As companies prepare for the January 1st, 2020 implementation of the California Consumer Privacy Act or CCPA, we have been fielding quite a few questions surrounding the new regulation and its requirement for “reasonable security”. One of the most often asked questions is “Does the CCPA require penetration testing?” Today we dive deeper into the […]
Many times we have organizations come to us that have never had security assessments or penetration testing performed before. Maybe they have a new compliance requirement that is pushing them to get some testing done, or maybe they keep hearing more about the benefits of penetration testing and feel they need to jump in and […]
In one of the most infamous data breaches of the decade, Equifax, one of the nations largest credit reporting companies, discovered unauthorized access to personal information and credit information of over 148 million US consumers. This week, I had the chance to sit down and listen to a podcast that interviewed Graeme Payne, the CIO […]
At Triaxiom Security, we certainly appreciate that there are numerous options when choosing an information security vendor. So today, we would like to detail who we are and what we have to offer. Who we are: We are a small, innovative team who pride ourselves on being on the cutting edge of the ever-changing security […]
The reason most companies conduct a penetration test is to uncover vulnerabilities so that they can remediate or mitigate them, ultimately improving security posture. But in order to do that, one of the key components following any penetration test is the transfer of knowledge from the penetration test team to the organization’s defenders. And taking […]
Maintaining PCI Compliance requires you to keep your security program up to date and perform certain activities throughout the year. If you don’t stay on top of it, you could find yourself missing a key component, such as a quarterly ASV Scan, which will result in a failing Report on Compliance (RoC) or Self Assessment […]
The Center for Internet Security (CIS), in collaboration with the SANS Institute, developed the CIS Top 20 Critical Security Controls (CSC) to help organizations prioritize their efforts in information security and protect their organization from the most common attack vectors. These controls are grouped into three broad categories. Basic controls are the starting block for […]
Organizations continue migrating to the cloud at an extremely fast pace overall. With the advances in scalability, security, and flexibility, the cloud is more or less a known quantity now, and even the most resistant sectors (looking at you government and financial) are starting to embrace this paradigm shift in technology. With the shift in […]
In information security, there are generally two “sides.” The Blue Team, or defenders, are comprised of those who are trying to protect a network. They are made up of SOC analysts, firewall administrators, etc. Their job is to ensure the network is secure and operational. The Red Team, or attackers, conversely attempt to hack or […]
A PCI QSA onsite assessment, also known as a Level 1 Assessment, that produces a full Report on Compliance (RoC) is an extremely involved process. In a previous blog, we’ve covered our methodology for completing this type of assessment, potentially explaining some of the level of effort that goes into this type of assessment. Taking […]
