FEATURED BLOG
Securing the Supply Chain
Integrate security into every phase of the supply chain and software development to protect against evolving cyber threats in an increasingly connected world.
So, You're Curious About ISO27001
Many organizations find themselves in a position where customers are asking for an independent certification of their organization’s controls. Sometimes they are given choices – SOC 2, HITRUST, or ISO27001. While you’ll hear these terms thrown around quite a bit, many US companies have much to learn about ISO27001.
Losing Sleep Over CMMC? Read This.
CMMC is causing quite a buzz and looks to be the information security industry's next ‘big thing’. Luckily, most of what is outlined in the CMMC are things most organizations should be doing already.
PCI DSS - What it is and what it isn't
PCI is not easy. PCI is not a guarantee that you won’t be breached. And lastly, PCI is not optional if you store, process, or transmit payment card data.
To SAST, or to DAST, That is the Question
New vulnerabilities are discovered, exploited, and then featured in the news on a daily-basis. Now, more than ever, securing our web applications, and the ways we develop them, is paramount.
The Great Security Race
When it comes time to present assessment results, I’m often asked to benchmark the company being assessed against similar organizations. As someone who has built a career around assessing information security programs, I always find myself asking the same question: what’s the purpose of such a request?