[6 min read] We sat down with Gila Pyke, Director of Professional Services, Client Success, and Implementation at Ostendio, one of our 4 CSF HITRUST Readiness experts for a behind-the-scenes look at what’s involved in preparing for and passing a complex audit like HITRUST. 

[4 min read] Among the myriad of challenges facing the modern CISO lies the consistent need to improve data security by selecting the security framework that aligns best with your industry and organization. There’s growing pressure to ensure your organization has the right controls and security in ...

[3 min read] Our industry has evolved.  With more than 80% of security breaches caused by human error,  traditional GRC tools are no longer enough for today’s modern, complex business environments.

[4 min read] Advice from an experienced facilitator of Incident Response and Business Continuity Tabletop Exercises Companies of all sizes, in many industries, have a common challenge - cybersecurity and how to protect their sensitive data. Organizations that store PII (Personally Identifiable ...

[4 min read] Updated for 2022 -  Includes 11 Tips for Building your Incident Response Team As the rate of data breaches is on the rise it is no surprise that more companies are building an incident response team so their organization can act faster and more effectively when there is a cyber attack. ...

[3 min read] Forbes Q&A with Grant Elliott, co-founder, CEO, and Chairman of Ostendio This is an excerpt from an article that appeared in Forbes on July 28th, 2022. You can read the full article here. Ostendio CEO, Grant Elliott, sat down with a Forbes magazine reporter to discuss the Top Risks ...

[4 min read] As supply chains become more complex, third-party and vendor data breaches have increasingly become one of the most significant threats to an organization’s security. So it comes as no surprise that Third-Party Risk Management and Vendor Risk Management are top of mind for many busy ...

[5 min read] To the busy CISO, it might seem like implementing a GRC (Governance, Risk and Compliance) tool will be an easy way to create and manage a data security and risk management program. However, upon implementation, CISOs soon realize that a traditional GRC tool is not enough for today’s ...

[5 min read] Is the AICPA asleep at the wheel? More and more tech companies are seeking to demonstrate their security posture by undertaking a SOC 2 audit but, with so many audits taking place, and so much market pressure to reduce the cost and complexity of such audits, is the AICPA doing enough ...

[5 min read] Vendor Risk management is a hot topic especially when you realize that many of the most high-profile data breaches are due to vendors or third-parties (think of the widespread impact of the Solar Winds attack). Consider the financial impact alone when you realize that experts estimate ...

[4 min read] Why vendors may be the biggest security risk to your organization Of the companies that experienced a data breach in 2021, over 90% of breaches were linked to a third-party vendor. It is an all too familiar risk management story as evidenced by the Okta breach being attributed to a ...

[3 min read] It is amazing to think about how much data we all create these days. With so many employees working remotely, and the rise in the number of cloud-based services such as Google Cloud and iCloud, a recent report estimates that data will grow from 64.2 zettabytes in 2020 to more than180 ...

[4 min read] Data ownership is a complicated topic, much more complicated than most might think. We often talk about data security in possessive terms of “my sensitive data”, “my health information” or “my Personal Identifiable Information (PII)”, but what does ownership of that data actually ...

[5 min read] And who has access to it? When I talk to CEOs and security professionals about data security, the one question that continually trips them up is - do you know where your data is?  They tend to stumble over this question because they initially focus on their production data locations, ...

[5 min read] If you are involved with, or interested in, the data security world then no doubt you have heard many definitions of integrated risk management (IRM) and Governance, Risk, Compliance (GRC).  Should we simply be looking at “GRC 3.0” as professed by Michael Rasmussen at Forrester, the ...