BLOG - Pivot Point Security

BLOG

Latest Blog

109 0

February 3, 2023

Emerging Use Cases for Cyber Threat Intelligence

What is cyber threat intelligence and how are businesses leveraging it today? Does it have reactive or proactive use cases,

Tags/Blog Search

Choose 1 or more topics below to expand your search:

109 0

February 3, 2023

How Does Cyber Threat Intelligence Relate to Attack Surface Management or Digital Risk Management?

Continue Reading

109 0

February 2, 2023

Still Think Your Org Has Nothing Hackers Want?

Continue Reading

109 0

February 2, 2023

Cybercrime Business Models and Supply Chains

Continue Reading

109 0

February 1, 2023

How Financially Motivated Cybercriminals Really Operate, and Why You (as an Org with Exploitable Assets) Should Care

Continue Reading

109 0

February 1, 2023

Understanding How Cybercriminals Operate Can Protect Your Business

Continue Reading

aws blog

January 26, 2023

What’s New and Exciting with AWS Security?

Continue Reading

aws blog

January 25, 2023

Public Cloud Consumers: Is Your Management Plane Secure?

Continue Reading

aws blog

January 25, 2023

What are the Most Important AWS Security Tools that Every Org Should Use?

Continue Reading

aws blog

January 25, 2023

Why Do So Many Orgs Stumble on Cloud Security?

Continue Reading

aws blog

January 25, 2023

Different Public Cloud Services Equal Different Shared Security Responsibilities with Your CSP

Continue Reading

aws blog

January 25, 2023

2 Top Security Problems that AWS Users Cause Themselves

Continue Reading

aws blog

January 25, 2023

AWS Cybersecurity Best Practices—From Amazon’s Security Solutions Architect

Continue Reading

blog 108 1

January 23, 2023

Cyber Insurance Considerations for DIB Orgs

Continue Reading

blog 108 1

January 23, 2023

Export Controlled Data: What is It and Why Should We (as a US Government Contractor) Care?

Continue Reading

blog 108 1

January 23, 2023

DIB Orgs: Here’s How to Avoid False Claims Act Sanction

Continue Reading

blog 108 1

January 23, 2023

Should You Voluntarily Disclose a CUI Incident or Data Breach?

Continue Reading

blog 108 1

January 23, 2023

CUI Basic and CUI Specified—What’s the Difference

Continue Reading

blog 108 1

January 23, 2023

Understanding the Legalities around Controlled Unclassified Information (CUI)

Continue Reading

pps blog

January 18, 2023

Security Staffing Moves for a Down Economy

Continue Reading

pps blog

January 18, 2023

Want to Work Smarter Not Harder in a Down Economy? Embrace Security Automation.

Continue Reading

pps blog

January 18, 2023

In a Down Economy, Ensure You’re Getting the Max from Security Investments

Continue Reading

pps blog

January 18, 2023

Why You Should Keep Making Needed Security Investments in a Down Economy

Continue Reading

piotblog1

January 18, 2023

Why Aligning Cybersecurity with Trusted Frameworks is More Important than Ever in a Down Economy

Continue Reading

piotblog1

January 17, 2023

A Cybersecurity Strategy is More Critical Than Ever in a Slow Economy

Continue Reading

piotblog1

January 17, 2023

John Verry’s Top 10 Ideas to Advance Security and Compliance Even in a Tight Economy

Continue Reading

pivot blog

January 13, 2023

CMMC Rulemaking Changes Again—What’s the Timeline Now?

Continue Reading

ep105.5

January 5, 2023

Leveraging OOTB “Policy as Code” for Cloud Security Posture Management

Continue Reading

ep105.4

January 5, 2023

Addressing False Positives and Alert Fatigue across Enterprise Security Tools

Continue Reading

ep105.3

January 5, 2023

Your Cloud Security Posture Needs Both Preventive and Detective/Corrective Components

Continue Reading

ep105.2

January 4, 2023

Governance as Code—Is It the Answer to Cloud-Native Security?

Continue Reading

ep105.1

January 4, 2023

Security, Compliance and Governance in the Cloud—How Do They Relate?

Continue Reading

ep105

January 4, 2023

Dynamic Relationships between Governance, Security, and Compliance

Continue Reading

blog img

December 28, 2022

Is Your Board Prepared for the SEC’s New Cybersecurity Regulations?

Continue Reading

ep104v7

December 20, 2022

Is Attack Surface Management Right for SMBs?

Continue Reading

ep104v6

December 20, 2022

Factoring Third-Party Risk into Attack Surface Management

Continue Reading

ep104v5

December 19, 2022

How Much of Your Attack Surface is Beyond Your Visibility?

Continue Reading

ep104v4

December 19, 2022

Is It Still a Data Breach if the Data was Outside Your Infrastructure?

Continue Reading

ep104v3

December 19, 2022

How Do Assets Relate to Attack Surface Management?

Continue Reading

ep104v2

December 15, 2022

What is Digital Business Risk Management and Why is It So Valuable to Security Leaders?

Continue Reading

ep104v1.1

December 15, 2022

Is Digital Business Risk Management the Future of Attack Surface Management?

Continue Reading

November 23, 2022

Monitoring Security of Your Deployed Public Cloud Application

Continue Reading

November 22, 2022

Validating Security Within Your DevOps Pipeline

Continue Reading

CPRA Compliance

November 10, 2022

Time’s (Almost) Up for California Privacy Compliance

Continue Reading

November 21, 2022

Skills to Look for in Developers to Move Your Applications to the Cloud

Continue Reading

November 18, 2022

Should We Containerize Our Cloud-Based Application?

