A guide to optimizing your existing security program

Many larger companies, and some medium sized companies, have a focused CISO with a great IT team who have all worked hard to establish a data...
Read

Cybersecurity Awareness Month 2020

Thinking about cybersecurity is a full time, 365 day-a-year job at Ostendio but for many it comes to mind most during October when the National...
Read

You passed your security audit...what’s next?

If you’ve recently built a data security and risk management program and passed a security audit, you’ve accomplished more than many organizations. ...
Read

Worried your business is too small for an effective cybersecurity program?

The first step in any process is often the hardest. Realizing that you need to take action is just the beginning, deciding what action to take is...
Read

How great Customer Service can benefit your business

As a CISO, you’ve spent time deciding on the best platform to suit your data security and risk management needs and you are ready for the...
Read

The value of bringing in experts during an audit

When it is time to prepare for your first audit you might be filled with dread.  How are you going to get through the audit? Will your employees or...
Read

How to run a successful data security program

It feels great to get to the point where you have built a cybersecurity program for your business. As a CISO you got the executive buy-in, everyone...
Read

Building a Comprehensive Cybersecurity Program in the age of COVID-19

Even before the COVID-19 pandemic took hold, too many organizations were not looking at a broad enough approach to cybersecurity as they evaluated...
Read

Twitter breach highlights why IT-centric security programs are insufficient

We might not be surprised when we read about another data breach but it does turn heads when it is a well-known brand like Twitter.  Recent reports...
Read

How Data Sets You Free (and Keeps You Safe)

The typical company significantly under invests in cyber security, a situation that is likely to be exacerbated as companies look to cut expenses...
Read

The Future Of Operational Risk Management

Security and Risk Management can be complicated. Predicting what might happen to your business and preparing to protect and mitigate against those...
Read

MyVCM CrossWalk Assessment shows increase in drive for multiple security standards

We have learnt a lot in the last year since we launched the successful MyVCM CrossWalk Assessment feature, an addition to the industry leading ...
Read

Are you ready for CCPA enforcement? Six steps to take right now

The California Consumer Privacy Act (CCPA) went into effect on January 1st 2020 but there are stages to its enforcement and we are about to hit...
Read

One year in: MyVCM CrossWalk Assessments has changed the way we approach security audits

It is hard to believe it has been a year since we launched MyVCM CrossWalk Assessments. This new feature radically changed the way companies...
Read

Renewing your SOC 2 could be easier than you think!

Security certifications are a must for vendors and technology firms. Many organizations choose SOC 2 as a way of demonstrating effective risk...
Read

5 ways to save money by rethinking your Data Security approach

CIOs have mostly ridden out the remote work surge caused by COVID-19.  The employees who can work remotely are now safely settled in their home...
Read

GDPR 2 years on- what happened to all the hype?

May 2020 marks the second year that GDPR has been in effect and we have already seen some significant fines totalling over $126 million.  Google has...
Read

How SOC audits help businesses during uncertain times

How is your business showing compliance to operational and business risks during these uncertain times? Many companies turn to the popular SOC report...
Read

Business Efficiency: the hidden benefit of an information security program

During these difficult times it is understandable that organizations may be looking for creative ways to cut costs or gain efficiency.  While...
Read

How can a Risk Management platform support your business during a crisis?

We are all getting used to our new “normal” but many businesses, both big and small, have been caught off-guard by the COVID-19 crisis. Having to...
Read

Using Risk Management strategies to help us effectively Socially Distance

As we start to adapt to our new quarantined life, one of the things that has struck me is how different people have benchmarked what they constitute...
Read

Is Zoom just the tip of the iceberg?

