Guide to the SOC 2 Security Trust Services Criteria
Fractional CISO Blog
by
2y ago
Even a choose-your-own-adventure book has a certain structure to it. Sure, you might be making your own way through the book, but there are still plot points, challenges, and decisions the author will include along every path. SOC 2, being the choose-your-own-adventure cybersecurity compliance standard, is similar in this regard.  An organization pursuing a SOC ..read more
Visit website
Applying Mazda’s “Gram Strategy” to Cybersecurity and Risk Management
Fractional CISO Blog
by
2y ago
Imagine being sixteen years old, gassing up your mothers old Chevy Cavalier and seeing a sleek smurf-blue roadster zip past the gas station. Time stops. You immediately fall in love with it. Time starts again, and you disappointedly climb into your mom’s clunker and sullenly drive yourself home. You spend the next twenty years thinking ..read more
Visit website
The Purses and Flagpoles of Security Policies
Fractional CISO Blog
by
2y ago
I never knew what a danger soccer moms’ purses were. That is, until I attended my very first professional soccer game at Gillette Stadium. A friend of ours invited a few families to join them to watch the game. Until a few hours before arrival I could not have confidently named the home team. It’s ..read more
Visit website
How to manage open source code in your product.
Fractional CISO Blog
by
2y ago
Do you really know what’s in open source code?  Do you want to?  Because face the facts: your organization is making use of open source code right now – and you probably have no idea what’s in it, how recently it has been updated, or even if you’re allowed to use the code in your ..read more
Visit website
Do you need to babysit your vendors?
Fractional CISO Blog
by
2y ago
Good news: Date nights are back on! That’s correct … Mrs. Black and I headed out to an event a couple of weeks ago, doing our best to pick up where the pandemic found us back in early 2020. Of course, our babysitter bullpen has been depleted over the past two-plus years. Some are now ..read more
Visit website
Software engineering isn’t for everyone – how I started a career in cyber.
Fractional CISO Blog
by
2y ago
You wanted to be a developer. You spent four years and thousands of dollars in school and managed to get your foot into industry. You spent a few years working a couple different gigs only to realize – this job just isn’t for you.  Do you find working in a dark room with no windows ..read more
Visit website
Guide to SOC 2 compliance documentation
Fractional CISO Blog
by
2y ago
Nobody really wants to do their homework. Which is unfortunate, because homework plays an important role in helping to absorb, retain, and learn to use the information someone is studying. In the security and compliance world, writing documentation is the homework. It helps employees standardize the right policies and procedures to successfully reduce risk and ..read more
Visit website
Your cyber insurance probably isn’t good enough.
Fractional CISO Blog
by
2y ago
Cyber insurance, like all insurance, is all about the fine print.  In 2017, G&G Oil Company purchased a commercial insurance policy that, while not a full-fledged cyber insurance policy, did include coverage for losses “resulting directly from the use of a computer.”  They were hit with a ransomware attack later that year and had to ..read more
Visit website
Don’t press that panic button!
Fractional CISO Blog
by
2y ago
You may assume that I am a fully functioning human. I assure you, you are mistaken. There are certain things – things that most people are quite capable of – that I am dazzlingly terrible at. I cannot sing. Literally. Once, when I joined in on “happy birthday” at my then four-year-old daughter’s party, two ..read more
Visit website
When your Business Continuity/Disaster Recovery Plan is a Disaster…
Fractional CISO Blog
by
2y ago
Picture it:  As a part of your new job running a corporate SOC 2 compliance program, you’ve started the arduous process of reviewing old documentation. Most of it is in pretty good shape…until you come across the Business Continuity/Disaster Recovery (BC/DR) Plan. While your company’s name is all over it, the instructions for temporary physical ..read more
Visit website

Follow Fractional CISO Blog on FeedSpot

Continue with Google
Continue with Apple
OR