Many organizations, especially small-to-medium sized businesses, may feel overwhelmed when it comes to information security. With all of the news articles and blog posts warning about security-related threats and attacks, a ton of people feel like they need to do something to protect their business but have no idea where to start. This can be […]
There are a variety of ways to test the maturity of your security program, including a gap analysis and a penetration test. However, it can be overwhelming to hear about these different types of security assessments and try to make an informed decision about what is right for your organization and your budget. The different […]
We get a decent amount of questions regarding the right approach to both penetration testing in the cloud and vulnerability scanning cloud-hosted assets. While we’ve already written several posts on how to approach penetration testing for AWS, Azure, and other cloud providers, today we’ll take a step back and focus on AWS vulnerability scanning best […]
Risk assessments are a way of reviewing your assets, the threats to those assets, any vulnerabilities or conditions that leave them open to those threats, and what you are doing to mitigate the risk to those assets. What comes out of that analysis ultimately is an understanding of your residual risk, or how likely is […]
Vulnerability management programs and the vulnerability management tools that support these processes are becoming more and more important to organizations. As the cybersecurity threat landscape shifts more quickly than ever, organizations have to try to stay caught up with new vulnerabilities that could be affecting them to avoid being caught in waves of cyber attacks. […]
The Payment Card Industry (PCI) Security Standards Council (SSC) is an independent body created by Visa, MasterCard, Discover, American Express, and JCB formed in 2006 to develop and enforce standards to protect credit card information. Together, they created the PCI Data Security Standard (DSS), a baseline set of technical and operational requirements which applies to […]
