34 matches found
GRC-demo-poc-oscal
GRC-OSCAL — continuous compliance, demonstrated A working pro...
Wordfence Price Increases Coming December 5th, 2024
We haven't raised our prices in a relatively high inflation environment in 2 years, and in the case of Wordfence Care and Response, for 2.5 years. So that time has come, and we want to let our free and paid user community know ahead of time. We’re giving you almost a month forewarning before we...
Embarking on a Compliance Journey? Here's How Intruder Can Help
Navigating the complexities of compliance frameworks like ISO 27001, SOC 2, or GDPR can be daunting. Luckily, Intruder simplifies the process by helping you address the key vulnerability management criteria these frameworks demand, making your compliance journey much smoother. Read on to understa...
Which security framework? All of them, in the SCF
TL;DR: All roads lead to Rome. There are plenty of ways to meet your security requirements ISO 27001 is not everything. There, I said it What is the Secure Controls Framework SCF? Why you should consider SCF on your journey to security excellence PTP has a myriad of customers coming for help to...
Essential Guide to Cybersecurity Compliance
SOC 2, ISO, HIPAA, Cyber Essentials – all the security frameworks and certifications today are an acronym soup that can make even a compliance expert's head spin. If you're embarking on your compliance journey, read on to discover the differences between standards, which is best for your business...
Hive Pro Achieves ISO/IEC 27001: 2022 Certification
Hive Pro has achieved ISO 27001: 2022 Certification, Demonstrating A Continuous Commitment to Excellence in Information Security August 8th, 2023 - HERNDON, VA: Hive Pro, a pioneer in the Threat Exposure Management market, is thrilled to announce that they have successfully attained ISO 27001:202...
Implementing an ISO-compliant threat intelligence program
Implementing a threat intelligence program that meets the definition of threat intelligence control as described in ISO/IEC 27002:2022 -- a set of standards set forth by the International Organization for Standardization -- is not onerous. The ISO/IEC 27002 standard describes a non-exhaustive lis...
New InsightCloudSec Compliance Pack: Implementing and Enforcing ISO 27001:2022
James Alaniz and Diamond Fair contributed to this article. We’ve been on quite a roll lately releasing new compliance packs, along with iterative updates to others that we’ve supported for a while now. We’re not done yet, either! In this article, we’ll discuss our newly released compliance pack f...
FAQ: Transitioning to the highly anticipated new revision of ISO 27001
For a group like Coalfire Certification that lives and breathes these standards daily, it has been an exciting few months monitoring the progress of this publication and its review through the various ISO working groups...
ISO 27001 Certification: What it is and why it matters
Did you know that Rapid7 information security management system ISMS is ISO 27001 certified? This certification validates that our security strategy and processes meet very high standards. It underscores our commitment to corporate and customer data security. What is ISO 27001? ISO 27001 is an...
FAQ: Transitioning to the highly anticipated new revision of ISO 27001
For a group like Coalfire Certification that lives and breathes these standards daily, it has been an exciting few months monitoring the progress of this publication and its review through the various ISO working groups...
ISO 27002 Emphasizes Need For Threat Intelligence
With employees reluctant to return to the office following the COVID-19 pandemic, the concept of a well-defined network perimeter has become a thing of the past for many organizations. Attack surfaces continue to expand, and as a result, threat intelligence has taken on even greater importance...
NIST Cybersecurity Framework: A Quick Guide for SaaS Security Compliance
When I want to know the most recently published best practices in cyber security, I visit The National Institute of Standards and Technology NIST. From the latest password requirements NIST 800-63 to IoT security for manufacturers NISTIR 8259, NIST is always the starting point. NIST plays a key...
Types of Penetration Testing
If you are thinking about performing a penetration test on your organization, you might be interested in learning about the different types of tests available. With that knowledge, you'll be better equipped to define the scope for your project, hire the right expert and, ultimately, achieve your...
The business case to expand ISO 27001 certification with privacy controls
Third-party inspections of organizational privacy risk remain a novel trend. Only five years ago, the most basic of common controls frameworks for this risk taxonomy did not even exist. Today, privacy has captured the collective global consciousness. Every segment, from regulators and industry...
hartodesign.fr Improper Access Control vulnerability OBB-1451438
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
cartrade.co.jp Cross Site Scripting vulnerability OBB-1370459
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Key scoping factors when pursuing ISO 27001 certification
Service providers that seek the most recognized implementation of an information security baseline and governance structure should consider the ISO/IEC 27001:2013 "ISO 27001" standard. The information security management system ISMS prescribed by this widely adopted publication engages personnel ...
Automated and Scalable Audit Workflows with Qualys Security Assessment Questionnaire
Risk and compliance management is a multi-faceted domain with concentrated endeavors towards reducing unacceptable risk potential that could disrupt business, or otherwise negatively impact business performance. IT GRC Governance, Risk and Compliance comprises many tasks related to business and I...
Will ISO 27701 Be the New GDPR Certification?
On August 6, ISO published the ISO/IEC 27701:2019 "ISO 27701" standard, which lays out the requirements for implementing an organizational program to govern the handling of personally identifiable information PII, known as a Privacy Information Management System PIMS. In many ways, the new standa...