Compliance

CCPA and why you should care (DPAC)

California Consumer Privacy Act of 2018, (CCPA), is just the first state bill after GDPR came through. Will there be more? How much interruption of your business will it entail? Should you care at all? Why or why not? Current CCPA Legislation: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180AB375 Refrences: https://www.bna.com/ten-things-probably-b57982096045/ https://www.techdirt.com/articles/20160329/08514034038/att-tries-to-claim-that-charging-users-more-privacy-is-discount.shtml https://blog.returnpath.com/gdpr-vs-ccpa/ Link to the slides: https://www.slideshare.net/swl126/california-consumer-privacy-act-of-2018-ccpa-dpac-call/swl126/california-consumer-privacy-act-of-2018-ccpa-dpac-call

GDPR Trickery

The Post-Audit Slump and What You Can Do About It

Compliance / By gellis

Coming from several large corporations that needed to attest to PCI DSS compliance annually, as well as being a QSA in a few former lives, I’ve seen my fair share of the post-audit slump. You know what I’m talking about; it’s the, “Wow! We completed our audit! Let’s take the next 11 months off to …

The Post-Audit Slump and What You Can Do About It Read More »

QSA’s are friendly… As long as you pick the right one… (Part 2)

Compliance, Network Security

QSA Partner. Continuation from Part 1… Selecting a QSA partner Back to the joys of selecting a QSA partner! I know when I contact them they are all going to want to know a lot of details about my business, including technical configurations. This is because of a PCI audit like many other audit frameworks …

QSA’s are friendly… As long as you pick the right one… (Part 2) Read More »

NIST 800-171 requirements for contractors

Compliance, Information Security

Meeting NIST Requirements while using SaaS Software. December 31, 2017, Organizations who process, store, and transmit Controlled Unclassified Information (CUI) need to comply with NIST Special Publication 800-171. The question organizations need to consider is what does it mean for their SaaS Applications? How do you do it in the “bring your own cloud,” (BYOC) world we live in? I …

NIST 800-171 requirements for contractors Read More »

CCPA and why you should care (DPAC)

The Post-Audit Slump and What You Can Do About It

QSA’s are friendly… As long as you pick the right one… (Part 2)

NIST 800-171 requirements for contractors

QSA’s are friendly… As long as you pick the right one… (Part 1)

OWASP Top 10 Vulnerabilities List is Changing

“Compliance is for BIG Business!” OR so you think.

HIPAA