September 21, 2020 •
Early on in my security career, while studying for my CISSP certification, the author of the book I was reading presented a concept of how to treat risk once it is known. Management has the choice of treating, accepting, deferring, or denying the risks that are found or identified. While most all security frameworks require […]
May 20, 2019 •
Every diligent company or organization understands cybersecurity is needed, but often doesn’t know how to budget for the appropriate protection. It’s not always a clear-cut number, but there is a way to develop a return on investment (ROI) or return on expense (ROE) equation that you can share with your budgeting team and C-level executives who are looking to you for answers.
July 27, 2018 •
A PCI DSS readiness assessment (also known as a gap analysis) is an effective method for finding and fixing compliance holes efficiently and economically. Read this post to learn if your business can benefit from a readiness assessment.
Compliance • PCI Compliance • Security Assessments
December 12, 2017 •
Penetration tests have always had a higher price tag, but their overall cost to you is about to increase in 2018. Here’s what’s changing and how you can keep these costs contained in 2018 and beyond.
Compliance • Network Security • Vulnerability Management
October 30, 2017 •
On October 5th, 1953, the New York Yankees became the only team in baseball history to win five championships in a row. Today I’m pleased to tell you that ControlScan has passed the PCI Approved Scanning Vendor (ASV) revalidation test, also for the fifth consecutive year!This was no easy feat. Read on to learn how we did it.
Compliance • Vulnerability Management
August 16, 2017 •
I’ve been an information security assessor (PCI, HIPAA, ISO, etc.) for a long time and it’s always interesting to find out why a company has brought me in to do an assessment.Is the goal to shore up their existing security environment, or just check a compliance box to make one of their clients or vendors happy? The answer to that question will usually determine the assessment’s success.
Compliance • Security Assessments
March 31, 2017 •
Historically speaking, tax season is prime for tax-themed scams and social engineering attacks. Specifically, the number of W-2 phishing scams have peaked recently. Attackers and social engineers begin by targeting finance and HR departments with spear phishing emails that spoof C-level executives and request employee W-2 forms.
Endpoint Security • Security Awareness • Social Engineering
January 13, 2017 •
It’s Friday the 13th and there’s a “fear factor” in health IT. If you don’t know where your HIT organization’s security and compliance weaknesses lie you’re likely feeling that fear—today and every day.But don’t try to fight off cyber criminals with monster spray! Read this blog post and learn how to arm your organization appropriately.
Network Security • Risk Management • Security Assessments
December 1, 2016 •
Employees are one of the most overlooked and most dangerous areas of security risk in an organization. The human element is susceptible to all types of attack and error, not to mention their ability to act with malicious intent.While human security risk can never be completely eliminated, it can be significantly reduced. Read this ControlScan blog post to learn how.
Access Control • Malware • Security Awareness
October 13, 2016 •
At a recent debt collection industry event I was asked numerous times: “Do I really need an SSAE 16?” Well, the answer to that question depends on the intention of the request. Read my blog post to learn what you need to know before pursuing an SSAE 16 audit.
Cybersecurity Legislation • Security Assessments