When people hear of an upcoming pen test, they most commonly think of network testing. These tests can be focused against your external network (i.e. network perimeter) or your internal network (cloud environment and/or on-premises network). As these networks typically change year to year with new devices, cloud migrations, on-premises migrations, and firewall migrations, periodic testing may be necessary. This can leave you wondering how to find the right pen test provider to ensure your organization's network security posture is thoroughly assessed.

Opting for a readiness assessment ahead of your SOC 2 examination is—while optional—a beneficial extra step when seeking compliance. Do you remember taking a practice test while preparing for an exam in school? Such a move could never hurt your chances of success. That being said, there are some things you should understand ahead of your readiness assessment that can help demystify your experience.

The PCI Security Standards Council (PCI SSC) has announced significant updates impacting e-commerce merchants currently collecting payments via an iFrame or redirect. The new guidance brings notable changes to the PCI DSS compliance process for merchants who are eligible to complete the Self-Assessment Questionnaire (SAQ) A.

You think you’re close to picking the right team. Your goals align, and you think the team is of sufficient quality. But, there’s one aspect that can be easily overlooked – yet it may ultimately determine whether the exercise was worth conducting.

As the overarching regulation for healthcare data in the United States, the Health Insurance Portability and Accountability Act has helped secure what is considered personally identifiable information (PII) and its transfer/disclosure within the sector. Under HIPAA, providers and their business associates (BAs) must meet the law’s requirements, including the administrative safeguards within its Security Rule.

So, you’ve decided you need a pen test – and you have your requirements in mind. Now comes the process of finding your team to perform the test. As with any service or product, there are large variances in quality between vendors and individuals – so you’ll need to perform a balancing act. Below, we’ll walk through questions designed to help you assess the capabilities, experience, and ability of any prospective provider to meet your specific requirements.

These days, it’s not enough to simply secure your organization—you’ve to ensure your vendors are secure as well. More and more, bad actors aren’t stopping at the first line of infiltration—they’re using the access obtained to penetrate through to affect their victim’s supply chain, making it incredibly important for organizations everywhere to maintain effective and comprehensive third-party risk management (TPRM), something that can be elevated by way of an external assessment.

As the bringer of every New Year, January is often considered a fresh start, a time for renewal. We definitely need it physically, as the residual effects of our NYE celebrations slowly wear off, but we often need it mentally as well. That’s where the popular tradition of resolutions comes in.