%term

SOC 1, 2, 3 Compliance: The 2023 Guide to Understanding & Achieving SOC Compliance

Apr 11, 2023 By Kayly Lange In Splunk

Imparting your data to an organization, whether you are a private individual or another organization yourself, requires an incredible amount of trust. How can you be sure that they will handle your sensitive information properly? For specific industries, stringent standards and regulations are in place to ensure cybersecurity. For example, HIPAA for healthcare and PCI DSS for payment card processing companies reassure customers and companies that data is protected.

Read Post

Splunk

Read more about SOC 1, 2, 3 Compliance: The 2023 Guide to Understanding & Achieving SOC Compliance

What is SOC 2 and how do you achieve SOC 2 compliance for containers and Kubernetes?

Apr 11, 2023 By Kartik Bharath In Tigera

SOC 2 is a compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. SOC 2 is based on five overarching Trust Services Criteria (TSC): security, availability, processing integrity, confidentiality, and privacy. Specifically, the security criteria are broken down into nine sections called common criteria (CC).

Read Post

Tigera

Read more about What is SOC 2 and how do you achieve SOC 2 compliance for containers and Kubernetes?

The ISO/IEC 27001 Standard for InfoSec: Meaning, Importance & Requirements

Apr 10, 2023 By Blessing Onyegbula In Splunk

ISO/IEC 27001 is the international standard on information security. It was established by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to stipulate the framework for implementing Information Security Management Systems (ISMS) in an organized and risk-effective way. For this article, we’ll mostly refer to ISO 27001, but know that we’re referring to both ISO/IEC 27001. Got it? Let’s begin!

Read Post

Splunk

Read more about The ISO/IEC 27001 Standard for InfoSec: Meaning, Importance & Requirements

FedRAMP Compliance: What It Is, Why It Matters & Tips for Achieving It

Apr 10, 2023 By Kayly Lange In Splunk

Data security is a major concern for almost everyone. From organizations to individuals, most of us who use or supply cloud-based services want to ensure that our information stays confidential and accessible. However, these concerns are amplified to national security when government data is the subject. That’s why the U.S.government has a stringent set of security requirements known as FedRAMP®. All cloud vendors that provide services to federal agencies must comply with these standards.

Read Post

Splunk

Read more about FedRAMP Compliance: What It Is, Why It Matters & Tips for Achieving It

Strengthening CJIS Compliance with Keeper Security: Protecting State Agencies and Law Enforcement

Apr 10, 2023 By Mike Eppes In Keeper

In November 2022, the Criminal Justice Information Services (CJIS) division of the FBI updated its cybersecurity policy, impacting state agencies, police departments, and other organizations that handle Criminal Justice Information (CJI). The updated policy poses challenges for organizations, especially smaller ones, to maintain compliance due to limited resources, lack of expertise and the policy’s complexity.

Read Post

Keeper

Read more about Strengthening CJIS Compliance with Keeper Security: Protecting State Agencies and Law Enforcement

What is NIST 800-161? Guide & Compliance Tips

Apr 7, 2023 By Kyle Chin In UpGuard

NIST 800-161 — also identified as NIST Special Publication (SP) 800-161 — was published in April 2015 as Supply Chain Risk Management Practices for Federal Information Systems and Organizations. In May 2022, a year after President Biden’s Executive Order on Improving the Nation’s Cybersecurity, NIST produced a revised version, NIST 800-161 rev. 1 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations.

Read Post

UpGuard

Read more about What is NIST 800-161? Guide & Compliance Tips

The Next Generation of Risk Registers is Here

Apr 6, 2023 By Richa Tiwari In TrustCloud

A risk register is a tool used to manage potential problems or risks within an organization. It helps to identify and prioritize risks, their likelihood of occurrence, and provides ways to mitigate them. Risk registers allow you to play offense and defense – you’re proactively planning for potential challenges and minimizing their impact on your project’s success in the event that the roadmap does veer off course.

Read Post

TrustCloud

Read more about The Next Generation of Risk Registers is Here

SOX VS SOC AICPA Mapping the Differences

Apr 6, 2023 By VISTA InfoSec In VISTA InfoSec

SOX and SOC are regulatory and compliance standards that people often get confused about. They are designed and developed with different purposes and goals. Explaining the two in detail, VISTA InfoSec recently conducted a live webinar on “SOX & SOC- Mapping the Differences”. The webinar maps the similarities and differences between SOX and SOC. In addition to this, the webinar provides information on how your organization can leverage the key overlaps between the two to attain compliance with both the regulation and compliance standards.

View Video

VISTA InfoSec

Read more about SOX VS SOC AICPA Mapping the Differences

Comply Investigations - Tanium Tech Talks #59

Apr 5, 2023 By Tanium In Tanium

Tanium now helps you investigate exact findings on endpoint vulnerability and compliance scans. A common frustration between IT scanning and remediation teams is the back-and-forth over getting every detail right on the fix. Maybe the machine is patched, but it is still missing the proper registry flag. Tanium has solved this by giving you full visibility into EXACTLY what was or was not in the correct state for BOTH vulnerability and configuration compliance scanning. See each test, pass or fail, and the actual values from the compliance scan on the endpoints.

View Video

Tanium

Read more about Comply Investigations - Tanium Tech Talks #59

Say hello to TrustRegister!

Apr 5, 2023 By TrustCloud In TrustCloud

We’re thrilled to announce the launch of TrustRegister! 🚀 Say goodbye to manual risk registers and hello to programmatic and predictive risk tracking with this new risk management solution. Our platform reduces your business liability by helping you identify risks before they become a problem.

View Video