Continue Reading

November 17, 2022

Should You Outsource Managing Your App Along with Building It?

Continue Reading

November 16, 2022

Are There Any Simple Templates to Help Manage a Secure Web App in the Public Cloud?

Continue Reading

November 15, 2022

The Complexities of Deploying a Secure Application in the Cloud

Continue Reading

November 14, 2022

What are a New Privacy Lead’s Biggest Challenges? (From a Fortune 500 CPO)

Continue Reading

November 11, 2022

Tips from a Fortune 500 CPO on Automating Your Privacy Program

Continue Reading

November 10, 2022

Tackling the Legal Side of Privacy without Becoming a Lawyer

Continue Reading

November 9, 2022

How Does Physical Security Tie into Privacy?

Continue Reading

November 7, 2022

The New Intersection of Privacy and Security (from a Fortune 500 CPO)

Continue Reading

November 7, 2022

The Intersection of Privacy & Security

Continue Reading

pivot blog2 1

October 26, 2022

What Will It Take to Survive a Third-Party CMMC Level 2 Assessment?

Continue Reading

pivot blog

October 26, 2022

DIB Orgs: Here’s What’s Up with CMMC “Flowdown” and New Pressures from Primes

Continue Reading

Screen Shot 2022 10 25 at 12.23.00 PM

October 25, 2022

We Don’t Think We Need CMMC Level 2 but the Government Says We Do…

Continue Reading

Screen Shot 2022 10 25 at 11.54.34 AM

October 25, 2022

Should We Pursue a Voluntary CMMC Assessment?

Continue Reading

Screen Shot 2022 10 13 at 6.44.21 AM

October 24, 2022

Is There a Path for Non-US Companies to be CMMC Certified?

Continue Reading

Screen Shot 2022 10 25 at 9.43.00 AM

October 24, 2022

ISO 27001 Certified Orgs—Here’s the Latest on CMMC Reciprocity

Continue Reading

Updated FedRAMP Auth 1

October 24, 2022

House Approves Updated FedRAMP Authorization Act

Continue Reading

Screen Shot 2022 10 23 at 12.21.20 PM

October 21, 2022

Can SMBs Afford CMMC Level 2 Certification?

Continue Reading

Screen Shot 2022 10 23 at 12.07.57 PM

October 21, 2022

When Do We Need to Be CMMC 2.0 Certified?

Continue Reading

pivot blog2

October 20, 2022

DIB Orgs: Here are Answers to Your Top CMMC Encryption and MFA Questions

Continue Reading

pivot blog1

October 20, 2022

Does My DIB Org Need a SIEM for CMMC Compliance

Continue Reading

Screen Shot 2022 10 20 at 9.49.35 AM

October 19, 2022

Your Top CMMC Questions Answered

Continue Reading

Screen Shot 2022 10 13 at 6.44.21 AM

October 14, 2022

SME InfoSec Leads: Here’s How to Kickstart a Privacy Program

Continue Reading

Screen Shot 2022 10 13 at 6.48.46 AM

October 17, 2022

How Automation Can Help Operationalize a Privacy Program

Continue Reading

Screen Shot 2022 10 13 at 6.37.29 AM

October 13, 2022

How Automation Can Help with Data Privacy Impact Assessment

Continue Reading

Screen Shot 2022 10 09 at 10.54.36 PM

October 12, 2022

SMEs: Do You Know Where All Your Customers’ Personal Data Resides?

Continue Reading

Screen Shot 2022 10 09 at 10.35.44 PM

October 11, 2022

SMEs: Are Your Customers Pushing You Towards a Privacy Program?

Continue Reading

Screen Shot 2022 10 09 at 10.29.05 PM

October 10, 2022

The Two Audiences For Privacy & How They Drive Data Collection

Continue Reading

Screen Shot 2022 10 07 at 4.01.43 PM

October 7, 2022

Is Cybersecurity Certification Worth the Effort?

Continue Reading

Screen Shot 2022 10 05 at 9.34.12 AM

October 6, 2022

Can Disaster Recovery and Business Continuity Help with Software Supply Chain Risk Assessment?

Continue Reading

Screen Shot 2022 10 05 at 9.29.59 AM

October 5, 2022

Can Cybersecurity Frameworks Help with Software Supply Chain Risk Management?

Continue Reading

Screen Shot 2022 10 04 at 3.16.48 AM

October 4, 2022

Supply Chain Risk Management and Third-Party Risk Management: What’s the Difference?

Continue Reading

Screen Shot 2022 10 03 at 6.55.29 PM

October 3, 2022

What is Software Supply Chain Risk Management and Why Should We (as an Org That Uses Software) Care?

Continue Reading

Pivot Point Blog Template 18

October 3, 2022

The FTC’s Intensified Prosecution of Deceptive Cybersecurity and Privacy Practices: Here’s What You Should Know

Continue Reading

Screen Shot 2022 09 30 at 10.44.54 AM

September 30, 2022

Unpacking Critical Elements of Supply Chain Risk Management

Continue Reading

Pivot Point Blog Template 17

September 30, 2022

PATCH Act Legislation Could Expand Medical Device Manufacturing Cybersecurity Regulations

Continue Reading

Pivot Point Blog Template 16

September 27, 2022

NIST Update on HIPAA Security Rule Can Help Your Org Reduce ePHI Risk Exposure

Continue Reading

Pivot Point Blog Template 14

September 19, 2022

OMB Mandates US Federal Agencies to Comply with NIST Guidance on Software Supply Chain Security

Continue Reading

Screen Shot 2022 08 08 at 7.09.45 AM

How Does the NIST Secure Software Development Framework (SSDF) Compare with OWASP SAMM, BSIMM, etc.?

