Out of all the types of penetration testing we perform at Schellman, physical security is frequently overlooked due to the fact many compliance frameworks simply don’t mandate this type of testing. Of course protecting your physical infrastructure can be challenging. Many organizations struggle to identify and address vulnerabilities, leaving them vulnerable to theft, vandalism, and other threats. The good news is, you're already taking the right steps! By reading this, you're demonstrating a commitment to physical security.

In today’s ever-evolving cyber threat landscape, maintaining robust cybersecurity isn’t just a regulatory requirement—it’s a business imperative, and there are multiple avenues organizations can take to do so.

Even as AI systems become more advanced and enmeshed in daily operations, concerns regarding whether large language models (LLMs) are generating accurate and true information remain paramount throughout the business landscape. Unfortunately, the potential for AI to generate false or misleading information—often referred to as AI “hallucinations”—is very real, and though the possibility poses some significant cybersecurity challenges, there are ways organizations deploying this technology can mitigate the risks.

TAMPA, Fla. – November 12, 2024 – Schellman Compliance, a leading provider of compliance services, is pleased to announce the successful acquisition of Sustas, LLC practice, a firm specializing in sustainability reporting services. As part of the transaction, Sustas’s clients and personnel will join Schellman, further strengthening the firm’s ability to deliver tailored, industry-leading sustainability compliance, consulting, and assurance solutions.

Maybe it’s time for your yearly pen test. Or, maybe you’re building up your very own internal pen test team. Navigating this journey can be challenging, but we’re committed to making it easy for you. Fortunately, we bring a wealth of insight from our “other side of the table” perspective. This multipart series will prepare you for concerns on both sides of the table, so you can be certain you’re ready for your next engagement.

Scoping is a key first step in any compliance assessment, and those who have been through the process understand how vital—and how tricky—it can be. Scoping is particularly crucial in PCI DSS, as drawing your boundaries largely determines which requirements your organization must satisfy, and when you’re operating within a Zero Trust environment, things appear to get more complicated.

As threats continue to evolve and grow more creative and sophisticated, cybersecurity remains a paramount concern of organizations everywhere. But these days, it’s not enough to implement the necessary data to protect the data in your systems—more and more, bad actors are targeting third-party providers as a backdoor into their greater supply chains, making third-party risk management (TPRM) more important than ever.

For anyone immersed in digital technology, you know that artificial intelligence (AI) is all the rage right now, and for good reason, the use cases for this technology are growing all the time. But as AI continues to enmesh with daily life as well as business, security concerns have grown in parallel, as have questions regarding the implications on organizations and their ongoing compliance efforts. At the top of mind for many has been how AI factors into SOC 2 examinations.