One of many different kinds of cyber attack, phishing involves a message—sent by email or otherwise—where a malicious actor purports to be reputable in some way to convince individuals to reveal personal information that the criminal can then exploit for gain.

With the deadlines for the newly incorporated Cybersecurity Infrastructure and Security Agency (CISA) Secure Software Development Attestation Form looming, organizations supplying government-used software must get their ducks in a row to ensure compliance with these requirements.

When seeking ISO 9001 certification, part of that road to compliance will be aligning your required quality management system (QMS) with the key clauses (4-10) within the standard, each of which focuses on a specific facet of that management system—context, leadership, planning, support, operation, performance evaluation, and improvement.

When undergoing a System and Organization Controls (SOC) examination, the idea is to gain independent validation regarding the controls you’ve put in place to protect your and your clients' assets and provide reassurance of your trustworthiness to your stakeholders. Unfortunately, sometimes controls fail to meet their intended objectives and criteria, resulting in your SOC auditors explaining the issue in your formal report—that explanation is called a “qualification.”

In a rapidly transforming digital landscape, private organizations aren’t the only ones attempting to protect themselves from evolving cyber threats—governments are too. In the United States, FedRAMP and StateRAMP have risen to prominence as “gatekeeper” frameworks to doing work with those levels of American government, and on the opposite side of the globe, Australia has IRAP.

In the intricate world of payment security, navigating the labyrinthine requirements of the Payment Card Industry Data Security Standard (PCI DSS) can feel like deciphering code. But for merchants using virtual payment terminals, the PCI DSS SAQ C-VT emerges as a beacon of hope that offers a simplified path towards compliance.

Though HITRUST released v11 of the HITRUST CSF back in January 2023, as of April 16, 2024, HITRUST released CSF v11.3. Standard practice is for HITRUST to update their CSF annually—at a minimum—and this v11.3 is a relatively minor revision with two main differences:

For any organization committed to robust cybersecurity hygiene, due diligence isn’t just for your interior systems, operations, facilities, and people—it also requires vetting your service relationships with suppliers to ensure they’re also secure. This is something Microsoft clearly understands, given their rigorous Supplier Security & Privacy Assurance (SSPA) Program they require. And for said suppliers participating in the SSPA Program, there are benefits to further extending your security compliance through HITRUST certification.