like

Continue Reading

a woman in a yellow shirt points to a group of people

October 13, 2020

4 Top Considerations for Choosing an ISO 27001 Registrar/Auditor

Continue Reading

a cell phone sits on a desk next to pencils and a white eraser

October 16, 2020

ISO 27001 Certification Audits: What are Stage 1 and Stage 2 All About?

Continue Reading

a woman sits at a desk writing on a piece of paper

October 15, 2020

Top Management’s Role in ISO 27001 ISMS

Continue Reading

two blue and yellow figurines are putting puzzle pieces together

October 7, 2020

“Shared Responsibility” is Key to Managing Third-Party Risk

Continue Reading

a stack of cards on a table that say less is more

October 5, 2020

Consolidation Strategies to Help You Do More with Less

Continue Reading

two computer monitors on a desk with one that says ' slack ' on it

October 12, 2020

Legacy Web Application Code: Secure It or Flush It?

Continue Reading

silhouette of a woman jumping over a river

October 6, 2020

4 First Steps to Jumpstart Secure Web App Development

Continue Reading

a tic tac toe game with four leaf clovers

October 29, 2020

3 Steps to Success with OWASP Guidance for WebAppSec

Continue Reading

a cup of coffee sitting on a wooden table in front of a laptop

October 8, 2020

How CREST Professional Certifications Compare to Other Industry Qualifications

Continue Reading

a magnifying glass shows a bug on a computer screen

December 8, 2020

How Automated Testing and Code Review Fit into the OWASP ASVS

Continue Reading

a close up of a chain link fence with a blurry background

November 2, 2020

Does Your SMB Need a Business Continuity Plan?

Continue Reading

a man in a suit and tie is pointing at circles on a screen

October 15, 2020

Wherever You Do Business, CMMC is Coming

Continue Reading

an illustrated person that looks exhausted saying 'good morning'

December 7, 2020

A Day in the Life of an SMB That Needs a Data Forensics Service Provider

Continue Reading

December 4, 2020

Why You Need a Data Forensics Expert on Speed-Dial

Continue Reading

a tablet displaying tables and charts sitting on a table next to a phone and a coffee mug

November 4, 2020

Keeping Data Forensics Costs in Check

Continue Reading

October 13, 2020

3 Easy Ways to Shrink Your Attack Surface—From a Data Forensics Expert

Continue Reading

December 24, 2020

Data Forensics: What is It (Really) and When Do I Need It?

Continue Reading

Man in a suit is pointing a banana at the camera

November 5, 2020

There are 2 Kinds of CISOs—Which Kind Does Your Business Need?

Continue Reading

December 2, 2020

Testing Against the OWASP ASVS—It’s Easier Than You Think

Continue Reading

Computer generated image of a colorful swirl on a black background

October 9, 2020

Visualize the Internet of Things (IoT)

Continue Reading

November 6, 2020

Small DoD Suppliers: Time to Wake Up and Smell the CMMC Level 1 Compliance Challenges

Continue Reading

an individual dressed in a suit, pointing their finger towards the screen, clicking on an email icon

October 2, 2020

The Economics for CMMC Compliant Email and File Sharing

Continue Reading

a tablet with the word games on it

October 1, 2020

OWASP Top 10 Versus the OWASP ASVS—When to Use Which?

Continue Reading

looking up at a building with a blue sky in the background

September 30, 2020

ISO 27001 Certification Audits: The Answers to Who, How Long and How much?

Continue Reading

group of cartoon people are running and one of them is orange

September 29, 2020

Better, Faster AND Less Expensive Vendor Risk Assessments: Here’s How It Works

Continue Reading

a cloud with a lock through it in front of a blue background

September 28, 2020

Great Vendor Tools Does Not = Security

Continue Reading

a blackboard with smiley faces and a check mark

September 25, 2020

How Much Do Vendor Due Diligence Reviews Cost?

Continue Reading

Business man writing on a piece of paper while another man looks at a tablet

September 24, 2020

How Much Does a Standardized Control Assessment (SCA) Cost?

Continue Reading

a hand holding a pen hovering above a paper containing graphs

September 23, 2020

What Will a SOC 2 Type 2 Report Cost Your Company?

Continue Reading

Aerial view of a city with neon icons throughout the image

September 22, 2020

IoT Security Assessment Costs

Continue Reading

a man in a suit and tie is adjusting his tie

September 21, 2020

Looking to Capitalize or Sell Your SaaS Business? Get Out in Front of Data Privacy Issues Now

Continue Reading

Woman is standing in front of a glass wall in an office and peering into hallway

September 18, 2020

The Role of “Top Management” in Your ISO 27001 ISMS

Continue Reading

September 17, 2020

Exostar Certification Assistant Simplifies CMMC Certification

Continue Reading

a woman sits in front of an acer computer

September 16, 2020

How Deep Will an Auditor Dive into Your ISO 27001 ISMS?