Continue Reading

Screen Shot 2022 08 03 at 11.41.50 PM

What is the Software Development Lifecycle and Why is It Central to Software Security?

Continue Reading

Screen Shot 2022 07 27 at 8.31.55 PM

The Cyberspace Solarium Commission Report and CMMC—How Do They Connect?

Continue Reading

Screen Shot 2022 07 27 at 8.22.35 PM

We Need Public/Private Partnership to Fight the Cyber War We’re In

Continue Reading

Screen Shot 2022 07 27 at 4.48.15 PM

What is the Cyberspace Solarium Commission Report and Why Should I Care?

Continue Reading

Screen Shot 2022 07 21 at 10.05.44 PM

How Does DevOps Impact Your Database Security?

Continue Reading

Screen Shot 2022 07 21 at 9.47.49 PM

How Moving to the Cloud Impacts Your Database Security

Continue Reading

Screen Shot 2022 07 18 at 7.45.58 AM

3 Reasons Why Database Security is Undervalued

Continue Reading

Screen Shot 2022 07 18 at 7.37.02 AM

5 Top Database Risks You Didn’t Know You Had

Continue Reading

Screen Shot 2022 07 18 at 7.31.09 AM

Confronting the Wild West of Database Security

Continue Reading

Screen Shot 2022 07 18 at 7.24.09 AM

The Argument for More Board-Level Cybersecurity Expertise

Continue Reading

Screen Shot 2022 07 14 at 6.36.54 AM

What is “Secure By Default” and How Do We Get There?

Continue Reading

Screen Shot 2022 07 14 at 6.30.17 AM

Looking Beyond Trusted Frameworks to Achieve Robust Cybersecurity

Continue Reading

Screen Shot 2022 07 13 at 6.53.22 AM

Bridging the Gap Between Cybersecurity and the Business World

Continue Reading

Screen Shot 2022 07 08 at 7.09.23 AM

Does Your Cyber Liability Insurance Fit with Your Total Insurance Coverage?

Continue Reading

Screen Shot 2022 07 08 at 7.05.24 AM

3 Top Reasons Why an Attorney Should Review Your Cyber Liability Insurance Policy

Continue Reading

Screen Shot 2022 07 08 at 6.52.02 AM

Are Cyber Liability Insurance Companies (Entirely) to Blame for Today’s Onerous Premiums

Continue Reading

Screen Shot 2022 07 08 at 6.39.33 AM

Why Cyber Liability Insurance Has Become the “Wild West”

Continue Reading

Screen Shot 2022 07 07 at 12.50.10 AM

Legal and Infosec Strategies to Deal with Exploding Cyber Liability Insurance Premiums

Continue Reading

Pivot Point Blog Template 13

September 1, 2022

DIB Orgs: Time is Almost Up for DFARS and NIST 800-171 Compliance

Continue Reading

Screen Shot 2022 08 28 at 3.41.35 PM

August 26, 2022

What is the OWASP Software Assurance Maturity Model (SAMM) and Why Should We (as an Org That Develops Software) Care?

Continue Reading

Screen Shot 2022 08 28 at 3.35.40 PM

August 26, 2022

Applying the OWASP Software Assurance Maturity Model (SAMM) in Your Environment

Continue Reading

Screen Shot 2022 08 28 at 3.28.30 PM

August 30, 2022

OWASP SAMM’s 5 Business Functions Unpacked

Continue Reading

Screen Shot 2022 08 28 at 3.22.37 PM

August 29, 2022

BSIMM and OWASP SAMM Compared

Continue Reading

Screen Shot 2022 08 28 at 3.17.02 PM

August 29, 2022

Using OWASP’s Software Assurance Maturity Model (SAMM) and Application Security Verification Standard (ASVS) Together

Continue Reading

Screen Shot 2022 08 25 at 11.49.11 AM

August 25, 2022

Breaking Down the Latest in Software Security Standards & the Impact on SaaS Businesses

Continue Reading

Screen Shot 2022 08 22 at 9.27.44 AM

August 23, 2022

Top Use Cases for Continuous API Security

Continue Reading

Screen Shot 2022 08 22 at 9.22.54 AM

August 22, 2022

What is Continuous API Scanning and Why Should We (as App Developers) Care?

Continue Reading

Screen Shot 2022 08 22 at 8.11.26 AM

August 22, 2022

What are the Financial Benefits of API-Level Security?

Continue Reading

Screen Shot 2022 08 18 at 8.24.59 PM

August 19, 2022

How Does an API-First Architecture Affect Your App Attack Surface?

Continue Reading

Screen Shot 2022 08 18 at 8.20.16 PM

August 19, 2022

Application Security and API Security are Becoming Synonymous—Are You Ready?

