In many cases, penetration testing – a type of ethical hacking engagement designed to identify and address security vulnerabilities in networks, systems and applications – is required. Sometimes this requirement is specified directly, while in other cases it is implied by a need to build audit or assessment processes to mitigate cyber risk. This blog identifies some of the most common pen testing standards and regulations and provides guidance about the type of testing required.

As many businesses have begun to work almost entirely remotely until an as-yet-to-be-determined date, they have had to plan for activities that took place largely in person in the past. For example, many compliance audits have gone virtual in these times of uncertainty. This shift has forced organizations to adjust how they prepare and plan. But even in these times of uncertainty, it is your organization’s responsibility to stay sharp and on track with security knowledge, planning, and response.

Each month, Reciprocity highlights companies that have earned compliance certifications for information security frameworks. Here’s our June 2020 roundup of compliance news from around the United States, and around the world.

Beginning this month, Reciprocity will highlight companies that have earned compliance certifications for information security frameworks. Here’s our May 2020 roundup of compliance news from around the United States, and around the world.

While keeping data safe from modern cyberthreats is difficult enough, you also have to keep in mind compliance with common regulations, i.e., ensuring your company’s compliance to SOX, which deals with transparency in disclosures from public companies. Nowadays, it’s not enough for businesses to rely on dismissive financial documents that satisfy the intermittent audit; you need to level up your game, and create detailed day-to-day records of activities.