Continue Reading

a man is sitting at a table using a tablet computer

September 15, 2020

Upping the Due Diligence with Your ISO 27001 Certified Vendors

Continue Reading

the word consolidate is written in colorful letters on a wooden surface

September 14, 2020

The “Huge Value” of Consolidating Your Cybersecurity Audits

Continue Reading

a woman in a yellow shirt is giving a peace sign

September 11, 2020

3 Ways a SaaS Solution Will Help You Achieve and Maintain CMMC Compliance

Continue Reading

a lock featuring numbers lined up to spell out 'password'

September 10, 2020

“Transitioning to a Post-Password Future” with OWASP ASVS V4

Continue Reading

woman is walking across a crosswalk in a blurry photo

September 9, 2020

SaaS Firms: Invest in Data Security and Privacy Now to Raise Capital or Sell the Business Later

Continue Reading

a plane is flying over a city of tall buildings .

September 8, 2020

SaaS Security – How Your Security Impacts Your Investment Deals

Continue Reading

looking up at a tall building with a lot of windows

September 4, 2020

The CMMC Framework – Lets Get Familiar

Continue Reading

a chart showing the cmmc cyber hygiene certification levels

September 3, 2020

CMMC Levels – Here’s What You Need to Know

Continue Reading

registered provider program graphic explanation

September 2, 2020

CMMC Registered Practitioners – How Can They Help You Prepare for CMMC Certification?

Continue Reading

a diagram showing employees staff trained in basic methodology

September 1, 2020

CMMC Registered Provider Organization – What is an RPO and Why You Should Care?

Continue Reading

White wifi icon on a blue background

August 31, 2020

4 Quick Tips to Manage IoT Security Risks

Continue Reading

a man sits at a desk with a dell computer monitor

August 25, 2020

What is Threat Modeling and How Does It Differ from Risk Assessment?

Continue Reading

man in a suit stands in front of a window with blinds

August 21, 2020

Vendor Consolidation—The Silver Bullet to Gun Down IT/InfoSec Costs?

Continue Reading

a dart board with the word winmau on it

August 20, 2020

Better, Faster AND Cheaper Vendor Risk Assessment? Yes!!

Continue Reading

a business woman standing confidently in front of a backdrop of blurred skyscrapers

How a CREST Certification Can Advance Your Technical Cybersecurity Career

Continue Reading

lego figure holding a map and a compass

August 24, 2020

Is the CISO Evolving to Embrace More Risk?

Continue Reading

a yellow question mark is surrounded by black question marks

August 18, 2020

What is CUI and Why is It Such a Big Deal?

Continue Reading

a hand holding a phone with a computer in the background

August 17, 2020

Alternatives to Microsoft GCC High Cloud for CMMC Compliant Email and File Sharing

Continue Reading

a person 's foot is walking up a set of stairs

August 12, 2020

5 Critical Steps to Add CMMC Certification to Your ISO 27001 Attestation

Continue Reading

a blue mailbox with an @ sign on it

August 11, 2020

CMMC and NIST 800-171 Email Encryption Compliance Challenges are Here – Are You Ready?

Continue Reading

a person holding a cell phone with a padlock on the screen

August 10, 2020

Will ISO 27701 Certification Make Your Business GDPR and CCPA Compliant?

Continue Reading

a man in a suit sits at a desk using a laptop

How CREST Makes Cybersecurity Less Like Proctology… Stay with me here

Continue Reading

a close-up of a chain link fence

5 Critical Steps to Add CMMC Certification to Your ISO 27001 ISMS

Continue Reading

a laptop sits on a desk next to a notebook and a car key

Cutting IT/InfoSec Costs with Fractional Resourcing

Continue Reading

a blackboard with the words how who what when why where written on it

CMMC Assessment Pilot Programs: When, What and Who?

Continue Reading

a pile of money with the word costs written on it

What’s the Cost of ISO 27701 Certification?

Continue Reading

an illustrated man with a frown staring down at a piece of paper that is next to a writing utensil and a coffee mug

Data Controller vs. Data Processor: Are We Neither, Either or Both?

Continue Reading

laptop and a cell phone with envelopes coming out of them

Why Data Flow Mapping is Key to Web App Security Testing

Continue Reading

the text 'CMMC and ISO 27001 audit requirements compared' with a circuit board in the background

CMMC and ISO 27001 Audit Requirements Compared

Continue Reading

a funko pop of jon snow from game of thrones

Like Drogon Changed King’s Landing… CV-19 is Changing Information Security

Continue Reading

a man is sitting at a desk using an apple laptop

What Makes a Great CIO or vCIO?

Continue Reading

a black chicken standing in a wooden barn doorway

Just Like the Fox and the Hen House: Keeping IT and Information Security Assessment Separate

Continue Reading

a woman wearing a watch is typing on a laptop

What’s a vCIO? Wait… What’s a CIO?

Continue Reading

aerial view of the pentagon in washington d.c.

