Calculating the return on your security and compliance platform Security and compliance teams are no strangers to fumbling through compliance spreadsheets, answering endless back-and-forth emails, and incessantly reminding employees to complete overdue training. As a result, the industry has seen a ...

There’s no shortage of cybersecurity predictions for 2023. Whether you read lists from Security Magazine or Venture Beat with Google’s top 6 predictions or SCMedia’s 2023 Threat Predictions with concern over the economy leading to less secure organizations, there are always different perspectives. ...

The new year is a perfect time to get organized with your data security and compliance management planning for the year ahead. As a busy CISO, it can feel overwhelming to balance the number of activities that need to be completed against the pressure to get the most done on a tight security budget. ...

The SOC 2 audit has become one of the most common security frameworks in the U.S. And if you’re looking for resources on where to start or how to select an auditor, you’re in luck.

[3 min read] Winning awards is exciting, but it means so much more when it comes from our clients. We are starting 2023 with four G2Winter Report badges recognizing the work of the fantastic Ostendio team including High Performer badges in three categories.

[4 min read] There are many legal and ethical responsibilities held by CISOs and executive teams,  but recently, individual data security responsibilities have been brought into the spotlight. Drizly, an online ordering and delivery platform for alcoholic drinks, settled a complaint with the FTC ...

[6 min read] We sat down with Gila Pyke, Director of Professional Services, Client Success, and Implementation at Ostendio, one of our 4 CSF HITRUST Readiness experts for a behind-the-scenes look at what’s involved in preparing for and passing a complex audit like HITRUST. 

[4 min read] Among the myriad of challenges facing the modern CISO lies the consistent need to improve data security by selecting the security framework that aligns best with your industry and organization. There’s growing pressure to ensure your organization has the right controls and security in ...

[3 min read] Our industry has evolved.  With more than 80% of security breaches caused by human error,  traditional GRC tools are no longer enough for today’s modern, complex business environments.

[4 min read] Advice from an experienced facilitator of Incident Response and Business Continuity Tabletop Exercises Companies of all sizes, in many industries, have a common challenge - cybersecurity and how to protect their sensitive data. Organizations that store PII (Personally Identifiable ...

[4 min read] Updated for 2022 -  Includes 11 Tips for Building your Incident Response Team As the rate of data breaches is on the rise it is no surprise that more companies are building an incident response team so their organization can act faster and more effectively when there is a cyber attack. ...

[3 min read] Forbes Q&A with Grant Elliott, co-founder, CEO, and Chairman of Ostendio This is an excerpt from an article that appeared in Forbes on July 28th, 2022. You can read the full article here. Ostendio CEO, Grant Elliott, sat down with a Forbes magazine reporter to discuss the Top Risks ...

[4 min read] As supply chains become more complex, third-party and vendor data breaches have increasingly become one of the most significant threats to an organization’s security. So it comes as no surprise that Third-Party Risk Management and Vendor Risk Management are top of mind for many busy ...

[5 min read] To the busy CISO, it might seem like implementing a GRC (Governance, Risk and Compliance) tool will be an easy way to create and manage a data security and risk management program. However, upon implementation, CISOs soon realize that a traditional GRC tool is not enough for today’s ...

[5 min read] Is the AICPA asleep at the wheel? More and more tech companies are seeking to demonstrate their security posture by undertaking a SOC 2 audit but, with so many audits taking place, and so much market pressure to reduce the cost and complexity of such audits, is the AICPA doing enough ...