CCPA Compliance 101: Consumer Verification

Creating a Risk Management Program from Scratch

Risk management is a crucial part of your Security Management program. It is the process of identifying, assessing, and mitigating the unique data security and privacy risks your organization faces. You should start the risk-management process after you settle on the scope of your Security Management program. This way, you can accurately determine what company-specific risks you might encounter. Until you scope your program, you won’t really know what you need to worry about.

Read More

What Is Security Management and How Can I Use It to Transform My Business?

What Is Security Management?

Read More

Automating Your Asset Management

There’s a common security adage that goes “You can’t protect what you don’t know,” and so it’s no surprise that an accurate and up-to-date Asset Inventory is critical to the operation of a Security Management program. The ISO/IEC guidance for implementing an ISMS, for example, recommends starting with “assets with their intrinsic vulnerabilities” as the foundation of your risk assessment; similarly, Asset Management is required in one form or another by SOC 2, HIPAA, and GDPR.

Read More

Streamlining Your Vendor Management

For companies trying to improve their security posture and build trust with their customers, it can be difficult to balance effective security processes with efficient ones. Vendors in particular can pose serious challenges for security management programs: their risks are your risks, and it can be onerous to perform proper diligence on them. Major frameworks like ISO 27001, SOC 2, HIPAA, GDPR, HITRUST, and NIST CSF often have clear but burdensome requirements around Vendor Management, involving:

Read More