This is Why DoD Suppliers Need to Move Soon to CMMC Readiness

Continue Reading

a person holding a tablet with a padlock on it

OWASP ASVS Levels: Which is Right for My Application?

Continue Reading

a man is pointing at a screen that says audit

What Being “Audit-Ready” Means Today for DoD Suppliers

Continue Reading

a person holding a cell phone with a padlock on the screen

4 Top Reasons to Consider ISO 27701 for Privacy Compliance

Continue Reading

an individual's hands holding a tablet displaying an array of icons

Visualizing the Internet of Things – 6 Main Components

Continue Reading

two hands, one with a thumbs up and the other with a thumbs down

OWASP Top 10 Versus OWASP ASVS: Recommendations and Roadmap

Continue Reading

a woman sitting at a desk with a pen in her mouth

You Should Probably Rethink How You’re Using the OWASP Top 10

Continue Reading

a group of female athletes are lined up on a track

Insider Info: Early CMMC Certification + Provable NIST 800-171 Compliance can be a Competitive Advantage for DoD Suppliers

Continue Reading

a stamp lying on its side with its design featured on the surfacing it is lying on

What is ISO 27701 and How Can It Help Your Business?

Continue Reading

Closeup of yellow dice with four black dots on the top

Top 4 Ways to Beat Your IoT Security Challenges

Continue Reading

three statues sit on a wooden table covering their eyes ears and mouths

3 Reasons Why You Should Probably Focus on NIST SP 800-171, Not CMMC

Continue Reading

a poster for the virtual ciso podcast explains why application security is a team sport and how your team can win

Application Security is a Team Sport. Is Your Team Winning?

Continue Reading

Who is Exostar and Why You (As a DoD Supplier) Should Care?

Continue Reading

five runners jumping over hurdles on a track

How High a Hurdle is CMMC Compliance for Today’s DoD Suppliers?

Continue Reading

Web App Developers Don’t Need to Be Security Experts to Use the OWASP ASVS

Continue Reading

a person holding a tablet with a padlock on it

OWASP ASVS: Web Application Testing Comes of Age

Continue Reading

a notebook and pen sitting in front of an open computer

70% of Web Apps Have Open Source Security Flaws—Here’s How to Fix Yours

Continue Reading

a girl whispering a secret into another girl 's ear

Your ISO 27001 ISMS Internal Audit Sucks (Here’s How to Fix It)

Continue Reading

episode 18 of the virtual ciso podcast

When Less Really is More

Continue Reading

a poster for the virtual ciso podcast episode 17

Leveraging ISO 27001 for CMMC Requirements

Continue Reading

How CREST Supports Your Security Purchasing

Continue Reading

Virtual CISO Podcast Quote Template 02

You Need to Re-Think The OWASP Top 10 – Here’s Why

Continue Reading

icons featured in front of a photo of a data center storage unit

Concerned about the security of your Cloud Services? Demand CREST.

Continue Reading

a table of leveraging security and privacy standards for iot

IoT Testing Guidance: Is OWASP ASVS Better than NIST 8259?

Continue Reading

a table showing how to use each to secure your iot devices

Should I Use NIST 8228 or NIST 8259 for IoT Design or IoT Testing?

Continue Reading

an individual with a tablet in their hand and several icons are featured in the graphic

CA SB-327—Why So Little IoT Guidance Means So Much

Continue Reading

episode 14 of the virtual ciso podcast

Why (and When) You Need Computer Forensics

Continue Reading

the virtual ciso podcast episode 13 is titled why iso 27701 is the answer to privacy compliance

ISO 27701- A Roadmap to Implementation

Continue Reading

row of doors with one red door in the middle

“SOC 2 or ISO 27001?” is Not the Right Question

Continue Reading

Couple of fingers with smiley faces and a heart painted on them

SOC 2 & ISO 27001… The ULTIMATE Security Attestation

Continue Reading

The Difference between Threat Data and Threat Intelligence—and Why It Matters

Continue Reading

Why Your SIEM Tool Needs to Monitor Cloud Environments… or Else

Continue Reading

The #1 Most Important Feature of a Security Information Management Solution for SMBs

Continue Reading

SIEM, a SOC, an MSSP… Choosing Correctly is Crucial for every SMB

Continue Reading

A “Less is More” Mentality Will Save Your SIEM Deployment & Operation

Continue Reading

two pairs of hands on different sides of a rope each pulling the rope towards their side

SOC 2 vs. ISO 27001: The “Philosophical” Differences (That Make All the Difference)

Continue Reading

episode 12 of the virtual ciso podcast

Business Continuity Is Fundamentally About Resilience

Continue Reading

the virtual ciso podcast episode 11 with daniel cuthbert

The OWASP ASVS and Why It’s an Application Security Game Changer

Continue Reading

man with a hat behind a coding screen

4 Tips to “Quarantine” the Latest Ransomware Threats

Continue Reading

a padlock is surrounded by a bunch of code

Internal Penetration Testing FAQ

Continue Reading

The Shared Assessments SIG and SCA—“Trust” and “Verify” Tools for SMBs’ High-Risk Vendors

