Sitemap | Pivot Point Security
1-888-PIVOT-POINT | 1-888-748-6876 info@pivotpointsecurity.com
Talk with an Expert »
Select Page
GDPR & Privacy Shield - What They Mean for Your Business

Sitemap

As IoT Devices Multiply Like Rabbits, Hackers Move in for the Kill

The latest security research confirms across the board what we see in our practice and in the news: weak Internet of Things (IoT) security is creating more vulnerabilities and greater risk than ever. And with devices proliferating and hackers targeting them...

Collection 1 Breach – Why You Need Password Management (and 2FA)

Even this era of near-daily data breach headlines, the Collection 1 trove gives one pause. What is being called the largest public breach ever is apparently just the tip of a gargantuan, 4TB iceberg of unique emails and passwords, all available to hackers worldwide at...

When and How to Hire a vCISO

Is a virtual Chief Information Security Officers (vCISO) relationship right for your business? As an experienced vCISO currently serving several clients, these are some of the best reasons my colleagues and I see for “when” it makes sense to hire a vCISO: To meet...

Why Outsourcing Information Security is an Advantage for Most Organizations

In-source or out-source? … This is a big decision for so many of our clients and prospects. The question most organizations are asking is, “Should we hire a (or another) full-time information security expert, or hire a fractional expert—and how should we decide?” We...

What the SOC 2 Changes Mean for Businesses Seeking an InfoSec Attestation

The new SOC 2 Trust Services Criteria (TSC), which the AICPA updated back in April 2017, are now required for SOC 2 reports as of December 15, 2018. These updates reflect the biggest change to the SOC 2 criteria to date. Key Changes New "buckets" parallel ISO 27001 –...

Why Your Company Should Consider a Privacy Impact Assessment (PIA)

Organizations that deal with personally identifiable information (PII) are increasingly aware of new privacy regulations like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA). But for those that are not yet directly...

vCISO vs. “Traditional” CISO – 3 Reasons a Virtual Chief InfoSec Officer Might be Better

A vCISO (virtual chief information security officer) offers all the benefits of an in-house security leader but puts more resources at your disposal. A CISO as-a-service program (aka a “virtual CISO”) may be exactly what your organization needs to reduce...

You are Missing the Most Important Security Awareness Training Module…

Lots of companies offer good Security Awareness Training, including KnowBe4, Wombat, eLearning, MediaPro, SANS, and Pivot Point Security (I saved the best for last :>)). They all offer important modules that you should include in your training (phishing, social...

I Was Wrong about Risk Assessments—and You Probably Are as Well

Einstein once said, “The more I learn, the more I realize how much I don't know.” Unfortunately, I have come to that realization not just once, but about 758 times.  As I was reviewing/tuning our company’s Risk Assessment in preparation for our ISO 27001...

How to Securely Implement Cross-Origin Resource Sharing (CORS)

In recent web application assessments, I’ve found a number of client applications that have cross-origin resource sharing (CORS) vulnerabilities—which I flagged as Critical because they left the application wide open to a range of potentially very damaging attacks....