Continue Reading

Screen Shot 2022 08 18 at 12.40.12 PM

August 18, 2022

What You Need to Know about APIs and API Security

Continue Reading

Screen Shot 2022 08 12 at 7.03.26 AM

August 12, 2022

Aligning Security with Business Goals to Create More Value

Continue Reading

Screen Shot 2022 08 11 at 12.21.11 PM

August 12, 2022

The “Value Creation” Side of Return on Security Investment (ROSI) Estimates

Continue Reading

Screen Shot 2022 08 10 at 5.53.05 PM

August 11, 2022

A Risk-Based Approach to Calculating Return on Security Investment (ROSI)

Continue Reading

Screen Shot 2022 08 10 at 5.35.59 PM

August 11, 2022

Return on Security Investment (ROSI): What is It and How Do You Calculate It?

Continue Reading

Screen Shot 2022 08 10 at 5.26.01 PM

August 10, 2022

How to Measure the Value of Information Security

Continue Reading

Screen Shot 2022 08 08 at 7.04.52 AM

What’s the Effort to Align Your Dev with the NIST Secure Software Development Framework (SSDF)?

Continue Reading

Pivot Point Blog Template 12

Making the Most of the CMMC Assessment Guidance from the CyberAB

Continue Reading

Screen Shot 2022 08 03 at 11.54.09 PM

Here’s Why Software Vendors Should Align with the SSDF Whether Mandated or Not

Continue Reading

Screen Shot 2022 08 03 at 11.50.49 PM

Why Does the USG Think We Need the NIST Secure Software Development Framework (SSDF)?

Continue Reading

Screen Shot 2022 08 03 at 11.45.51 PM

What is the NIST Secure Software Software Development Framework and Why Should We (as a Software Vendor) Care?

Continue Reading

Screen Shot 2022 08 03 at 8.52.55 AM

What NIST’s Secure Software Development Framework Means to You

Continue Reading

Screen Shot 2022 07 26 at 8.29.00 AM

US Gov. Cybersecurity Roadmap: Where it came from and Where is it Going?

Continue Reading

Screen Shot 2022 07 27 at 9.18.01 PM

US Government Threat Intelligence Programs: Where Are They Headed?

Continue Reading

Screen Shot 2022 07 27 at 8.37.40 PM

Recent White Papers from the Cyber Solarium Commission—What is Their Purpose?

Continue Reading

Screen Shot 2022 07 27 at 8.44.58 PM

What is the Cyberspace Solarium Commission 2.0 Project and Why Should I (as a US Citizen) Care?

Continue Reading

Screen Shot 2022 07 27 at 5.04.42 PM

What is Continuity of the Economy Planning and Why Should I (as a US Citizen) Care?

Continue Reading

Screen Shot 2022 07 21 at 9.58.07 PM

Your Database Attack Surface is Bigger than You Think

Continue Reading

Screen Shot 2022 07 14 at 6.42.14 AM

The Strategy Behind the Gula Tech Adventures Portfolio

Continue Reading

Screen Shot 2022 07 14 at 6.46.59 AM

Why Philanthropy is Important in Cybersecurity

Continue Reading

Screen Shot 2022 07 14 at 6.24.56 AM

How Do You Know If Your Business is Really Secure?

Continue Reading

Screen Shot 2022 07 11 at 6.17.23 AM

What is a Breach Counselor and Why Do We (as an Org with Cyber Liability Insurance) Care?

Continue Reading

Screen Shot 2022 07 11 at 6.12.44 AM

Do You Know Your Cyber Liability Insurance Obligations?

Continue Reading

Screen Shot 2022 06 30 at 9.59.41 AM

CMMC 2.0: Is Certification Worth the Cost and Risk?

Continue Reading

Screen Shot 2022 06 30 at 9.54.18 AM

CMMC 2.0: Choose Your Registered Provider Organization Carefully

Continue Reading

Screen Shot 2022 06 28 at 7.25.06 AM

CMMC 2.0: DoD Emphasizes “Nothing Has Changed” (So Why Aren’t You Ready?)

Continue Reading

Pivot Point Blog Template 11

CFIUS Cybersecurity Considerations: Here’s What You Need to Know

Continue Reading

Screen Shot 2022 06 27 at 6.59.58 AM

CMMC 2.0: DoD Clarifies Rollout Schedule and More

Continue Reading

Pivot Point Blog Template 10

Benefits of Categorizing NIST 800-171 Requirements as Technical Versus Nontechnical

Continue Reading

Screen Shot 2022 06 24 at 7.22.57 AM

Important Clarifications on CMMC v2 from CMMC Day May 9, 2022

Continue Reading

Screen Shot 2022 06 16 at 5.09.25 PM

What Really Drives Innovation in Cybersecurity?

Continue Reading

Screen Shot 2022 06 16 at 5.01.59 PM

Are We More or Less Secure than 20 Years Ago?

Continue Reading

Screen Shot 2022 06 15 at 8.53.16 PM

Investors are Targeting These Emerging Cybersecurity Areas

Continue Reading

Screen Shot 2022 06 15 at 8.23.15 PM

3 Different Types of Private Equity Firms Explained

Continue Reading

Screen Shot 2022 06 14 at 12.28.24 AM

5 Top Criteria for Venture Capitalists Evaluating Tech Companies

Continue Reading

Screen Shot 2022 06 14 at 12.22.37 AM

The Past, Present and Future of Cybersecurity From the Viewpoint of a Venture Capitalist

Continue Reading

Pivot Point Blog Template

What is OWASP SAMM and Why Should We (as an Org that Develops Software) Care?