Continue Reading

How Including a Standardized Control Assessment in Your ISO 27001 Internal Audit Can Pay Huge Dividends for SMEs

Continue Reading

Leveraging SIEM Technology for Regulatory Compliance

Continue Reading

How SMEs Can Stay Ahead of Emerging Risks and Regulations with the Standardized Control Assessment

Continue Reading

Don’t Be the Slowest SMB in Today’s Cybercrime Jungle

Continue Reading

The Standardized Control Assessment: 3 Key Use Cases for SMBs

Continue Reading

a map of the world with a padlock on it

Is a Security Information & Event Management (SIEM) Solution Right for Your Business?

Continue Reading

The Standardized Control Assessment: Better, Faster and Cheaper for Both Outsourcers and Service Providers?

Continue Reading

the virtual ciso podcast episode 10 features stuart itkin

Exostar and Their Role in Your CMMC Certification

Continue Reading

episode 9 of the virtual ciso podcast

Is Any SMB Too Small for a SIEM?

Continue Reading

a light bulb with the earth inside of it

Health Innovations to Watch: Dr. Joel Kahn’s Picks

Continue Reading

a woman sits on a dock looking at a body of water

Dr. Joel Kahn’s Top 3 Strategies to Help InfoSec Pros De-Stress

Continue Reading

blackboard with the word test written on it

“Test Don’t Guess” – 5 Proactive Steps to Reduce Heart Health Risk for InfoSec, IT and Business Leaders

Continue Reading

a street sign that says half full and half empty

Mindset is Step One to Health for Stressed-Out InfoSec Professionals

Continue Reading

Woman in a black shirt throwing papers in the air

Is Job Stress the Biggest Challenge in Information Security?

Continue Reading

pile of coins on top of a one dollar bill

SOC 2 vs. ISO 27001 – Dollars and Sense

Continue Reading

the virtual ciso podcast episode 08 is about resilience guidance and the sca

SMBs, Meet the SCA

Continue Reading

a little girl sitting on a woman 's lap looking at a laptop

Using Zoom for your Seder Gathering? Follow NJCCIC Guidance

Continue Reading

the words 'Covid-19' with a map in the background and glowing lines connected by dots

COVID-19 InfoSec Impacts: Third-Party Risk Management

Continue Reading

a handshake with the words learning experience skills competence training and growth written on it

The Cyber Skills Gap is a National Security Threat

Continue Reading

a chalkboard with the words talents skills values interests and vision written on it

Top 10 Tips to Retain Security Talent (and Only #1 Matters)

Continue Reading

a red covid-19 stamp on a green background

COVID-19 InfoSec Impacts: Social Engineering and Phishing

Continue Reading

a poster for the virtual ciso podcast with a quote from dr joel kahn

Stress is Killing You, But it Doesn’t Have To

Continue Reading

cat sits in front of a laptop that says covid-19 updates

COVID-19 InfoSec Impacts: Remote Workforce Issues

Continue Reading

a tablet with a dashboard on the screen

SOC 3 Report: A SOC 2 “Summary” You Can Share Openly

Continue Reading

a man in a suit is holding a tablet with the word skills on it

How Big is the Information Security Talent Gap (Really) and What Can We Do About It?

Continue Reading

episode 6 of the virtual ciso podcast

Get to Know The Virtual CIO

Continue Reading

a man is holding a cell phone in front of a laptop computer .

Tips for Personal Device Use for the Forced Remote Workforce under COVID-19 Pandemic

Continue Reading

the word 'fear' and each letter of the word are filled with fear-centered words, such as 'powerless', 'helpless', 'alone', and 'worthless'

Don’t Let Fear Be the Reason You Don’t Hire a vCISO

Continue Reading

a woman sits at a table using an apple laptop

A vCISO’s Role in a Growing SaaS Business

Continue Reading

episode 5 of the virtual ciso podcast

Staying Secure in a COVID-19 World

Continue Reading

Keep Your Remote Workforce Safe & Secure – Free Security Awareness Education Videos about Phishing & Passwords

Continue Reading

two individuals' hands, sat at a table, one is writing in a notebook, the other had a tablet in front of them

Is the vCISO Role Really “Business First and Technology Second”?

Continue Reading

a poster for the virtual ciso podcast episode 4

True Confessions of a Real Life Virtual CISO

Continue Reading

an id card with a picture of a man wearing glasses

The DoD’s New CMMC: Think of It as Your Cyber Driver’s License

Continue Reading

episode 2 of the virtual ciso podcast

Cybersecurity Talent Shortage Insights & Answers

Continue Reading

several 50 dollar bills are laying on a table

February 25, 2020

Security as an “Allowable Cost” in DoD Contracts—Is It Really that Simple?

