Penetration testing is an increasingly common part of cybersecurity and compliance regulations. The truth is that in many cases, the best way to get to the root of IT vulnerabilities in a system is to expose them to controlled but realistic attack scenarios that probe every interaction and connection in that system. In many cases, organizations will take penetration one step further and use what has been called red team testing. 

Here we’ll discuss the difference between typical pen testing and red team exercises, how red team testing can help you better understand your security risks, and why that’s important for your organization’s compliance efforts. 

Read More

If you work in retail or payment processing, you may already know about PCI DSS. However, you may not know of the details about compliance and transaction processing. For example, did you know that the size of your business and the number of transactions you process actually change how you comply with PCI DSS?

Here, we’ll break down the merchant levels in place to address this difference and how it could impact you as an organization facing PCI DSS requirements.

Read More

Cybersecurity is a community practice. Different innovations and discussions about new vulnerabilities, threats and controls inevitably influence security implementations in multiple markets and industries, depending on their applicability. This is just as true for healthcare, an industry generally governed by HIPAA. HIPAA, however, is complex, and organizations working in healthcare often look outside their own industry to help them better understand cybersecurity outside just hitting compliance checklists. That’s where NIST 800-66 comes in. 

In this article, we’ll discuss HIPAA security and how it relates to NIST 800-66. This NIST document helps healthcare providers under HIPAA understand more advanced security controls that could support their compliance, privacy and cybersecurity controls. 

Read More