Continue Reading

Screen Shot 2022 06 07 at 10.02.27 AM

How Attack Surface Management Calculates Attack Paths

Continue Reading

Screen Shot 2022 06 07 at 9.57.11 AM

How Does Attack Surface Management Connect with Patch Management?

Continue Reading

Screen Shot 2022 06 06 at 2.42.15 PM

Top Scenarios for Implementing Attack Surface Management

Continue Reading

Screen Shot 2022 06 06 at 2.24.44 PM

NopSec’s Vision for Attack Surface Management

Continue Reading

Screen Shot 2022 06 03 at 7.02.25 AM

Attack Surface Management: Should It Cover Configuration Management?

Continue Reading

Screen Shot 2022 06 03 at 6.56.17 AM

What is Attack Surface Management and Why Should We (as an Org with Vulnerabilities) Care?

Continue Reading

Screen Shot 2022 06 02 at 11.09.36 PM

Understanding Attack Surface Management

Continue Reading

Pivot Point Blog Template 8

Protecting CUI Nonfederal Organizations

Continue Reading

Heres What State of the Art Entryway Security Looks Like

Here’s What State-of-the-Art Entryway Security Looks Like

Continue Reading

Screen Shot 2022 05 26 at 12.52.34 PM

Does My Business Need Better Entryway Security?

Continue Reading

Picture1 2

Why Physical Security and Cybersecurity are Converging

Continue Reading

Picture1 1

The Convergence of Physical & Cybersecurity

Continue Reading

CMMC 2.0 Level 3 Certification Whats Up with That for MSPsMSSPs

CMMC 2.0 Level 3 Certification: What’s Up with That for MSPs/MSSPs?

Continue Reading

MSPsMSSPs Heres the Latest CMMCNIST 800 171 Compliance Timeline

MSPs/MSSPs: Here’s the Latest CMMC/NIST 800-171 Compliance Timeline

Continue Reading

Why MSPsMSSPs Should Develop a Shared Responsibility Matrix

Why MSPs/MSSPs Should Develop a Shared Responsibility Matrix

Continue Reading

When is an MSPMSSP a CSP for CUI Protection Purposes

When is an MSP/MSSP a CSP for CUI Protection Purposes?

Continue Reading

MSPsMSSPs Are You Subject to Flowdown CUI Protection Requirements

MSPs/MSSPs: Are You Subject to “Flowdown” CUI Protection Requirements?

Continue Reading

Pivot Point Blog Template 7

CMMC Compliance for MSPs/MSSPs: Taking a “Cross-Client” Approach

Continue Reading

CMMC Compliance for MSPsMSSPs 3 Shared Responsibility Angles 1 1

CMMC Compliance for MSPs/MSSPs: 3 Shared Responsibility Angles

Continue Reading

Pivot Point Blog Template 5

What New CMMC Guidance Means for MSPs and MSSPs

Continue Reading

Got Hardcopy CUI? NIST SP 800-171 Requirements Apply.

Continue Reading

Step #8 to Retaining Security Talent: Win-Win Communication

Continue Reading

Step #7 to Retaining Security Talent: Make Career Promotion Criteria Outlined & Transparent

Continue Reading

Step #6 to Retaining Security Talent: Roles & Responsibilities are Clearly Defined & Measured

Continue Reading

Step #5 to Retaining Security Talent: Consistent Management Training

Continue Reading

Step #4 to Retaining Security Talent: Kindness-Only Culture

Continue Reading

Step #3 to Retaining Security Talent: Self-Care Culture

Continue Reading

Step #2 to Retaining Security Talent: Positive Attitude Culture

Continue Reading

Step #1 to Retaining Security Talent: Emotionally Intelligent Managers

Continue Reading

8 Ingredients for Baking Inclusivity into Your Culture

Continue Reading

SEC Proposes New Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure

Continue Reading

The NIST Cybersecurity Framework Helps Business and Technical Leaders Communicate About Security

Continue Reading

Cloud Controls Matrix

Continue Reading

Local Storage Versus Cookies: Which to Use to Securely Store Session Tokens

Continue Reading

How Panther Helps Get You Real-Time Access to Arbitrary Security Data

Continue Reading

Comparing the Cost of “SIEM”: How Much and Time-to-Value

Continue Reading

Get Proactive with Real-Time Streaming Security Analytics

Continue Reading

Big Data, Snowflake and the Reinvention of SIEM

Continue Reading

“The State of SIEM” and Why the Security Industry Needs to Move On

Continue Reading

What is “Serverless SIEM” and Why Should We (as an Org Trying to Detect Cyber Threats) Care?

Continue Reading

Becoming More Efficient w/ a Cloud-Native Approach to Data Security

Continue Reading

February 2, 2022

3 Top Ways to Incorporate NIST 800-171 into Your ISO 27001 or SOC 2 Program

Continue Reading

February 2, 2022

4 Key Responses to New US Government Cybersecurity Regulations

Continue Reading

February 2, 2022

CISA, Critical Infrastructure and CUI: 3 New Drivers for the Future of Your ISO 27001 or SOC 2 Cybersecurity Program

Continue Reading

February 2, 2022

A Brief History of Recent US Government Cybersecurity Guidance and Why You Should Care—Even If You Don’t Do Business with the USG

Continue Reading

December 3, 2021

Are SaaS Customers a Bigger Business Risk to their Vendors than Vice Versa?