Continue Reading

Illustration of a man with a beard and a stack of money

February 11, 2020

How Much Will CMMC Certification Cost My Business?

Continue Reading

a person is holding a pile of green leaves in their hands

February 10, 2020

Does Your Organization Need to Get CMMC Certified with the Limited Rollout? – Let’s Read the Tea Leaves

Continue Reading

a hand moving a button on a soundboard

CMMC 2.0 Gap Assessment: Should We Hire an External Resource?

Continue Reading

Wizard of oz doll sitting on shelf

February 13, 2020

GDPR, CCPA and the NIST Privacy Framework, OH MY!

Continue Reading

a man in a suit is giving a thumbs up

February 5, 2020

Why OFIs in Your Internal ISO 27001 Audit Report are a “Good Thing”

Continue Reading

January 26, 2012

How much does ISO 27001 Certification Cost?

Continue Reading

a close up of a stopwatch showing that it is almost 5:00

January 23, 2020

How Does the CCPA Affect You and Your Vendors? – Quick Summary

Continue Reading

Wooden abacus with colorful beads on it

January 21, 2020

Using the Shared Assessments SCA for Added Benefits—Even If You’re Already ISO 27001 Certified

Continue Reading

a cartoon of a man surrounded by question marks

January 10, 2020

Even The Greatest Jeopardy Contestants of All Time Struggle with Cybersecurity

Continue Reading

1 + 1 = 1 is written on pile of dirt

December 18, 2019

ISO 27701 and ISO 27001—Better Together

Continue Reading

lightning strikes a tree in the middle of a field

December 18, 2019

Why Business Impact Analysis and Recovery Planning Should Be Facility-Specific

Continue Reading

lady justice with a blue sky behind

December 17, 2019

General Counsels are Taking the Lead in Privacy Compliance

Continue Reading

a group sitting at a restaurant interacting and there are drinks sitting on the table

December 17, 2019

OpenTable possibly Opening Issues for Restaurant Security

Continue Reading

Charlie Brown christmas decorations with sign pointing to christmas trees

December 16, 2019

Think of Your vCISO as Your Security Blanket

Continue Reading

an illustrated figure with a hood is sitting at a surface with a laptop with money falling behind them in the background, and an atm is blocked out with a card displayed beside it

December 16, 2019

Real Life “Sneakers” Report: I’m Looking at the Back of an ATM Machine

Continue Reading

the figure of an individual running across the screen with one dollar bills in the background

December 13, 2019

3 Top Reasons Why You Can’t Wait Any Longer to Start Managing Vendor Risk

Continue Reading

iron man and the hulk are standing in the grass

December 13, 2019

You Don’t Really Need the Avengers to Protect Your Data (Sometimes It Just Feels that Way…)

Continue Reading

How to Know When You’re Ready for a Fractional CISO

November 26, 2019

How to Know When You’re Ready for a Fractional CISO

Continue Reading

4 lego stormtroopers are approaching an individual at their desk with a nervous look on their face

November 22, 2019

Humility (Not Ignorance) is Bliss

Continue Reading

a woman biting a pencil in front of a laptop

November 18, 2019

Higher Education Faces a New Information Security Compliance Check

Continue Reading

Woman writing on a whiteboard that says who how when what why where

November 15, 2019

You Probably Don’t Know Who Your Vendors Are

Continue Reading

Scrabble blocks with the words "game changer" written on them

November 14, 2019

Ransomware: The Game Changer

Continue Reading

a bruised and bandaged Kermit the frog holding a wooden stick

November 13, 2019

When It Comes to Patching Vulnerabilities, “Missing Some Spots” Isn’t Good Enough

Continue Reading

Colorful rubik 's cube sits in front of a red shirt that says never enough

November 7, 2019

Certified or Not—If You Got Breached, You Didn’t Do Enough

Continue Reading

a man with a sticker on his head that says "hey happy'' is sitting in front of a computer

November 6, 2019

The Bright Side of InfoSec – I Love Being an Information Security Consultant

Continue Reading

a phone, laptop, and notebook and paper sitting on a wooden surface

November 5, 2019

Information Security Policy Documentation: Simple is Better

Continue Reading

a woman is sitting on the floor using a laptop computer .

November 4, 2019

A Strong Information Security Posture is a Business Enabler

Continue Reading

a map of the world is surrounded by binary code

October 31, 2019

Role of the CISO in 2020: It’s Like Playing the Classic Board Game “Risk” (All Day Every Day)

Continue Reading

a black and white photo of a person playing a bass guitar

October 30, 2019

Your ISO 27001 Scope – It’s All About that Data, bout that Data, no Treble

Continue Reading

a young child holding their hands to their face and a question mark appearing next to them (the photo is in black and white)

October 25, 2019

Don’t Mistake a SOC 2 Attestation for Proof of Security

Continue Reading

the word why is surrounded by question marks on a blue background

October 24, 2019

3 Reasons Why It’s Getting Harder to Respond to Security Questionnaires

Continue Reading

a pool table in a room with a spiral staircase

October 22, 2019

“Keeping Up with the Joneses” Should Not Be Your Network Security Strategy

Continue Reading

hand giving a thumbs up next to a cell phone

October 21, 2019

Two-Factor Authentication and the New OWASP ASVS 4.0

Continue Reading

Man walking through a foggy forest with a monster behind him

October 17, 2019

The Zero-Day Monster: One More Reason I’m Really Excited for Halloween

Continue Reading

wonder woman and superman are standing next to each other

October 16, 2019

Who Are Your Critical Operational Superheroes?

