The Open Information Security Management Maturity Model (O-ISM3) is The Open Group framework for managing information security. It aims to ensure that security processes operate at a level consistent with business requirements. ISM3 is technology-neutral and focuses on the common processes...

In some cases, such as compliance by Level 1 and 2 merchants with PCI DSS 2.0, external audit is a condition to PCI DSS 2.0 compliance. In the case of ISO 27001, the audit process is a key to achieving ISO 27001 certification (unlike PCI and HIPAA, ISO regards certification, not compliance as the...

Corporate security risks can creep up on you from anywhere in your company. Most people think that the greatest risks reside outside of the organization, from hackers trying to get their hands on company lists and other information they can sell. Unfortunately, there are still a lot of internal...

Symantec which published "2010 Annual Study: U.S. Cost of a Data Breach," and the, which conducted the research. https://www.informationweek.com/story/showArticle.jhtml?articleID=229300517 The average cost of a data breach for a U.S. company continues to rise, having reached $7.2 million in...

Every year, cybercriminals steal billions of dollars from unsuspecting computer users and companies by committing credit card fraud. Although this activity was once relegated to pick-pocketers and mailbox thieves, today roughly half of all credit card fraud starts with online attacks ranging...

Global Survey Shows Organizations Struggle to Identify Security Threats and Pass Regulatory Audits A recent survey revealed that the biggest challenge companies face is identifying security threats, with 41 percent of respondents saying their organization is not well aware of or protected against...

Time for the software side of the house to be as accountable as the physical. 1. Process - It bears repeating that "you can't test yourself secure" 2. Education - Security folks tend to talk a good game when it comes to SSA, but we often time leave it up to the developers to "figure it out...

"In theory, if you are better at complying with these rules and regulations you should achieve a higher level of efficiency and effectiveness in your security and privacy programs," said Larry Ponemon, chairman and founder of the Ponemon Institute. "The end result is that you are going to have...

Would you like to ask us questions about the services we have available? Please contact us. We appreciate your feedback as it helps us to continue to serve you to the best of our ability.