• Knowledge Base

    Provides information to learn and understand about information security

Knowledge Base Posts


Payment Card Industry (PCI) Updated Regulation for PCI DSSv4.0 What is PCI DSS? The PCI Security Standards Council (PCI SSC) serves as a worldwide platform where stakeholders in the payments industry collaborate to establish and promote data security standards and resources, ensuring secure payments on a global scale.  Their...

Read More

California Privacy Rights Act (CPRA)

California Privacy Rights Act (CPRA) CPRA The California Privacy Rights Act (CPRA) is a ballot measure approved by voters in November 2020. Who is a ‘consumer’? A consumer is natural person who is a California resident, as defined in the state’s tax regulations. What rights do consumers have? The...

Read More

California Consumer Privacy Act (CCPA)

California Consumer Privacy Act (CCPA) CCPA The California Consumer Privacy Act (CCPA) is a state-wide data privacy law that regulates how businesses all over the world are allowed to handle the personal information (PI) of California residents (“Consumers”). It is a law that gives consumers more control over the...

Read More


General Data Protection Regulation (GDPR) GDPR The General Data Protection Regulation (GDPR) was passed by European Parliament in 2016 to establish data privacy and security standards for EU citizens. It is driven by fundamental privacy rights derived from the 1950 European Convention on Human Rights and introduces specific penalties;...

Read More

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA HIPAA The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was designed for healthcare organizations to safeguard the privacy of electronic health information and was later supported by a Privacy Rule and a Security Rule. HHS published a final Privacy Rule in December 2000, which was later modified in...

Read More

SOC2 Compliance

SOC2 Certification SOC2 Certification Service Organization Control (SOC) is a trust-based cybersecurity framework and auditing standard designed by the American Institute of Certified Public Accountants (AICPA) to demonstrate a service provider’s operational controls. The Trust Services Criteria are grouped across the following: Security Availability Processing Integrity Confidentiality Privacy Who...

Read More

NIST 800-53

NIST 800-53 NIST 800-53 The National Institute of Standards and Technology (NIST) special publication 800-53 rev 5, Security and Privacy Controls for Information Systems and Organizations, is the latest version of security and privacy controls that can be used to manage risk for organizations of any sector and size,...

Read More

ISO 27001 / ISO 27002 Information Security Framework

ISO 27001 / 27002 Information Security Framework ISO 27001 / 27002 Information Security Framework The International Organization for Standardization (ISO) created a standard for Information Security that is the basis for certifications to demonstrate effective cybersecurity programs for internal and external stakeholders. ISO27001:2022 is the latest iteration of the...

Read More

CMMC v2.0 (NIST 800-171)

CMMC v2.0 (NIST 800-171) CMMC v2.0 (NIST 800-171) The Defense Federal Acquisition Regulation (DFARS) established a rule to implement a Cybersecurity Maturity Model Certification (CMMC) framework to assess contractor implementation of cybersecurity requirements to protect specific data types within the DoD supply chain. CMMC Model 2.0 is currently within...

Read More

Common Cybersecurity Frameworks Overview

Cybersecurity Framework Overview List of the most common cybersecurity frameworks Cybersecurity Framework Overview A cybersecurity framework provides a set of standard requirements for IT and security leaders to align their programs with to demonstrate a consistent way to establish, operate and measure security risk. The cybersecurity frameworks align to...

Read More

GRC and Program Management Tools

Governance, Risk, and Compliance GRC and the technologies that support it Governance, Risk, and Compliance (GRC) Management and Supporting Technologies The growing market for technology to support security programs is creating a more complex situation for many of our clients to navigate. Part of this is due to the...

Read More

NIST Cybersecurity Framework CSF

NIST Cybersecurity Framework (CSF) NIST Cybersecurity Framework (CSF) The NIST (National Institute of Standards and Technology) Cybersecurity Framework (CSF) was established as a result of an executive order by former President Obama to improve critical infrastructure cybersecurity through partnership and collaboration. Compliance to this standard is voluntary but this...

Read More
Scroll to top