Continue Reading

a man wearing sunglasses and a leather jacket is screaming

October 9, 2019

SOC 2 vs ISO 27001: The 2 Biggest Reasons to Choose One Over the Other (with Help From Bono)

Continue Reading

a red question mark is surrounded by black question marks

October 4, 2019

Does Your SaaS Platform Need AlienVault to be ISO 27001 Certified?

Continue Reading

a large piece of ice is floating in the water

October 2, 2019

CCPA is Only the Tip of the (First) Iceberg

Continue Reading

a man is making a funny face and pointing at the camera

September 27, 2019

Come at Me Bro (Auditor)!… Why You Should Have an ISMS Manual

Continue Reading

two hands holding up two ice cream cones in front of windows

September 25, 2019

ISO 27701: It’s Like a Smoked Salmon Ice Cream that’s Actually Delicious!

Continue Reading

a business man and woman sitting at a table where the woman looks taken aback and there is a woman on the phone in the background

September 24, 2019

Don’t Lose a Deal Because of a Security Questionnaire

Continue Reading

a laptop with the number 4.0 on the screen

September 19, 2019

What the New OWASP ASVS 4.0 Levels Really Mean

Continue Reading

person is doodling in a notebook about business

September 18, 2019

Leveraging Metrics to Address the “Business” of Information Security

Continue Reading

a woman in a plaid shirt is jumping on a bed

September 16, 2019

How to Re-Energize Your ISO 27001 Efforts

Continue Reading

three bowls with sticky notes on them that say too hot too cold and just right

September 11, 2019

Goldilocks and the Three SIEMs

Continue Reading

a wooden gavel sits on top of a law book

September 10, 2019

A Troubling Observation from the American Association of Justice Annual Convention, Part 2

Continue Reading

an individual reaching their hand out and their hand is painted yellow, green, red, and blue

September 6, 2019

OWASP ASVS Version 4.0 Controls Checklist Spreadsheet + 5 Benefits

Continue Reading

the word keywords is written in scrabble tiles

August 29, 2019

Data Privacy Terms – The Language of Privacy

Continue Reading

Two storm trooper lego figures holding an egg on a wooden table

August 28, 2019

SOC 2 and ISO 27001 Dual Implementation: Does It Make Sense for Your Business?

Continue Reading

a group of students fist bumping over a desk cluttered with computers and notebooks

August 27, 2019

The Future of Cyber Risk Management Revolves around C-Level Communication

Continue Reading

a green tape measure displaying 8 inches

August 19, 2019

With Security Attestations, Size Matters (Not Yours… Your Clients’)

Continue Reading

a laptop with a red warning sign on the screen

August 14, 2019

Analysis of the Capital One Breach

Continue Reading

a vendor response form with instructions on how to fill it out

August 15, 2019

5 Reasons to Kickstart Your Vendor Risk Management Program with a Vendor Risk Assessment Template

Continue Reading

Orange arrow that says 20% effort points to a blue circle that says 80 % results

August 21, 2019

80/20 Cyber Security, Part 4—The 3 “Damage Control” Controls

Continue Reading

Orange arrow that says 20% effort points to a blue circle that says 80 % results

August 20, 2019

80/20 Cyber Security, Part 3—The 3 Essential Technical Controls

Continue Reading

a wooden gavel sits on top of a law book

August 13, 2019

A Troubling Observation from the American Association of Justice Annual Convention, Part 1

Continue Reading

a diagram of 80/20 information security the pareto principle in action

August 12, 2019

80/20 Cyber Security, Part 2—The 3 Most Critical Controls

Continue Reading

Orange arrow that says 20% effort points to a blue circle that says 80 % results

80/20 Cyber Security—How to Reduce 80% of Your Cyber Risk with 20% of the Effort

Continue Reading

Virtual CISO (vCISO) Pricing and Cost Drivers

Continue Reading

pivotpoint security poster for building iso 27001 certified information security management system

ISO 27001 Certification Proven Process Explained! Step 8: Maintenance, Continuous Improvement and Recertification

Continue Reading

pivotpoint security poster for building iso 27001 certified information security management system

ISO 27001 Certification Proven Process Explained! Step 7: Certify Your ISMS

Continue Reading

pivotpoint security poster for building iso 27001 certified information security management system

ISO 27001 Certification Proven Process Explained! Step 6: Conduct an Internal Audit

