Are you always concerned with making a good first impression? Do you often feel unsure of how to approach the conversation with a group of people you are meeting for the first time? Don’t worry, it’s common to feel anxious and uncertain in networking situations. When meeting new people, we tend to put a lot of stress on ourselves to shine and come across well, in order to make a connection.

With the General Data Protection Regulation (GDPR) becoming effective May 25, 2018, organizations (or rather, organisations) seem to be stressing a bit. Most we speak with are asking, “where do we even start?” or “what is included as personal data under the GDPR?” It is safe to say that these are exactly the questions organizations should be asking, but to know where to start, organizations first need to understand how the GDPR applies to their organization within this new definition for personal data. Without first understanding what to look for, an organization cannot begin to perform data discovery and data mapping exercises, review data management practices and prepare the organization for compliance with the GDPR.

In the information technology world, there are currently few buzzwords as popular as the term cybersecurity. As CIOs and VPs evaluate the status of their network environment, and decide who will oversee the related processes—including who has the unfortunate task of reporting to the Board

You most likely selected the link to this blog to discover one of two things: 1) how to effectively manage vendor requirements via SOC reports or 2) what the SOC 1/SOC 2 examination requirements are for vendor management. I don’t want to disappoint, so this article will provide you with some knowledge or at least some validation of your current thoughts on the matter.

As you likely know, there are different System and Organization Controls (SOC) report options, such as SOC 1 and SOC 2/SOC 3. What may be lesser known is that within those SOC report options, there are also different types, referred to as Type 1 and Type 2. In other words, the specific use of “Type” as a distinguisher are different specified options for both the SOC 1 and SOC 2 reports.

When building out your information security management system (ISMS) which will ultimately become certified, it can be tricky to know where to draw the boundaries of what should be included in your scope.

As a holistic security standard that has become popular worldwide, ISO 27001 can help any organization seeking to prove their cybersecurity measures are sound while also providing a market differentiator among other gained advantages. But the comprehensive nature of the standard—and the heavy lift it requires—can also put off organizations considering it, especially those in sectors that have yet to really be affected, like law firms.

Cloud computing technologies have revolutionized the way organizations manage and store their information. Where companies used to house and maintain their own data, a host of organizations have now made the switch to a cloud-based model due to the ease of use and cost-saving benefits promised by the cloud.