In the healthcare industry, artificial intelligence (AI) is being used to save lives—using data sets, these systems are being trained to examine imaging and successfully detect potential health risks, like cancer. However, as with every technological development and shift in its use, new risks have also emerged related to the use of AI, as have measures to help mitigate them—one of which is the HITRUST AI Risk Management Assessment.

A question we receive frequently during scoping calls is “What tools does your team use during a penetration test?” The answer can depend on the scope, services, and situations we come across during the engagement. Additionally, there is constant industry and threat pressure to stay ahead of the curve. Our toolkit is constantly evolving to reflect the latest threats and techniques, ensuring we can simulate real-world attacks effectively.

As we continue to live through what is an increasingly digital society, data centers have become the backbone of our interconnected world, handling everything from cloud computing to data storage and beyond. That takes a lot of energy, and as environmental impact becomes more and more of a concern, ISO 14001 certification has emerged as a top option to help organizations better manage their carbon footprint, and a particularly pertinent option for data centers.

When organizations opt to pursue a new compliance initiative, aside from cost and necessary resources, the first thought is usually regarding what to expect. That’s true for StateRAMP as well, and though many may—correctly—assume that there are some similarities between it and the more popular FedRAMP, there are several very clear deviations by the former from the latter that you know about going in.

The release of FedRAMP’s Revision 5 has raised many questions, including those regarding the addition of a red team exercise requirement for those seeking FedRAMP authorization. As the #1 provider of FedRAMP assessments on the Marketplace who have extensive experience in offensive security, we have insight to offer.

As cyber threats continue to grow more complex and difficult to defend against, regulatory cybersecurity requirements are becoming increasingly stringent—the Digital Operational Resilience Act (DORA) is the latest, and it demands your attention. The law comes into full effect in just a few short months—January 2025—and an independent assessment could help ensure you achieve full compliance in time.

As they’re now two of the most popular compliance initiatives in the world, many organizations often choose to pursue either SOC 2 or ISO 27001, and others are tackling both. In fact, there are strategic benefits to be gained in undergoing both a SOC 2 examination and achieving ISO 27001 certification, especially as you can do both at the same time.

Historically, PCI DSS has treated most service accounts as shared administrator accounts that had to be authorized with specific privileges using strong authentication factors. But now, version 4.0 of the PCI DSS has greatly expanded the scope of authentication and authorization requirements—while you’ll still need to secure those administrator accounts, you’ll now also need to implement controls to protect any application and service accounts in your environment.