Continue Reading

pivotpoint security poster for building iso 27001 certified information security management system

ISO 27001 Certification Proven Process Explained! Step 5: Execute the Risk Treatment Plan

Continue Reading

pivotpoint security poster for building iso 27001 certified information security management system

ISO 27001 Certification Proven Process Explained! Step 4: Build a Risk Treatment Plan

Continue Reading

pivotpoint security poster for building iso 27001 certified information security management system

ISO 27001 Certification Proven Process Explained! Step 3: Identify and Analyze Information Related Risk

Continue Reading

pivotpoint security poster for building iso 27001 certified information security management system

ISO 27001 Certification Proven Process Explained! Step 2: Understand Your InfoSec Controls

Continue Reading

pivotpoint security poster for building iso 27001 certified information security management system

ISO 27001 Certification Proven Process Explained! Step 1: Understand Your Scope

Continue Reading

“Letting Go of the Bicycle” on an ISO 27001 Project

Continue Reading

4 Reasons to Establish and Exercise Your Right to Audit Vendors

Continue Reading

Why “Check-the-Box” Policies are a VERY Bad Idea

Continue Reading

3 “First To-Dos” after You Complete Your Privacy Data Mapping Exercise

Continue Reading

5 Tips to Create an Effective Information Security Management Committee (ISMC)

Continue Reading

Hey SaaS Companies! Have an Amazing Product/Service But No Security Program Yet? No Worries!

Continue Reading

Risk Management – If a Thing is Worth Doing, Its Worth Doing Right

Continue Reading

Yes, You Still Need Penetration Testing in the Cloud

Continue Reading

“From the Server Room to the Board Room”: The 4 Top Concerns of Security-Aware C-Suites

Continue Reading

Hiring Security Talent? Give Professional Certifications the Weight They Deserve (Not More)

Continue Reading

The Importance of Scope in Penetration Testing

Continue Reading

14 Million Reasons to Update Data Classification Policy

Continue Reading

Discover Why CCPA Will Make All Your Data More Secure (Not Just PII)

Continue Reading

a table featuring message mapping

Why You Need a Crisis Communications Plan

Continue Reading

A “Phishing” Story — Beware of This New Twist

Continue Reading

Taking a “Business Process” Approach to ISO 27001

Continue Reading

Address CCPA before September 2019… or Pay the Price

Continue Reading

Why Medium-Sized Businesses Are Ideal Candidates for an InfoSec Program

Continue Reading

Continue Reading

Why ISO 27001 is like Managing an NFL Team

Continue Reading

How Being in Information Security Has Changed My Annual OBGYN Visit by Carla Higginbotham

Continue Reading

“Where to Start” for Security and Privacy Initiatives in the Legal Vertical

Continue Reading

5 Success Factors: Law Firm Data Security & Privacy Initiatives (Part 3)

Continue Reading

5 Success Factors: Information Security for Law Firms (Part 2)

Continue Reading

5 Success Factors: Cyber Security for Law Firms (Part 1)

Continue Reading

Don’t Pay the Price for an Unsecured Managed Services Vendor

Continue Reading

You Can’t Afford to Ignore CCPA Like You Ignored GDPR

Continue Reading

Discover the 4 Steps to Building an Information Security Plan

Continue Reading

Engaging a vCISO: 4 Key Questions (Plus Advice from Mike Tyson)

Continue Reading

Is the CISO’s Role to Preserve Value—Or Create It?

Continue Reading

Password Security Tips #2 and 1: Sharing Passwords

Continue Reading

Password Security Tips #5, 4 and 3: Password Resetting, 2FA, and Storage

Continue Reading

Password Security Tips #8, 7 and 6: Reuse, Emails, and Default Passwords

Continue Reading

Why Your Vendor Risk Management Program Won’t Protect You from Supply Chain Risk Like the Wipro Breach

Continue Reading

Password Security Tip #10: Avoid Easily Guessable Passwords (Obvious but Crucial)

Continue Reading

Password Security Tip #9: Make Passwords as Strong as They Need to Be

Continue Reading

Free Open Source Software (FOSS) Risks

Continue Reading

Have I Been Pwned?

Continue Reading

Passwords Just Aren’t Enough Anymore: Why the Move to MFA is Inevitable

Continue Reading

Do You Really Know Who’s Handling Your Security in the Public Cloud?

