35 results found for business risk assessment
35 results found for business risk assessment:
Threat Hunting
Threat Hunting is the process of proactively searching an environment for malicious activity that evades existing security solutions, looking for adversaries under the assumption they have already been compromised.
The Rising Threat: A Surge in Zero-Day Exploits
IntroductionThe cat-and-mouse game between defenders and attackers continues to escalate in the ever-evolving cybersecurity landscape. Advanced Persistent Threats (APTs) and cybercriminals are constantly on the lookout for new vulnerabilities to…
Jared McWherter
EXPERIENCEJared McWherter started his career in IT nearly 10 years ago performing system support and administration while studying Information Security. After obtaining his BS in Information Assurance & Cyber Defense, he brought his expertise to…
CMMC NOPE: Why You Don’t Need to be CMMC Compliant
As a Cybersecurity Maturity Model Certification Registered Practitioner Organization (CMMC-RPO), TrustedSec fields many requests from organizations looking for help getting ready for the upcoming CMMC compliance requirements. Something that isn’t…
Must I TRA?: PCI Targeted Risk Analysis
Use of Targeted Risk Analysis (TRA) is a PCI best practice until March 31, 2025, at which time it becomes required for several controls across many assessment types. Unlike many other new controls, this applies as much to merchants as it does to…
SmileyCon Agenda
Gain exclusive access to cutting-edge discussions and interactive sessions, presented by our very own Doc Browns of TrustedSec!
Solving NIST Password Complexities: Guidance From a GRC Perspective
Understand NIST's Digital Identity Guidelines for secure password implementation and access control, ensuring risk-based authentication and minimizing breaches for online services and sensitive internal systems.
The Hidden Trap in the PCI DSS SAQ A Changes
Implementing requirements 6.4.3 and 11.6.1, or using a WAF to protect against script-based attacks, to meet PCI SSC's new eligibility criterion for SAQ A eCommerce merchants.
Measuring the Success of Your Adversary Simulations
Adversary Simulations (“AdSim” or “Red Teams”) represent a serious commitment on the part of an organization. In the United States, AdSim engagements are typically not required by industry standards in the private sector. Penetration tests are…
CUI For the Rest of Us: The New Government-Wide CUI Protection Contract Clause
U.S. government contractors need to start preparing for a proposed new government-wide Controlled Unclassified Information (CUI) protection requirement.