The National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) outlines the five elements of an organization’s cybersecurity strategy. These five elements include identification, protection, detection, response, and recovery.

Sufficient encryption complexities remain a compliance necessity for nearly all companies that store, process, or transmit credit card data and payment information. These encryption regulations are established by the Payment…

In September 2011, The National Institute for Standard and Technology (NIST) created Special Publication (SP) 500-292, “NIST Cloud Computing Reference Architecture,” to establish a baseline cloud computing architecture. NIST SP…

Privacy by design (PbD) is a preventative approach to data privacy protection developed by Dr. Ann Cavoukian in the 1990s. Its initial purpose was to develop a robust, scalable model…

The American Institute of Certified Public Accountants (AICPA) oversees several certification programs for service organizations, including those for software-as-a-service (SaaS) providers. If clients are uncertain about the SaaS company’s security…

Data centers store and share companies’ information—this includes any sensitive data that could cause damage to the company if they were breached. As such, it’s a critical area companies must…

Companies that store, process, or transmit credit card data must comply with the Payment Card Industry (PCI) Data Security Standards (DSS). However, implementing the required controls and reporting on them…

The fields of business continuity and disaster recovery, sometimes combined into a unified business continuity & disaster recovery program, represent different but complementary parts of incident response management. These strategies…

Service organizations seek out SOC reports to prove to current and future clients that any data trusted with the service organization is safe. SOC 2 reports, in particular, provide insights…

Cyberdefense programs need to develop methods for ensuring security across their endpoints, such as individual computers and smart devices. One impactful approach is patch management, the practice of scanning for…