RSI Security

Blog

  • The Cloud vs. SaaS: a Complete Guide

    The Cloud vs. SaaS: a Complete Guide

    Famed astrophysicist Carl Sagan once observed that “We live in a society exquisitely dependent on science and technology, in which hardly anyone knows anything about science and technology.” This is probably more true now than it was back then.

    “The Cloud”. It sounds like some mystical place: Somewhere out there, but it’s really just another term for the internet. The cloud is the umbrella under which Software-as-a-Service (SaaS), Infrastructure-as-a-Service(IaaS), Voice-over-internet- Protocol(VOIP), eCommerce, eMail, web sites, and pretty much everything on the internet resides.

    (more…)

  • Enterprise Information Security Architecture: What You Need To Know

    Enterprise Information Security Architecture: What You Need To Know

    Developing a high-level information security (InfoSec) infrastructure for your organization takes plenty of time and manpower.  If you’re not devoting the appropriate efforts to securing your network data, it will most likely be compromised in some way shape or form.  It is for this reason why building and nurturing an Enterprise Information Security Architecture (EISA) from idea to creation.

    Developing an EISA is more than just developing a checklist though.  It’s an undertaking that requires planning exercises that help key InfoSec team members the ability to thoughtfully define system data and protect it with robust diligence.  Let’s review what does EISA stand for, how it can be utilized in your organization, and how this dynamic set of planning and design activities can benefit the other cyber security solutions in your company.

    (more…)

  • How to Become DFARS Compliant

    How to Become DFARS Compliant

    Years ago, governments defended themselves through espionage and military engagement. Today, there are still plenty of both. However, the form they’ve taken has changed drastically. Physical spies have given way to higher levels of digital reconnaissance. To defend against these threats, the U.S government created the Defense Federal Acquisition Regulation Supplement (DFARS) in 2017.

    Without getting too deep into how DFARS functions as an organization, and what countries need to be aware of DFARS compliance, here we’ll cover go through a complete step by step breakdown of how to become DFARS compliant.

    Naturally, a government mandate tasked with protecting sensitive information is going to be extremely comprehensive and (at times) exhausting. The NIST SP 800-171 is essentially all the inputs, outputs, regulations and requirements for any businesses looking to complete their DFARS compliant statement.

    (more…)

  • What Does DFARS Stand For?

    What Does DFARS Stand For?

    If you are a client or a business that supports clients that serve the Department of Defense (DoD) as a contractor or subcontractor you’ve likely heard of Defense Federal Acquisition Regulation Supplement (DFARS).  Protecting sensitive national defense information shared with and created and maintained by private organizations that support federal government contracts is vital to our national security. DoD contractors that process, disseminate, store or transmit Controlled Unclassified Information (CUI) are required to meet DFARS minimum security standards or risk losing existing DoD contracts and eligibility for future contracts.

    (more…)

  • Do I need an NYDFS Risk Assessment?

    Do I need an NYDFS Risk Assessment?

    Sensitive data breaches and data loss are major concerns for any organization. The prospect of a financial data breach, however, often results in public panic and can lead to media headlines that destroy a business’s good reputation. In March 2017, the New York State Department of Financial Services released a new cybersecurity regulation for financial service providers, considered to be some of the most rigorous and comprehensive regulatory guidelines for the financial sector. It is the first step toward greater security to protect critical financial data that affects the lives and financial accounts of all individuals and organizations.

    (more…)

  • What Are The Soc 2 Compliance Requirements?

    What Are The Soc 2 Compliance Requirements?

    Many different auditing processes exist, and companies increasingly face the challenge of choosing which type to conduct. Consumers and business partners demand data protection, so it is vital that companies understand the differences of each auditing process available. Are you aware of the Soc 2 compliance requirements? Find out how to be compliant from the experts at RSI Security.

    (more…)

  • What Is the California Consumer Privacy Act (CCPA)?

    What Is the California Consumer Privacy Act (CCPA)?

    In 2015 a man named Alastair Mactaggart had a conversation with a friend of his, a Google engineer, about the amount of data Google had on people. The more he thought about it, the more concerned he became. Through his efforts, the California Consumer Privacy Act, also known as the california privacy law, was signed into law by California Governor Jerry Brown in June of 2018.

    Sec 2, (i) States:

    Therefore, it is the intent of the Legislature to further Californians’ right to privacy by giving consumers an effective way to control their personal information, by ensuring the following rights:

    (1) The right of Californians to know what personal information is being collected about them.

    (2) The right of Californians to know whether their personal information is sold or disclosed and to whom.

    (3) The right of Californians to say no to the sale of personal information.

    (4) The right of Californians to access their personal information.

    (5) The right of Californians to equal service and price, even if they exercise their privacy rights.

    (more…)

  • How to Achieve NYDFS Cybersecurity Compliance

    How to Achieve NYDFS Cybersecurity Compliance

    It is a landmark regulation that is seen to have ripple effects on the cybersecurity practices of financial institutions not only in the United States but also worldwide. The New York State Department of Financial Services (NYDFS) Cybersecurity Regulation, commonly referred to as 23 NYCRR 500, is considered as one of the most comprehensive cybersecurity regulations in the financial sector.   

    This regulation takes on cybersecurity issues for financial institutions head-on by establishing strict requirements for state-chartered banks, private bankers, licensed lenders, mortgage companies, insurance companies, service providers, and foreign banks operating in New York.

    This post will detail the various aspects of this landmark regulation, from and more importantly, how concerned or covered entities can do in order to achieve NYDFS cybersecurity compliance.

    (more…)

  • How Mobile Security Solutions Can Reduce the Risk of Cyber Threats

    How Mobile Security Solutions Can Reduce the Risk of Cyber Threats

    Today’s Mobile Environment:

    If it is true that time flies, then it must be true that technology rockets. Today, the race for faster, smarter and more sophisticated technology dominates headlines and purportedly will help decide who holds the upper hand for tech supremacy. However, before corporations reap the considerable financial benefits of improved technology, it would greatly behoove them to examine their own mobile cybersecurity solutions.

    Yes, all technology is rapidly improving. But one particular sector has seen the most explosive growth and the highest level of utilization of that development: mobile. Today, around the globe, approximately 5 billion people use a mobile device, nearly half of them have smartphones. And what are all these people doing on their smartphones?

    The answer: using apps to the point that there are now addiction help guides. To their credit, many businesses saw this coming and created a mobile device security policy for their workers. Regrettably, hackers and the blinding speed of technology had other ideas. Read on to learn about how the mobile security framework became so vital and how RSI security can help maximize productivity and minimize your security risk.

    (more…)

  • How to Choose the Best Third-party Risk Management Certification Provider

    How to Choose the Best Third-party Risk Management Certification Provider

    In today’s business world, effective and efficient risk management is considered a major factor in the overall success of organizations. Businesses are investing heavily in third-party risk management programs to better identify and manage risks before these can affect their operations. The ability to manage risks enable companies and their decision-makers to act on future business decisions.

    However, not all companies employ third party risk management specialists. The reasons may vary from organizational size to budgetary issues. Instead of employing full-time third-party risk management specialists, many firms choose to outsource their risk management functions to third parties.

    Engaging the services of third-party risk management certifications firm is not as simple as it appears.  There are many factors that can come into play in choosing a third-party risk management certification provider.  This post will look at how a company looking to outsource risk management functions can select the best third-party risks.

    (more…)