Shows
The Virtual CISOWhat is Third Party/Vendor Risk Management all about?Welcome to the Virtual CISO where we explain different compliance frameworks to enable your business processes.
On today's episode we talked about Third Party and Vendor Risk Management and why your organisation should approach it from a risk management perspective.
Thank you for listening.
2022-11-1407 minThe Virtual CISOData Privacy Series: Everything you need to know about GDPR and how it affects your organization.Welcome to the Virtual CISO where we explain different compliance framework to enable your business processes.
On today's episode, we talked about the General Data Protection Regulation (GDPR) which is the strongest global privacy law currently in effect. GDPR was created by the European Union (EU) to regulate how organizations collect, handle, and protect personal data of EU residents.
Thank you for listening.
2022-10-3110 minThe Virtual CISODoes your organization require FSMA or FEDRAMP Compliance. Here is what you need to know about NIST 800-53 as it relates to these certifications.Welcome to the Virtual CISO where we explain different compliance frameworks to enable your business processes.
On today's episode we talked about NIST 800 -53 as it relates to Federal Information Security Management Act of 2002 (FISMA) and Federal Risk and Authorization Management Program (FEDRAMP).
The NIST 800-53 is a cybersecurity standard and a compliance framework developed by the National Institute of Standards and Technology (NIST). It is designed to provide a foundation of strategies, systems, and controls, that can holistically support any organization’s cybersecurity needs and priorities. It also improves communication among organizations and allows the...
2022-10-2419 minThe Virtual CISOIs your organization complying to the right level of PCI DSS? What is changing with the new PCI DSS version 4.0?Welcome to the Virtual CISO where we explain different compliance framework to enable your business processes.
On today's episode we talked about the different levels of Payment Card Industry Data Security Standards (PCI DSS) which is the global security standard for all organizations that store, process, or transmit cardholder data and sensitive authentication data.
PCI DSS sets a baseline level of protection of cardholder data and helps reduce fraud and data breaches across the entire payment industry. It is applicable to any organization that accepts or processes payment cards.
We also shared some...
2022-10-1713 minThe Virtual CISOHow can NIST Cybersecurity framework improves your organization's business processes?Welcome to the Virtual CISO where we explain different compliance framework to enable your business processes.
On today's episode we talked about how NIST Cybersecurity Framework help organizations better understand, manage, reduce their cybersecurity risk and protect their networks and data.
Thank you for listening.
2022-10-0304 minThe Virtual CISOAll you need to know about Cybersecurity Maturity Model Certification (CMMC) Version 2.0Welcome to the Virtual CISO where we explain different compliance framework to enable your business processes.
On today's episode we talked about the Cybersecurity Maturity Model Certification (CMMC) Version 2.0. The Department of Defense (DoD) launched CMMC 2.0, a comprehensive framework to protect the defense industrial base from increasingly frequent and complex cyberattacks and to safeguard sensitive national security information.
Thank you for listening.
2022-10-0307 minThe Virtual CISOData Privacy Series: What is California Privacy Right Act (CPRA) and how does it differ from the California Consumer Privacy Act (CCPA)Welcome to the Virtual CISO where we explain different compliance framework to enable your business processes.
On today's episode the California Privacy Right Act (CPRA) which amends the CCPA and includes additional privacy protections for consumers. It significantly expands the CCPA, and it is sometimes referred to as “CCPA 2.0.”
Thank you for listening.
2022-09-2705 minThe Virtual CISOData Privacy Series: What is California Consumer Privacy Act (CCPA) and does it apply to your organization?Welcome to the Virtual CISO where we explain different compliance framework to enable your business processes.
On today's episode, we talked about the California Consumer Privacy Act which is a state law intended to enhance privacy rights and consumer protection for residents of California, United States.
Thank you for listening.
2022-09-2508 minThe Virtual CISOData Privacy Series: What is HIPAA?Welcome to the Virtual CISO where we explain different compliance framework to enable your business processes.
On today's episode, we talked about HIPAA (Health Insurance Portability and Accountability Act) which is a United States legislation that provides data privacy and security provisions for safeguarding Protected Health Information (PHI).
HIPAA compliance is regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR).
Thank you for listening.
2022-09-1811 minThe Virtual CISOData Privacy Series: What you need to know about ISO 27701The ISO 27701 standard is a Privacy Information Management System (PIMS) standard that lays out a detailed set of operational checklists that can be adapted to a variety of privacy regulations, including GDPR. ISO 27701 helps your organisation demonstrate to consumers, external organisations and internal stakeholders that mechanisms are in place to keep data safe and to comply with privacy laws and regulations.
ISO 27701 is a framework for data privacy that builds on ISO 27001 which guides an organisations with the implementation of policies and procedures that should be in place to comply with data protection/privacy regulations while maintaining...
2022-09-1809 minThe Virtual CISOEverything you need to know about ISO27001:2022Welcome to the Virtual CISO where we explain different compliance framework to enable your business processes.
ISO 27001 “ISO/IEC 27001 sets out the specification for Information Security Management Systems (ISMS). ISO 27001’s best-practice approach helps organisations manage their information security by addressing people, processes, and technology.
It is published by the International Organization for Standardization (ISO), in partnership with the International Electrotechnical Commission (IEC). Both are leading international organizations that develop international standards.
Thank you for listening.
2022-09-1813 minThe Virtual CISOWhat are CIS Controls v8 (CIS 18)The Center for Internet Security (CIS) officially launched version 8 of the CIS Controls In May 2021. This release represents a comprehensive revision of the CIS Controls (v7) and contains updated and simplified guidelines to help defend organisation's security posture.
The CIS controls are a great way to adopt the industry best practices for data security and a great way to begin to prepare for other compliance efforts that may be in the pipeline for your organisation.
The new CIS 18 controls are:-
Inventory and Control of Enterprise Assets
Inventory and Control of Software Assets
Data P...
2022-07-2810 min
The Virtual CISOSOCIT2ME: Introduction to SOC 2Most startups find SOC 2 requirements daunting. Our aim on this podcast is to provide guidance on helping your company simplify your SOC 2 compliance journey and confidently market your product to your target market #SOCIT2ME.
2022-07-1910 min