Program Assessment & Compliance – Page 4

Vendor Enablement: Rethinking Third-Party Risk

Posted on April 30, 2020 by Nathan Noll

Third-party risk management is an essential element of information security. It is common to see news about a large company being breached, and after learning more, you find out the breach was the result of a vendor. When you depend on another organization for a critical business process and allow them access to your network,…

The post Vendor Enablement: Rethinking Third-Party Risk appeared first on TrustedSec.

Continue reading Vendor Enablement: Rethinking Third-Party Risk→

Payment Card Industry (PCI) – Recurring Requirements Require Attention!

Posted on April 28, 2020 by Nathan Noll

There are certain items contained within the 12 PCI requirements that have to be performed based on defined frequencies. In my experience, companies sometimes struggle with adhering to some if not all of these items. There are a number of reasons that this might happen, whether it’s related to employee turnover, unfamiliarity with the items,…

The post Payment Card Industry (PCI) – Recurring Requirements Require Attention! appeared first on TrustedSec.

Continue reading Payment Card Industry (PCI) – Recurring Requirements Require Attention!→

Securing a Remote Workforce: Top Five Things to Focus on For Everyone

Posted on March 25, 2020 by Nathan Noll

Deploying a remote workforce is uncharted territory for some organizations, while others have been perfecting the model for years. Most security programs have different ways to handle their workforce. For on-premise users, which has traditionally used more of castle mentality where you attempt to prevent outsiders from penetrating the network perimeter (similar to a castle…

The post Securing a Remote Workforce: Top Five Things to Focus on For Everyone appeared first on TrustedSec.

Continue reading Securing a Remote Workforce: Top Five Things to Focus on For Everyone→

COVID-19 and Preparing for Changing Cybersecurity Risks

Posted on March 13, 2020 by Nathan Noll

There is no denying that the COVID-19 pandemic is significantly impacting many people’s daily lives, with “social distancing” quickly being added to the social lexicon, schools closing, and events being canceled. Additionally, many businesses are rapidly moving to a remote and work from home model. While many organizations already have a large number of employees…

The post COVID-19 and Preparing for Changing Cybersecurity Risks appeared first on TrustedSec.

Continue reading COVID-19 and Preparing for Changing Cybersecurity Risks→

Working With the Department of Defense in 2020? Start Planning for the New Certification.

Posted on November 5, 2019 by Nathan Noll

In what is certain to be a wakeup call for many organizations involved in Department of Defense contracts, The Cybersecurity Maturity Model Certification (CMMC) is set to become a part of life in 2020. Much like previous requirements, the CMMC requirements will also apply to subcontractors, and all Requests for Proposal (RFPs) will require CMMC…

The post Working With the Department of Defense in 2020? Start Planning for the New Certification. appeared first on TrustedSec.

Continue reading Working With the Department of Defense in 2020? Start Planning for the New Certification.→

The Three Step Security Strategy

Posted on October 8, 2019 by Nathan Noll

Why Does Strategy Matter? The term ‘security strategy’ can be ambiguous and often means different things to different people. Because of this, many organizations do not have a formalized security strategy and those that do may not have an effective one. This is understandable. Managing the day-to-day issues associated with a security program (alerts, audits,…

The post The Three Step Security Strategy appeared first on TrustedSec.

Continue reading The Three Step Security Strategy→

Big Changes in Store for PCI DSS v4.0, and More!

Posted on September 20, 2019 by Nathan Noll

This week I attended the PCI North American Community Meeting. If you are in the payment security space and haven’t been to a community meeting, I would recommend that you put this on your conference schedule. It’s great to connect with like-minded individuals, including card brands, banks, large customers, vendors, and yes, assessors – both internal (ISAs)…

The post Big Changes in Store for PCI DSS v4.0, and More! appeared first on TrustedSec.

Continue reading Big Changes in Store for PCI DSS v4.0, and More!→

Attacks on the Rise Through Office 365

Posted on September 17, 2019 by Nathan Noll

Office 365 is the most popular line of digital services for businesses for a reason, but when it comes to cyberattacks, its ubiquity is creating challenges. If it seems like every week there’s a new headline about a large-scale hacking incident, it’s not a case of rampant fake news. According to the 2018 Symantec Internet Security…

The post Attacks on the Rise Through Office 365 appeared first on TrustedSec.

Continue reading Attacks on the Rise Through Office 365→

PCI Requirements 101

Posted on September 12, 2019 by Nathan Noll

Having completed several PCI-DSS (Payment Card Industry – Data Security Standard) Reports on Compliance (RoCs) over the past couple of years, I have noticed a consistent pattern on the items needed for the 12 requirements. I have found that there are three basic components to most if not all PCI requirements: Documentation (Policies, Standards, and…

The post PCI Requirements 101 appeared first on TrustedSec.

Continue reading PCI Requirements 101→