From the recently announced privacy issues being investigated by the New York Attorney General at Zoom, all the way back to the Zenefits scandal in...
Read

7 Tips to Reduce Risk Stemming from Remote Work

If you have a team working remotely due to the COVID-19 virus you are obviously not alone as we adjust to this new normal way of work.  At present, 1...
Read

5 Biggest Mistakes Companies Make in Vendor Risk Management -- and how to avoid them

Vendor Risk Management is a hot topic at the moment and for good reason.  A recent study by the Ponemon Institute showed 59% of companies have...
Read

Top 5 Questions (and answers) about Vendor Risk Management

If you missed our recent webinar “Re-thinking Vendor Risk Management” you can listen to it free and on-demand here.  In the webinar we talked about...
Read

Checking in on HIPAA in 2020

What do you need to know about HIPAA in 2020? This year, the changes are not so much about HIPAA itself, but about things that directly affect how...
Read

Top 10 Considerations for GRC Software Tools

When we talk to customers, prospects and even audit partners, they are often overwhelmed with the choices they have for GRC tools.  There is a lot of...
Read

Super Bowl Fever at Ostendio - Football and Security have more in common than you might think!

We are huge football fans at Ostendio!  Even though we spend our days helping customers with their cybersecurity challenges, many of us also...
Read

Why Integrated Risk Management is Becoming the Preferred Approach to Data Security

There’s an inherent risk to doing business, particularly business that touches personal data. For years now, the business community – from healthcare...
Read

Cybersecurity Predictions 2020: CCPA Leads in a year of oversight and regulation!

The start of a decade is always an exciting time. When you think about how technology has changed in the last 10 years you can only imagine what...
Read

8 Highlights of Ostendio’s Success in 2019

2019 was an incredible year of growth for Ostendio.  We continue to ramp up our business while working hard every day to deliver on our promises to...
Read

Our Top 5 Most Popular Security, Audit and Risk Management Webinars of 2019

Webinars are some of our most popular content on the Ostendio web site. Across 2019 we hosted a series of webinars that combined best practices and...
Read

5 Must-Read Ostendio Blog Posts of 2019

We’ve had an incredible year of growth at Ostendio and, as our company has grown, so has our blog readership.  At the end of every year, we revisit...
Read

The 10 Step Process for Building an Incident Response Team

We are all used to doing regular fire drills at the office or at school, and we accept the benefits of having defined roles and responsibilities...
Read

5 Mistakes Companies Make in the Security Audit Process

It’s easy to make mistakes.  We’ve all done it. Maybe you’ve put the milk in the cupboard and the cereal in the fridge this morning! These things...
Read

Easing the Pain of Security Audits with MyVCM Auditor Connect

Today we announced an exciting new addition to the Ostendio MyVCM platform - MyVCM Auditor Connect. You can read the press release here, but I...
Read

What Anyone in Healthcare Needs to Know about Data Breaches

There is no single industry with greater sensitivity to data breaches than healthcare. But unfortunately, breaches across healthcare companies,...
Read

How to Stay Safe Online with National Cybersecurity Awareness Month (NCSAM)

Ostendio is a champion of National Cybersecurity Awareness Month (NCSAM) which is observed every October. This month of awareness was created as a...
Read

Unpacking the SCF Capability Maturity Model

If you aren’t familiar with the Secure Controls Framework (SCF), you should be. It’s a non-profit organization dedicated to providing content that...
Read

Cybersecurity Dictionary for 2019

In case you are new to the world of cybersecurity and are struggling to learn or understand some of the new terms you are hearing, don’t worry, we’re...
Read

Risk Management: What does it Mean to your 2019 Security Strategy?

For CISOs, data risk is like a fire underfoot. Data’s very fluidity and its constant generation makes a complete lockdown impossible - no matter...
Read

Top InfoSec Conferences 2017 - 2018

Are you always on the look out for the best InfoSec conferences to attend? We've found several helpful resources to point you in the right direction,...
Read

What the 3 Little Pigs Can Teach Us about Risk Assessments!

Once upon a time, there were three little pigs. These guys were entrepreneurs. The first little pig, Chaff, developed a digital application for a...
Read

A new standard for privacy in the cloud!

As a proponent of ISO 27000 series of standards I was delighted to see the International Organization for Standardization release ISO/IEC 27018:2014...
Read