-
Knowledge Base
Provides information to learn and understand about information security
Knowledge Base Posts
Cybersecurity Needs Football Practice
The Fundamentals of Football and Cybersecurity: A Playbook for Success Cybersecurity Could Use Football Practice In the world of football, victory is achieved through meticulous planning, discipline, and teamwork. The same principles apply to cybersecurity. At first glance, these two fields might seem worlds apart, but a closer look...
PCI DSSv4.0
Payment Card Industry (PCI) Updated Regulation for PCI DSSv4.0 What is PCI DSS? The PCI Security Standards Council (PCI SSC) serves as a worldwide platform where stakeholders in the payments industry collaborate to establish and promote data security standards and resources, ensuring secure payments on a global scale. Their...
California Privacy Rights Act (CPRA)
California Privacy Rights Act (CPRA) CPRA The California Privacy Rights Act (CPRA) is a ballot measure approved by voters in November 2020. Who is a ‘consumer’? A consumer is natural person who is a California resident, as defined in the state’s tax regulations. What rights do consumers have? The...
California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA) CCPA The California Consumer Privacy Act (CCPA) is a state-wide data privacy law that regulates how businesses all over the world are allowed to handle the personal information (PI) of California residents (“Consumers”). It is a law that gives consumers more control over the...
GDPR
General Data Protection Regulation (GDPR) GDPR The General Data Protection Regulation (GDPR) was passed by European Parliament in 2016 to establish data privacy and security standards for EU citizens. It is driven by fundamental privacy rights derived from the 1950 European Convention on Human Rights and introduces specific penalties;...
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA HIPAA The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was designed for healthcare organizations to safeguard the privacy of electronic health information and was later supported by a Privacy Rule and a Security Rule. HHS published a final Privacy Rule in December 2000, which was later modified in...
SOC2 Compliance
SOC2 Certification SOC2 Certification Service Organization Control (SOC) is a trust-based cybersecurity framework and auditing standard designed by the American Institute of Certified Public Accountants (AICPA) to demonstrate a service provider’s operational controls. The Trust Services Criteria are grouped across the following: Security Availability Processing Integrity Confidentiality Privacy Who...
NIST 800-53
NIST 800-53 NIST 800-53 The National Institute of Standards and Technology (NIST) special publication 800-53 rev 5, Security and Privacy Controls for Information Systems and Organizations, is the latest version of security and privacy controls that can be used to manage risk for organizations of any sector and size,...
ISO 27001 / ISO 27002 Information Security Framework
ISO 27001 / 27002 Information Security Framework ISO 27001 / 27002 Information Security Framework The International Organization for Standardization (ISO) created a standard for Information Security that is the basis for certifications to demonstrate effective cybersecurity programs for internal and external stakeholders. ISO27001:2022 is the latest iteration of the...
CMMC v2.0 (NIST 800-171)
CMMC v2.0 (NIST 800-171) CMMC v2.0 (NIST 800-171) The Defense Federal Acquisition Regulation (DFARS) established a rule to implement a Cybersecurity Maturity Model Certification (CMMC) framework to assess contractor implementation of cybersecurity requirements to protect specific data types within the DoD supply chain. CMMC Model 2.0 is currently within...
Common Cybersecurity Frameworks Overview
Cybersecurity Framework Overview List of the most common cybersecurity frameworks Cybersecurity Framework Overview A cybersecurity framework provides a set of standard requirements for IT and security leaders to align their programs with to demonstrate a consistent way to establish, operate and measure security risk. The cybersecurity frameworks align to...
GRC and Program Management Tools
Governance, Risk, and Compliance GRC and the technologies that support it Governance, Risk, and Compliance (GRC) Management and Supporting Technologies The growing market for technology to support security programs is creating a more complex situation for many of our clients to navigate. Part of this is due to the...