Key Takeaways Vendors are an essential component of your organization and many times now a true extension of your organization. They can provide all the tools, products, and services necessary to keep everything running, from supplies to supporting internal processes. And yet, those same third-party vendors you rely on may ... Read More

A short time ago, we announced our integration of OWASP ASVS into our cyber risk management platform. At a high level, this allows organizations to run more structured, repeatable security assessments for web applications and cloud-based services, while also giving security and procurement teams a consistent way to evaluate internally ... Read More

2025 Updates: A New Era for Privacy in Massachusetts Massachusetts is on the cusp of passing one of the most robust privacy laws in the United States. In 2025, momentum has accelerated around Senate Bill S. 2516, later redrafted as S. 2608, which would reshape how personal data is collected, ... Read More

Information risk is not just a technical problem but affects the bottom line and daily activities of most businesses. FAIR – Factor Analysis of Information Risk is a model that allows organizations to analyze, measure and understand cybersecurity and operational risk, in terms that can be easily understood and applied ... Read More

Today’s businesses don’t operate in a vacuum. To maintain high standards of efficiency, supply chains everywhere need products and services from third-party vendors. Maintaining relationships with suppliers is a well-accepted part of keeping up production lines, controlling internal operations, and generally conducting business. However, every partnership you make introduces a ... Read More

Cybersecurity is top of mind for most businesses today. A single data breach can compromise your ability to operate, generate revenue, and ruin the reputation you’ve spent years building with your clients, business partners, and vendors. There’s no avoiding digital risk. In today’s hyper-connected world, they will continue to grow ... Read More

Key Takeaways NIST SP 800-171 vs. CMMC 2.0 NIST SP 800-171 lists the security controls contractors need to protect Controlled Unclassified Information, or CUI. CMMC 2.0 is the Department of Defense program used to check whether those controls are actually in place. For many contractors, this matters most at CMMC ... Read More

SOC 2 is the gold standard in Information Security certifications and shows the world just how seriously your company takes Information Security. An incredible way to systematically evaluate and improve your company’s handling of customer data throughout its lifecycle, the SOC 2 certificate is equally challenging and worthwhile to attain.  ... Read More

Key Takeaways June 2025 Legislative Update: New York  New York continues to be one of the most active battlegrounds for state privacy legislation in the U.S., and 2025 is no exception. While the long-debated New York Privacy Act (NYPA) still hasn’t crossed the finish line, several significant developments have reshaped ... Read More