Continue Reading

December 3, 2021

4 Top Things Your SaaS Vendors Should Be Doing to Prove They’re Secure

Continue Reading

December 3, 2021

AI-Based Threat Detection for SaaS Applications: “Suspenders to Backup Your Belt”

Continue Reading

December 3, 2021

Customer Managed Encryption Keys: With Great Power Comes Great Responsibility

Continue Reading

December 3, 2021

The Cloud Security “Shared Responsibility” Model is Evolving

Continue Reading

December 3, 2021

Here’s Why Cloud-Based Solutions are Now More Secure than On-Prem

Continue Reading

Using the CSA STAR Program for Procurement

Continue Reading

How the Cloud Security Alliance Addresses Privacy

Continue Reading

What is the CSA Cloud Controls Matrix and Why Should Everyone on the Cloud Care?

Continue Reading

What is the Cloud Security Alliance and Why Should I (as Someone Selling or Buying Cloud Services) Care?

Continue Reading

Essential Cloud Security & Compliance Tips from CSA

Continue Reading

CMMC 2.0: What’s Ahead for the DIB?

Continue Reading

Why is Management Buy-In a Challenge for CMMC Compliance?

Continue Reading

Dib Orgs: Here’s How to Apply the CMMC Scoping Guide to OT Assets

Continue Reading

Dib Orgs: Why is Asset Management a Challenge?

Continue Reading

Dib Orgs: What to Do If You Don’t Think You Have CUI

Continue Reading

CMMC 2.0 Scoping

Continue Reading

3 Reasons Why It’s So Hard to Identify CUI

Continue Reading

3 Top Challenges with CMMC 2.0

Continue Reading

Ongoing Challenges with CMMC

Continue Reading

CMMC 2.0 Rulemaking: What are the Implications for Government Contractors Outside the DIB?

Continue Reading

Fleet Device Management: Future Plans

Continue Reading

How Malware Spreads

Continue Reading

Using Fleet’s Policy Feature for Configuration Management

Continue Reading

Open Source Device Management—Can It Improve Your Vulnerability Management?

Continue Reading

Open Source Device Management—Is It Right for Your Use Cases?

Continue Reading

Open Source Device Management—It’s All About Transparency and Flexibility

Continue Reading

Is Open Source the Future of Endpoint Security

Continue Reading

IoT Device Security: What to Look for from Vendors

Continue Reading

IoT Security Guidance: What is Its Real-World Value?

Continue Reading

Remotely Hacking IoT Devices: Here’s How It’s Done

Continue Reading

“AWS for Security” — A One-Stop Shop in the Making?

Continue Reading

A Hardware Hacker’s Top Tips for Building Secure IoT Devices

Continue Reading

“AWS for Security” — Can It Also Support Compliance?

Continue Reading

The New NIST Secure Software Development Framework: Why It’s So Important for the USG Supply Chain

Continue Reading

“AWS for Security”—Can It Reduce Your Security Software Costs?

Continue Reading

OK, So… What’s an IoT Device?

Continue Reading

Are You Ready for “AWS for Security”?

Continue Reading

The “AWS Approach” to Provable Security

Continue Reading

The New ISO 27002:2022—What Does It Mean for Your ISO 27001 ISMS?

Continue Reading

The Value of Attributes in the New ISO 27002:2022

Continue Reading

The OMB’s Final Zero Trust Strategy: 8 Key Takeaways

Continue Reading

The New ISO 27002:2022—What’s New with the Controls?

Continue Reading

The New ISO 27002:2022—What are “Themes” and Why are They Cool?

Continue Reading

The New ISO 27002:2022 — How Was It Developed?

Continue Reading

What Does the New ISO 27002 Update Mean for You?

Continue Reading

DIB Orgs: Can You Identify CUI?

Continue Reading

DIB Orgs: Your SPRS Score, System Security Plan and POAMs Had Better Be for Real

Continue Reading

Continuous Compliance: What Are the Business Benefits?

Continue Reading

Continuous Compliance for DIB Orgs: What Are Some Examples?

Continue Reading

3 Inescapable Reasons Why DIB Orgs are Now Reliant on Their Compliance Programs

Continue Reading

CMMC 2.0 Compliance—What Will It Look Like at Level 1 or Level 2?

Continue Reading

Microsoft Just Endorsed ISO 27001 (and ISO 27701) Over SOC 2! Here’s What It Means to You

Continue Reading

CMMC 2.0 Compliance—Here’s What to Focus on Now

Continue Reading

Continuous Compliance—What is It and Why Should You (as a DIB Org) Care?

Continue Reading

John Verry’s 2022 InfoSec Prediction #8: CSPs Up Their Security Game

Continue Reading

John Verry’s 2022 InfoSec Prediction #7: Software Security Goes Mainstream

Continue Reading

John Verry’s 2022 InfoSec Prediction #6: Companies Will Look to Shorten Their Vendors Lists

Continue Reading

John Verry’s 2022 InfoSec Prediction #5: “Our Compliance Officer” and/or “Our GRC Platform” Enter Your Lexicon

Continue Reading

John Verry’s 2022 InfoSec Prediction #4: The Use of Fractional/Virtual CISOs Will Continue to Grow Rapidly

Continue Reading

John Verry’s 2022 InfoSec Prediction #3: Supply Chain Risk Management Will Continue to Grow in Importance

Continue Reading

John Verry’s 2022 InfoSec Prediction #2: Cyber Liability Insurance Premiums and Due Diligence Will Increase Significantly

Continue Reading

John Verry’s 2022 InfoSec Prediction #1: Zero Trust Moves from Buzzword to Reality

Continue Reading

New False Claims Act Initiative Could Increase Federal Contractors’ Cyber Compliance Risk

Continue Reading

It’s Hard to Spell Security with API (Translation: You Need an AppSec Strategy)

Continue Reading

CMMC 2.0 and NIST 800-171—Pressure from Primes Could Accelerate Compliance Timeframes

Continue Reading

John Verry’s 2022 InfoSec Predictions: Challenges & Responses

Continue Reading

2021 Cyber Incident Year in Review

Continue Reading

February 2, 2022

Can Attack Surface Management Help with Incident Response?

