“Where do we draw the line?”

As a holistic security standard that has become popular worldwide, ISO 27001 can help any organization seeking to prove their cybersecurity measures are sound while also providing a market differentiator among other gained advantages. But the comprehensive nature of the standard—and the heavy lift it requires—can also put off organizations considering it, especially those in sectors that have yet to really be affected, like law firms.

Cloud computing technologies have revolutionized the way organizations manage and store their information. Where companies used to house and maintain their own data, a host of organizations have now made the switch to a cloud-based model due to the ease of use and cost-saving benefits promised by the cloud.

Why would a financial services company need a SOC 1?

The short answer is...yes. Now for the long answer - a SOC 2 report requires that a service organization has sufficient control activities in place to address the Trust Services Principles and Criteria (TSPC) developed by the AICPA. However, there are no stipulations by the AICPA as to what those control activities have to be. As long as the criteria are satisfactorily addressed to align with the risks that a service organization has identified, a service organization has some flexibility with the controls they implement.

Generational differences speak loudly in today’s workplace as one of the main reasons for conflict at work.

Executive Summary Docker is an advanced framework for deploying applications--in particular, cloud applications. It is notably different than working within traditional virtualization environments, and/or “standard” image-based cloud deployments at Amazon or Microsoft. With that comes opportunity for deployment engineers, but also challenges for security and compliance professionals. This post provides you with some perspective on technical architecture for Docker and specific use cases for configuring Docker containers for PCI compliance. Where I could, I provide screenshots and examples for a test Docker environment created for this purpose.

Codifying Your Configuration Standards If you have already gone through a PCI DSS, SOC, HIPAA/HITECH, or ISO assessment, you already know that detailed configuration standards are a must. If you haven’t been through one of these assessments …get ready for some serious typing!