Category Archives: Mergers & Acquisitions Security Assessment

Measuring the Impact of a Security Awareness Program

Posted on by

Our goal in building a security awareness program is to embed security into our partners’ existing organizational culture. Impacting culture is a long-term process that can take years and requires executive support. If you are tasked with managing a security awareness program, it is your job to measure and show leadership that your program is…

The post Measuring the Impact of a Security Awareness Program appeared first on TrustedSec.

Continue reading Measuring the Impact of a Security Awareness Program

The Crucial Role of Data Center Resiliency in Business Security

Posted on by

For many organizations, data center operations are handled by the facilities team or a third-party vendor. Although these functions aren’t part of the everyday responsibilities of the IT or Security departments, they are crucial to systems availability and to the ongoing operations of the business. Having a full understanding of the capacity and capabilities of…

The post The Crucial Role of Data Center Resiliency in Business Security appeared first on TrustedSec.

Continue reading The Crucial Role of Data Center Resiliency in Business Security

How I Retained My QSA Certification

Posted on by

In 2019, the Payment Card Industry (PCI) Security Standards Council (SSC) modified the Qualification Requirements for Qualified Security Assessor (QSA) employees. Prior to the modification, the requirements stipulated that QSA employees must hold either an Information Security certification or an audit certification, but now QSA employees must have a minimum of two (2) industry certifications:…

The post How I Retained My QSA Certification appeared first on TrustedSec.

Continue reading How I Retained My QSA Certification

Making EDR Work for PCI

Posted on by

The Endpoint Detection & Response (EDR) and Advanced Threat Protection (ATP) marketplace is abuzz with products that blur the lines of personal firewall, host-based intrusion detection system (IDS) and intrusion prevention system (IPS), anti-virus, system logging, and file integrity monitoring (FIM). These solutions are centrally managed from your web browser and include advanced dashboards for…

The post Making EDR Work for PCI appeared first on TrustedSec.

Continue reading Making EDR Work for PCI

20 Tips for Certification Success

Posted on by

Over the years, it has been my experience that industry certifications have become standard for job consideration and/or advancement for many technical positions. This is, of course, in addition to having experience in the particular field. I obtained my first (modern-day) technical certification in 2014. It was the System Security Certified Practitioner (SSCP) offered by…

The post 20 Tips for Certification Success appeared first on TrustedSec.

Continue reading 20 Tips for Certification Success

Vendor Enablement: Rethinking Third-Party Risk

Posted on by

Third-party risk management is an essential element of information security. It is common to see news about a large company being breached, and after learning more, you find out the breach was the result of a vendor. When you depend on another organization for a critical business process and allow them access to your network,…

The post Vendor Enablement: Rethinking Third-Party Risk appeared first on TrustedSec.

Continue reading Vendor Enablement: Rethinking Third-Party Risk