Sitemap

How Much Do Vendor Due Diligence Reviews Cost?

  Managing vendor risk isn’t easy. Often it’s time-consuming and expensive, and diverts scarce resources from other critical tasks. As a result, many companies have ad hoc, inconsistent or weak vendor due diligence programs. Outsourcing vendor due diligence...

How Much Does a Standardized Control Assessment (SCA) Cost?

  Critical vendors like cloud service providers and payroll processors can expose a business to massive cybersecurity risk. Understanding the risk that critical vendors present and how best to address it—including finding a more secure vendor, renegotiating a...

IoT Security Assessment Costs

New regulations like California State Bill 327 (SB 327) plus pressure from customers and ecosystem partners make cybersecurity assessment a business-critical requirement for many Internet of Things (IoT) device manufacturers. With expert guidance and a proven process...

Looking to Capitalize or Sell Your SaaS Business? Get Out in Front of Data Privacy Issues Now

  One of the biggest factors impacting how venture capital and private equity funds view a target company is whether it has the right information security and data privacy infrastructure and processes in place to support strong growth and minimize investor risk....

The Role of “Top Management” in Your ISO 27001 ISMS

  The ISO 27001 standard makes it clear that top management involvement and direction is central to the effectiveness of an information security management system (ISMS). But who is “top management” and what should they be doing to “grow” and mature the ISMS? In...

Exostar Certification Assistant Simplifies CMMC Certification

Achieving NIST 800-171 compliance has been a significant challenge for many contractors in the US Defense Industrial Base (DIB). The coexistence of NIST 800-171 with the new Cybersecurity Maturity Model Certification (CMMC) makes cybersecurity compliance even more...

How Deep Will an Auditor Dive into Your ISO 27001 ISMS?

  If you’re facing your initial ISO 27001 certification audit, you’re probably wondering what the process will look like. How deep a dive is the auditor likely to take into your technical controls? Will s/he focus on control design? What about evidence of...

Upping the Due Diligence with Your ISO 27001 Certified Vendors

  Getting an ISO 27001 certificate from a vendor is an overarching statement that, yes, they have an information security management system (ISMS) that meets the requirements of the ISO 27001 standard. But what is the scope of that certified ISMS? And what is...

The “Huge Value” of Consolidating Your Cybersecurity Audits

  Many organizations seeking ISO 27001 certification face other cybersecurity compliance audits as well, like SOC 2, ISO 27701, HITRUST, FedRAMP and/or CMMC. If that applies to your company, consider the benefits of consolidating your cybersecurity audits so they...

3 Ways a SaaS Solution Will Help You Achieve and Maintain CMMC Compliance

  For the many companies within the US Defense Industrial Base (DIB) that don’t yet have a cybersecurity program in place, compliance with the US Department of Defense (DoD)’s new Cybersecurity Maturity Model Certification (CMMC) framework might be a big...