Continue Reading

February 1, 2022

Can Attack Surface Management Help with Vulnerability Assessment?

Continue Reading

January 31, 2022

How Attack Surface Management Can Help Reduce Supply Chain Security Risks

Continue Reading

January 27, 2022

How I Got root on a Thermostat

Continue Reading

January 25, 2022

Are You Ready for the New ISO 27001:2022?

Continue Reading

January 24, 2022

How (Not) to Perfect Your ISO 27001 Information Security Management System in Only 3 Years

Continue Reading

January 21, 2022

New Senate Bill Proposes Multiple Changes to FedRAMP Program

Continue Reading

January 17, 2022

All Federal Contractors are Already Subject to NIST 800-171 Requirements—Not Just the DIB

Continue Reading

January 10, 2022

Attack Surface Management with RiskIQ’s PassiveTotal Platform

Continue Reading

January 6, 2022

Attack Surface Management: Dark Web Deep-Dives and More

Continue Reading

January 4, 2022

What is Attack Surface Management and Why Should We (as an Organization at Risk of Cyberattack) Care?

Continue Reading

January 3, 2022

Cybersecurity Impacts of COVID-19: 2022 Update

Continue Reading

December 21, 2021

10 Top CMMC Assessment Checklist Resources

Continue Reading

December 22, 2021

‘Twas the Night after Christmas, and the Hackers were Stirring…

Continue Reading

December 17, 2021

Web Application Attacks are Skyrocketing—Don’t Get Caught in the Crossfire

Continue Reading

December 14, 2021

Go easy on the cookies this holiday season: Stay safe by avoiding unwanted browser cookies!

Continue Reading

December 13, 2021

Severe Log4j 2 Vulnerability Puts Huge Swath of Enterprise and SaaS Apps at Grave Risk

Continue Reading

December 10, 2021

Skills SMBs Should Look for in a Privacy Lead

Continue Reading

December 9, 2021

Why the Latest Raspberry Pi CVE is (Almost) Completely Bogus

Continue Reading

December 7, 2021

We Need to Comply with GDPR. Should We Get ISO 27701 Certified?

Continue Reading

December 8, 2021

‘Tis the Season to Be Hacked—Don’t Let It Happen to Your Business

Continue Reading

December 6, 2021

We Need ISO 27001 and GDPR/CCPA Compliance. Should We Do ISO 27701 Concurrently?

Continue Reading

December 3, 2021

4 Essential Steps to Privacy Compliance

Continue Reading

December 2, 2021

Privacy Laws Can Be a Matter of Life and Death

Continue Reading

December 1, 2021

Why Cybersecurity and Privacy Should Be Viewed as Two Entirely Separate Disciplines

Continue Reading

November 30, 2021

Cyber Standards to Protect CUI are Coming for All US Government Suppliers

Continue Reading

November 26, 2021

CMMC 2.0 and NIST 800-171—Pressure from Primes Could Accelerate Compliance Timeframes

Continue Reading

November 19, 2021

95% of Board Members Say Information Security Strategy is Now Critical

Continue Reading

November 18, 2021

Trusted Information and Its Role in Validating Your Information Security Program

Continue Reading

November 22, 2021

Getting to a Trusted Information Security Ecosystem

Continue Reading

November 17, 2021

GCC High and Gap Assessments!

Continue Reading

November 16, 2021

CMMC 2.0 and the False Claims Act—Be Careful What You Sign!

Continue Reading

November 15, 2021

CMMC 2.0: What’s New and What’s Not for Orgs Handling CUI?

Continue Reading

November 12, 2021

CMMC 2.0: What’s New and What’s Not at “Level 1” (FCI Only)?

Continue Reading

November 8, 2021

Operationalizing Your Information Security Strategy

Continue Reading

November 10, 2021

What is the NIST SP 800-218 (Draft) “Secure Software Development Framework” and Why Should We (as an Org Selling Software to the USG) Care?

Continue Reading

November 5, 2021

CMMC Piloting Efforts Suspended… Frustrating But Not Surprising (and Optimistic for “CMMC 2.0”)

Continue Reading

November 2, 2021

Got an Information Security Strategy? Here’s How to Get Started.

Continue Reading

November 1, 2021

Why a Trusted Framework Should Be Part of Your Information Security Strategy

Continue Reading

October 29, 2021

What is an Information Security Strategy and Why Do We Need One?

Continue Reading

October 27, 2021

5 Pillars of “Continuous Controls Monitoring” in DevOps Environments

Continue Reading

October 26, 2021

Will External Auditors Accelerate the Move to New Compliance Models?

Continue Reading

October 28, 2021

8 Trillion Reasons Why CMMC Matters to You (Even if You’re Not in the Defense Supply Chain)

Continue Reading

October 21, 2021

What Does the Future of Compliance in a CI/CD Pipeline Look Like?

Continue Reading

October 20, 2021

We Need a New Compliance Model for the DevOps Era

Continue Reading

October 19, 2021

What the New ISO 27001:2021 Release Will Mean to You

Continue Reading

October 13, 2021

Don’t “Over-Commit and Under-Deliver” on Your ISO 27001 Controls

Continue Reading

October 12, 2021

ISO 27001 Top Tip: Focus on Process, Not Controls

Continue Reading

October 11, 2021

Think Beyond ISO 27001 Certification While You’re Prepping for It

Continue Reading

October 6, 2021

Don’t Rush Your ISO 27001 Certification

Continue Reading

October 7, 2021

Why the DOD’s Review of CMMC Will Mean More to C3PAOs Than It Will to DIB Contractors

Continue Reading

October 5, 2021

ISO 27001 Doesn’t Require as Much Documentation as You Think

Continue Reading

October 4, 2021

Senior Management Can’t Just “Rubber Stamp” ISO 27001 Certification

Continue Reading

October 1, 2021

Don’t Assume Your IT Staff Will “Handle” ISO 27001 Certification

Continue Reading

September 30, 2021

ISO 27001 Doesn’t Tell You How to Implement Controls – Your Scope and Risk Do

Continue Reading

September 28, 2021

You Don’t Define Your ISO 27001 Scope – Your Information Does

Continue Reading

September 29, 2021

Do You Need a Score in SPRS to Be DFARS 7012 Compliant?

Continue Reading

September 27, 2021

ISO 27001 Certification Shouldn’t Start with a Gap Assessment

Continue Reading

September 24, 2021

This is Why Your Information Security Advisor Should Be Focused on Strategy, Not Tactics/Products

Continue Reading

September 23, 2021

Here’s How to Fix Your Cybersecurity Program

Continue Reading

September 22, 2021

Why Products are the Least Important Element of Your Cybersecurity Program

Continue Reading

September 21, 2021

Pivot Point Security in a Nutshell

Continue Reading

September 20, 2021

Step 2 to “Provably Secure and Compliant” – Execute on Your Vision

Continue Reading

September 16, 2021

3 Things Every SMB Needs to Become “Provably Secure and Compliant”

Continue Reading

September 17, 2021

Step 1 to “Provably Secure and Compliant” – Establish Your Vision

Continue Reading

September 15, 2021

Sharing is not always caring: Back to Work, Back to School? Protect Your Devices with These Golden Rules!

Continue Reading

September 14, 2021

The Cyber Executive Order: What Does the “SolarWinds Section” Mean for Software Vendors and Their Federal Customers?

Continue Reading

September 13, 2021

The Cyber Executive Order: 5 Coming Changes for Federal Agencies

Continue Reading

September 10, 2021

The Cyber Executive Order: What Does It Say about Zero Trust?

Continue Reading

September 9, 2021

The Cyber Executive Order: Will It Bring New Regulations for Critical Infrastructure?

Continue Reading

September 8, 2021

The Cyber Executive Order: What is the “Tone from the Top”?

Continue Reading

September 7, 2021

Password Screening Services: How Much Risk Can They Eliminate?

Continue Reading

September 3, 2021

Best-Practice Password Policy and the Research Behind It

Continue Reading

September 2, 2021

Password Attack! Here’s Why You Want to Prevent Account Takeovers

Continue Reading

September 1, 2021

You Don’t Need to be CMMC Compliant, You Need to Be DFARS Compliant (A Kardashian Parable)

Continue Reading

August 31, 2021

What is BreachSense and Why Do We (as an Org with Password Risk) Care?

Continue Reading

August 27, 2021

Is Information Security an Oxymoron without Information Governance?

Continue Reading

August 30, 2021

When Will Information Governance “Come of Age”?

Continue Reading

August 26, 2021

Information Governance is a Business Enabler

Continue Reading

August 24, 2021

Here’s Why Companies Struggle to Delete Data

Continue Reading

August 23, 2021

How Privacy is Driving the Need for Information Governance

Continue Reading

August 20, 2021

Information Governance and Information Security: How Do They Connect?

Continue Reading

August 19, 2021

What is Information Governance and Why Do We (as an Org with PII) Care?

Continue Reading

August 18, 2021

We Passed Our CMMC/NIST 800-171 Assessment! Now What?

Continue Reading

August 17, 2021

What Happens If You Fail Your CMMC/DIBCAC Assessment?

Continue Reading

August 16, 2021

Your CMMC/DIBCAC Assessment – What If You Disagree with an Assessor?

Continue Reading

August 25, 2021

Using Python and Machine Learning to Predict Cyber Attacks: A Summer Intern’s Story

Continue Reading

August 13, 2021

CMMC/DIBCAC Assessment: Let’s Walk Through the Audit Process

Continue Reading

August 12, 2021

CMMC/DIBCAC Assessment: Here’s What to Expect at Your Kickoff Meeting

Continue Reading

August 11, 2021

What Evidence Will CMMC or NIST 800-171 Assessors Ask For?

Continue Reading

August 10, 2021

5 Top Prep Steps for Your CMMC or NIST 800-171 Assessment

Continue Reading

IoT Devices: The Lord Giveth and He Taketh Away

Continue Reading