The National Institute of Standards and Technology (NIST) recently released version 2.0 of its Risk Management Framework (RMF). The RMF addresses security, privacy, and supply chain risk in an integrated manner. One of the significant additions to the RMF is a step called Prepare. Prepare is intended to help organizations
Gift cards, bonuses and incentives are very popular throughout the end of the calendar year and in the opening months of the new year. Unfortunately, scammers are well aware of this, and they’re looking to cash in. As a result, companies are more vulnerable to Business Email Compromise (BEC) scams.
As of December 15, 2018, the 2017 Trust Services Criteria are officially in effect. Organizations that are issuing System and Organization Controls (SOC 2) Reports will need to ensure that their reports reflect the changes from the previous Trust Services Criteria and Principles. How these changes impact your SOC 2
In June 2018, the Ohio legislature passed Senate Bill 220, known as the Ohio Data Protection Act (the “Act”). The Act takes a new approach to cybersecurity in that it creates an affirmative defense for companies that suffer a data breach if they have a written cybersecurity program in place.
Technology is advancing at a rapid pace and with it comes many changes and opportunities. In the last few years alone, construction companies have integrated new technologies into the workflow to reduce inefficiencies and streamline processes. The integration of tools such as drones, Building Information Modeling (BIM), virtual reality and
The AICPA released a nice comparison of their SOC 2 and SOC for Cybersecurity products. With all of the concern about data security today, the two products can be valuable. However, their titles do not explain the differences in audience, scope, purpose, or contents. Now there is a simple, two-page