Continue Reading

3 Top Tips to Streamline Your Vendor Questionnaires without Compromising Risk Management

Continue Reading

Longer Minimum Passwords Can Help Prevent Password Reuse

Continue Reading

Why Your Business Continuity Plan Must Cover Cyber Incident Response

Continue Reading

Why Scanning Your Company’s Full IP Address Block Could Save Your Butt

Continue Reading

As IoT Devices Multiply Like Rabbits, Hackers Move in for the Kill

Continue Reading

Collection 1 Breach – Why You Need Password Management (and 2FA)

Continue Reading

When and How to Hire a vCISO

Continue Reading

Why Outsourcing Information Security is an Advantage for Most Organizations

Continue Reading

February 28, 2019

What the SOC 2 Changes Mean for Businesses Seeking an InfoSec Attestation

Continue Reading

February 22, 2019

Why Your Company Should Consider a Privacy Impact Assessment (PIA)

Continue Reading

February 19, 2019

You are Missing the Most Important Security Awareness Training Module…

Continue Reading

February 13, 2019

I Was Wrong about Risk Assessments—and You Probably Are as Well

Continue Reading

February 4, 2019

NIST CSF Tiers and Profiles for Dummies… (or Senior Management)

Continue Reading

January 31, 2019

What Batman and Alfred Reveal about Information Security Project Management

Continue Reading

January 24, 2019

3-Step Guidance on Managing Outsourcing Risk

Continue Reading

January 22, 2019

The Collection #1 Data Breach—Should You Worry?

Continue Reading

January 4, 2019

9 Benefits of ISO 27001 Certification—Some You Know, Some You Probably Don’t

Continue Reading

January 2, 2019

ABA Opinion 483 from an Information Security Expert’s Point of View

Continue Reading

a list of third party controls and their maturity

December 20, 2018

How to TPRM? Embrace the Art and Science.

Continue Reading

December 27, 2018

To Pay or Not to Pay Your Hackers? Why There’s Really No Debate on Ransomware Response

Continue Reading

December 18, 2018

Yes: Your Law Firm Needs to Do a Business Impact Analysis

Continue Reading

December 14, 2018

How a vCISO Strategy Can Save You Money—Because Nature Abhors a Vacuum

Continue Reading

December 4, 2018

Recovery Time Objectives (RTOs) & Your Disaster Recovery Plan

Continue Reading

November 27, 2018

How Long Does It Take You to Patch a Critical Vulnerability?

Continue Reading

November 20, 2018

ISO 27017 vs. CSA STAR – The Two Leading Cloud Security Standards Compared

Continue Reading

November 6, 2018

3 Reasons Why “Project Verify” Scares Me

Continue Reading

October 16, 2018

The Time Has Come to Move to Windows 10

Continue Reading

October 11, 2018

What Does “Failure is Not an Option” Mean for Recovery Planning?

Continue Reading

October 9, 2018

Credential Harvesting: It’s More Than Just Phishing and More Common Than Ever

Continue Reading

October 2, 2018

Do New Regulations Mean that Data Security and Data Privacy Should Merge?

Continue Reading

September 27, 2018

GDPR and the California Consumer Privacy Act of 2018 Compared

Continue Reading

October 4, 2018

What Threat Hunting and Pinot Noir Have in Common

Continue Reading

September 24, 2018

Why “Hacker” Gatherings Like DEF CON Matter for Your Business

Continue Reading

September 10, 2018

How the Fiserv Application Vulnerability Validates a Strength of OWASP ASVS

Continue Reading

a table showing different drivers for third party request and internal driver

August 30, 2018

Is “Business as Usual” the Biggest Business Continuity Trend?

Continue Reading

August 28, 2018

Recovery Planning Neglect – Excuses That Make a BC/DR Professional’s Head Spin

Continue Reading

August 16, 2018

September 3, 2018: NYDFS 500 “Covered Entities” Compliance Deadline

Continue Reading

Why Pivot Point Security is Now Offering ISO-27001 “As-a-Service” for Certification & Maintenance

Continue Reading

August 10, 2018

6 Strange-but-True Tales of IoT Hacks

Continue Reading

California’s New Privacy Law Means US Firms Can’t Delay Privacy Initiatives Any Longer (Part 2)

Continue Reading

California Consumer Privacy Act of 2018: What Could It Mean for Your Business? (Part 1)

Continue Reading

Challenges in IoT Security—Is It Getting Better or Worse?

Continue Reading

9 Data Security Questions Law Firms Should Ask Their SaaS Vendors

Continue Reading

NYDFS, NAIC’s Model Law: Just the Tip of the Cybersecurity Regulation Iceberg

Continue Reading

Maintaining Security in the Public Cloud: Look Before You Leap

Continue Reading

News Flash: 25% of Your Users Reuse the Same Password for Everything

Continue Reading

Protecting your Office Printer from Cyberattack

Continue Reading

How Much vCISO Do I Need to Be Successful?

Continue Reading

EKG Device Hacks Underscore Growing IoT Risks in Healthcare

Continue Reading

Conflict of Interest Checking for Vendor Risk Management

Continue Reading

5 Critical Steps to Align Security Policy with Your Cyber Liability Insurance Policy

Continue Reading

A Guide to Managing Technical Vulnerabilities for Municipalities

Continue Reading

How Municipal Governments Can Manage Third-Party Risk

Continue Reading

Disaster Recovery Planning for Hurricane Season

Continue Reading

Tags/Blog Search

Choose 1 or more topics below to expand your search: