Author: Sarah Berthiaume

Total posts: 13

What Are Social Engineering Attacks?

What Are Social Engineering Attacks?

Posted on September 14, 2021 - by Sarah Berthiaume

Social engineering is the use of manipulation tactics and deception to gain information. It is also the use of tactics to influence behaviors, which can help attackers gain information as ...

Read More
The Seven Principles of Privacy By Design

The Seven Principles of Privacy By Design

Posted on September 27, 2021 - by Sarah Berthiaume

Privacy by Design (PbD) is an approach in technology and policy development that holistically aims to embed privacy into the earliest phase of the development lifecycle. It establishes that whenever ...

Read More
Expanding on CCPA: What is the California Privacy Rights Act (CPRA)?

Expanding on CCPA: What is the California Privacy Rights Act (CPRA)?

Posted on September 7, 2021 - by Sarah Berthiaume

The California Consumer Privacy Act (CCPA) is a US privacy law that came into effect in January of 2020. It was created after the GDPR, a sweeping European ...

Read More
The Role and Responsibilities of the GDPR Data Protection Officer

The Role and Responsibilities of the GDPR Data Protection Officer

Posted on August 17, 2021 - by Sarah Berthiaume

Understanding everything there is to know about the GDPR can be quite the challenge, but you can start by designating a data protection officer, who is responsible internally for data ...

Read More
5 Tips to Protect Personal Information and Data Privacy

5 Tips to Protect Personal Information and Data Privacy

Posted on August 18, 2021 - by Sarah Berthiaume

Today all organizations need to protect the personal information they store that identifies either employees, customers, clients, or business partners. Some of this information is usually important to conduct operations ...

Read More
3 Principles of Infosec: The CIA Triad

3 Principles of Infosec: The CIA Triad

Posted on July 21, 2021 - by Sarah Berthiaume

Not to be confused with a well-known intelligence agency of the same acronym, the CIA Triad stands for Confidentiality, Integrity, and Availability. It is a model within Information Security that ...

Read More
How Vendor Due Diligence Mitigates Third-Party Risk in 4 Steps

How Vendor Due Diligence Mitigates Third-Party Risk in 4 Steps

Posted on June 30, 2021 - by Sarah Berthiaume

What is vendor due diligence? Vendor due diligence is essentially the investigation phase that occurs before a company enters into a relationship with a vendor to avoid any potential “buyer's ...

Read More
How Security Questionnaires Help Assess Vendor Risk

How Security Questionnaires Help Assess Vendor Risk

Posted on July 5, 2021 - by Sarah Berthiaume

As organizations outsource more and more tasks and labor to save time and money, more vendors also introduce additional security risks. Relationships with third parties unfortunately increase the potential risks ...

Read More
ISO 27001 Annex A: An Overview of the 14  Primary Controls

ISO 27001 Annex A: An Overview of the 14 Primary Controls

Posted on June 23, 2021 - by Sarah Berthiaume

If you're trying to get your business compliant with ISO 27001, you may find yourself asking a lot of questions about Annex A, the section of security controls that functions like ...

Read More
6 Common Mistakes and Challenges with PCI DSS Compliance

6 Common Mistakes and Challenges with PCI DSS Compliance

Posted on June 9, 2021 - by Sarah Berthiaume

Service providers and retailers that accept credit cards can save tons of money and time on PCI DSS compliance by avoiding a few costly mistakes. Officially called the Payment Card ...

Read More
What is a HIPAA Business Associate Agreement? (For Tech Vendors)

What is a HIPAA Business Associate Agreement? (For Tech Vendors)

Posted on June 16, 2021 - by Sarah Berthiaume

In order to maintain HIPAA compliance and ensure that sensitive health information remains secure, all healthcare providers must maintain a type of contract called a Business Associate Agreement with their ...

Read More
Why SOC 2’s Five Trust Services Criteria are Essential

Why SOC 2’s Five Trust Services Criteria are Essential

Posted on June 2, 2021 - by Sarah Berthiaume

SOC 2's five Trust Services Criteria were created to evaluate the design and operational effectiveness of your organization’s information security program. A Service Organization Control (SOC) 2 report handles the ...

Read More
The Top 5 Essentials for Vendor Risk Management

The Top 5 Essentials for Vendor Risk Management

Posted on April 28, 2021 - by Sarah Berthiaume

Working with third-party vendors is often the best option to save your business time and money. But as your company uses more and more third-party services providers or SaaS products ...

Read More