Creating an Effective User Access Review Program in 12 Simple Steps
User access reviews are periodic evaluations of access rights to ensure they align with users’ roles, reducing security risks and helping maintain regulatory compliance. The main goal of user access reviews is to prevent unauthorized access to sensitive information, systems, or resources by regularly verifying and adjusting user permissions. When ... Read More
How to Conduct a Gap Assessment (With Template)
When it comes to governance, risk, and compliance (GRC), do you know exactly where your weaknesses are? For any organization that adheres to complex GRC standards, it’s impossible to keep it all in your head. Even if you designate responsibilities to different team leaders, how can you verify they are ... Read More
Fintech Compliance and How to Maintain It
Fintech compliance requires vigilance, proactive measures, and a deep understanding of regulations. Overall, regulation seeks to protect consumers, ensure financial stability, and prevent financial crimes — but it can be extremely complex. Every fintech company knows it must navigate a vast web of rules to operate legally and ethically. This ... Read More
Everything You Need to Know About the FFIEC
It’s no secret that the financial sector is one of the most highly regulated industries in the United States. Given the wide range of regulatory agencies that exist, who makes the rules? The Federal Financial Institutions Examination Council (FFIEC), that’s who. The FFIEC plays a crucial role in the oversight ... Read More
A Comprehensive Guide to the Digital Operational Resilience Act (DORA)
Financial institutions are increasingly more dependent than ever on Information and Communication Technology (ICT). This dependency offers numerous benefits, like increased efficiency and the ability to provide innovative services, but also exposes financial institutions to a wide array of risks, like cyber attacks and ICT disruptions. The Digital Operational Resilience ... Read More
How to Prepare for the EU’s NIS2 Directive
The Network and Information Systems Directive 2 (NIS2) is sweeping legislation designed to improve the cybersecurity of network and information systems in the European Union (EU). The new directive was released to keep up with an increasingly complex cybersecurity threat landscape. NIS2 builds upon its predecessor, NIS1, but with an ... Read More
A Deep Dive into the EU Cybersecurity Certification Scheme on Common Criteria (EUCC)
As cyber threats evolve, the European Union has taken significant steps to bolster cybersecurity across its member states. Central to this effort is the European Cybersecurity Certification Scheme on Common Criteria (EUCC), spearheaded by the European Union Agency for Cybersecurity (ENISA). Released in early 2024, the EUCC aims to create ... Read More
A Step-by-Step Guide to Getting a SOC 2® Report
Ensuring the security of your customers’ and partners’ data is paramount in today’s digital environment. That’s why Service Organization Control 2 (SOC 2®) compliance has emerged as a widely recognized cybersecurity audit framework. SOC 2® reporting has been adopted by more businesses to demonstrate their commitment to strong cybersecurity practices. Let’s explore ... Read More
Ascension Cyber Attack Leaves Healthcare Sector Reeling
On May 9, Ascension, the largest nonprofit and Catholic health system in the United States, announced that it fell victim to a major cyber attack. This occurs in the wake of the recent massive Change Healthcare cyber incident. But the attack on Ascension is different since it directly impacts clinical ... Read More
How to Adapt to Executive Order 14028
In May 2021, the White House released the Executive Order on Improving the Nation’s Cybersecurity, also known as EO 14028. The document is fairly dense, but its contents are of the utmost concern for federal agencies, critical infrastructure, and government contractors (especially cloud service providers and software developers). The order ... Read More
