CCPA vs CalOPPA: Which one applies to you and how to ensure data security compliance
Follow the California Consumer Privacy Act and the California Online Privacy Protection Act for data security compliance.
Management, compliance & auditing
IT auditing and controls – planning the IT audit [updated 2021]
Performing an IT audit is important to understand your security strengths and weaknesses.
Finding security defects early in the SDLC with STRIDE threat modeling [updated 2021]
Threat modeling via the STRIDE model can help reduce the effect of security attacks.
Cyber threat analysis [updated 2021]
Learn about what a cyberthreat is.
Rapid threat model prototyping: Introduction and overview
Choosing a form of threat modeling can help protect your organization from security threats.
Commercial off-the-shelf IoT system solutions: A risk assessment
The Internet of Things (IoT) is growing rapidly. IoT devices provide convenience and can be a more efficient and cost-effective solution to a variety of different...
A school district’s guide for Education Law §2-d compliance
During the 2014-2105 fiscal year, the New York State Education Department enacted Education Law §2-d, which includes a series of provisions designed to enhance...
IT auditing and controls: A look at application controls [updated 2021]
Portions of this article, including many of the definitions and terminology, have been sourced and summarized from ISACA.org and course materials published...
6 key elements of a threat model
Threat modeling is a process for threat discovery and risk management. Any system carries potential risk, and a clear understanding of these risks is essential...
Top threat modeling frameworks: STRIDE, OWASP Top 10, MITRE ATT&CK framework and more
Threat modeling is an exercise designed to identify the potential threats and attack vectors that exist for a system. Based upon this information, it is possible...