RSI Security

Blog

  • Top Strategies and Solutions for Social Engineering Penetration Testing

    Top Strategies and Solutions for Social Engineering Penetration Testing

    Social engineering attacks are a critical threat to cybersecurity across organizations. Nearly every organization whose personnel interface with networks, applications, or sensitive data requires protection against social engineering attacks, such as phishing, whaling, and tailgating. Social engineering penetration testing is a threat and vulnerability assessment tool that can help prevent threat actors from exploiting social engineering vulnerabilities. (more…)

  • Top 10 Web Application Security Assessment Tools

    Top 10 Web Application Security Assessment Tools

    When building a web application, security assessment tools are used to find errors, fix them, and secure the application in the development stage. Once applications are deployed, these efforts must continue, but the stakes are higher in live environments. The impact of a successful cyberattack will disrupt your business operations and threaten compliance. To prevent this, your organization should consider utilizing web application security assessment tools to protect web applications throughout their lifecycle. (more…)

  • What is Vulnerability Remediation? Everything You Need to Know

    What is Vulnerability Remediation? Everything You Need to Know

    What is vulnerability remediation? It is simply a set of processes for determining and addressing weaknesses in your cybersecurity systems. While important for all organizations, vulnerability remediation is especially critical for those dealing with customer data or whose digital assets may interact with external traffic. A robust vulnerability remediation infrastructure can address security gaps in your systems, protecting your organization from internal and external threats. (more…)

  • PCI Compliance Network Security Requirements

    PCI Compliance Network Security Requirements

    It is critical for payment card industry (PCI) organizations to protect cardholder data (CHD) integrity throughout processing, storage, and transmission. Specifically, PCI compliance network security can help minimize the risks of CHD breaches during processing and transmission across web applications and networks. Recent data breaches highlight the need for PCI organizations to address the exploitable network security vulnerabilities that could potentially compromise CHD integrity. Read on to learn more about how to address these vulnerabilities via PCI compliance network requirements (more…)

  • Can You Dispute Fines for PCI Non-Compliance?

    Can You Dispute Fines for PCI Non-Compliance?

    Compliance with the Payment Card Industry Data Security Standards (PCI DSS) is critical to securing credit and debit card payment transactions. Organizations in the PCI industry deemed non-compliant with PCI DSS requirements may be subject to steep fines, ranging anywhere from $5,000 to $50,000 monthly, depending on the length of violation and compliance level. However, you can dispute fines for PCI non-compliance. (more…)

  • Cyber Attacks on Banking Industry Organizations in 2021

    Cyber Attacks on Banking Industry Organizations in 2021

    Although viruses, ransomware, and malware continue to plague organizations of all sizes, cyber attacks on banking industry organizations have exploded in terms of both frequency and sophistication. With a year-over-year increase of 1,318%, cyber risk in the banking sector has never been higher.  (more…)

  • Changes Between HITRUST CSF v9.4 and v9.5

    Changes Between HITRUST CSF v9.4 and v9.5

    The HITRUST Common Security Framework, or HITRUST CSF, is a global, certifiable framework developed to aid organizations’ regulatory compliance efforts. In 2020, HITRUST CSF v9. 4 introduced several updates specific to the Cybersecurity Maturity Model Certification (CMMC) for US Department of Defense contractors. In September 2021, HITRUST v9. 4 was updated to v9. 5. What are the most significant changes in this latest version? (more…)

  • What Should Security Awareness Training Include for Healthcare Companies?

    What Should Security Awareness Training Include for Healthcare Companies?

    Security awareness involves everyone in your company—from clerical and administrative staff to doctors, nurses, IT staff, and even your patients. Everyone plays an important role. Unfortunately, this often leaves organizational and IT leaders wondering, “What should security awareness training include? (more…)

  • HITRUST Corrective Action Plan Management Strategies

    HITRUST Corrective Action Plan Management Strategies

    The HITRUST Approach covers four key strategies to achieve your information security risk management and compliance goals: “Identify & Define,” “Specify,” “Implement & Manage,” and “Assess & Report.” Corrective action plans (CAPs) are categorized under Assess and Report. CAP management allows you to synthesize your collection of self-assessments, gaps in compliance, and other CAP data into a reliable, manageable, and distributable format that’s flexible for your organization’s security needs. (more…)

  • How Are Organizations at Risk from Social Engineering?

    How Are Organizations at Risk from Social Engineering?

    Traditionally, social engineering is a trick often used by conmen, thieves, and other malicious actors. Designed to catch the victim off-guard and unaware, primarily for the actor’s personal gain, much of today’s social engineering scams take place exclusively online. This leaves many organizational leaders asking their IT departments the same question: How are organizations at risk from social engineering?   (more…)