Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Do You Need to Hire a Professional to Be PCI-Compliant?

You don’t need a professional to be PCI-compliant, but professional expertise can make navigating the notoriously complex PCI DSS requirements easier. An experienced cybersecurity firm with qualified assessment staff can speed up compliance, enhance a firm’s security posture according to priority actions, and help the firm achieve a high level of security and peace of mind. However, you must use a professional for your business to be PCI-certified.

What is the Massachusetts Data Security Law? Guide + Tips

The Massachusetts Data Security Law (201 CMR 17.00) safeguards the personal information of Massachusetts residents. The law went into effect on March 1, 2010, and at the time, was one of the most comprehensive data privacy laws passed in the United States. Since the law’s passing, a variety of U.S. States have passed more robust data privacy legislation, including the notable California Consumer Privacy Act (CCPA) and Virginia Consumer Data Privacy Act (VCDPA).

What is an ISMS (Information Security Management System)?

An information security management system (ISMS) is a broad term that encompasses an organization’s information security policies, practices, and procedures regarding information security and how these are assessed, optimized, and implemented over time. An ISMS aims to ensure all risks are mitigated and that all risk management processes work effectively.

What is the Washington My Health My Data (MHMD) Act?

Washington’s My Health My Data Act (MHMD Act) regulates businesses and service providers that process or collect consumer health data from state residents. The act’s broad definition of “health data” carries compliance implications for a wide range of entities, including many that fall outside the scope of the Health Insurance Portability and Accountability Act (HIPAA).

Choosing a Financial Services Cyber Risk Remediation Product

In 2022, the finance industry suffered the second-highest number of data breaches. Besides implementing an attack surface management solution, the finance sector must also ensure its remediation product can quickly and efficiently address cybersecurity risks. If you’re in the market for a cyber risk remediation product, this post outlines the key features to look for to maximize the ROI of your new IT security tool. Learn how UpGuard protects financial services from data breaches >

Choosing a Tech Cyber Risk Remediation Product (Key Features)

Cyber risk remediation, the process of actively identifying, remediating, and mitigating cybersecurity risks, is particularly critical for the technology industry. With its characteristic enthusiasm towards adopting the latest trends in innovation, without a cyber threat remediation product, tech companies are unknowingly increasing their risk to a swatch of data breach risks.

Understanding the California IoT Security Law (SB-327)

In September 2019, California signed Senate Bill 327, also known as the California Internet of Things (IoT) Security Law. While not an extensively written piece of legislation like the California Consumer Privacy Act (CCPA), SB-327 took effect on January 1, 2020, and focuses on manufacturers of connected devices—requiring updated security standards that protect both devices and end-users. Learn how UpGuard can help your organization update security standards and monitor risk >

What is the SSL Not Available Risk?

So you've received a critical risk finding for SSL not available, which means your domain does not have an SSL certificate installed on the server. To resolve this finding, you can generate and supply an up-to-date SSL/TLS certificate on your site. SSL, which stands for secure sockets layer, and its successor TLS, or transport layer security, are internet protocols for securing traffic between systems with an encryption algorithm.

What is a Cybersecurity Risk Assessment?

A cybersecurity risk assessment is an examination of an organization or potential vendor’s current technology, security controls, policies, and procedures and which potential threats or attacks could affect the company’s most critical assets and data. Organizations can use cybersecurity risk assessments to understand their ability to protect sensitive data, information, and critical assets from cyber attacks.

A Guide to Vendor Relationship Management

Vendor relationship management is a process focused on overseeing relationships with third-party vendors. Vendors can range from small independent contractors for one-time projects to multi-year business partners critical to an organization’s success. Companies rarely handle all their business in-house and independently.