Login

Archives

Your First Security Hire
We often talk with companies that are thinking about hiring an FTE to help them with security. This post covers some of our thoughts and experiences in this area. As with many areas of security, there is no one size fits all approach that works here, but there are some pitfalls and ways to make [&he...
Read More
Automated Mass Spearsmishing
This post provides a quick view into a smishing campaign we have observed at several customers, with detail from our direct experience....
Read More
Which Security Standard Should I Use?
One of the big questions we get is "which standard should we use?"  Or "which security certification should we get?"  Oh and what is a SOC 2 Type 2 anyway??? Although securityprogram.io is neutral to which standard you use, we have seen customers mature through different levels of security...
Read More
Pipeline Security Automation
This post talks about how we approach security automation in BitBucket Pipelines. It also introduces some new open source tools we built and use in the process. Security In Pipelines We’ve written before about using GitHub Actions and provided an Action friendly “workflo...
Read More
Getting Ready For A SOC 2 Audit
If you’re a product or service organization that handles client data, you should seriously consider getting a SOC 2 audit. Larger companies that contract your services often require having a SOC 2 audit report to do business with them. More importantly, though, you’ll need to develop a security ...
Read More
Your Next(or First) Security Hire Should Be...
For years, a common rule-of-thumb said your security spending should be around 10% of your company’s IT budget—but that rule doesn’t quite hold up anymore. In fact, a 2020 Deloitte survey on cybersecurity says this number is now more like 10.9% and rising year after year. That’s no...
Read More
Companies getting serious about security should start small
A security program takes time to build. But you need one, no matter the size of your company, so, if you have to, start small. It's better than procrastinating and leaving your company vulnerable. Starting small means making some security decisions that you can act on immediately. We'll help you out...
Read More
Five Things You're Not Doing That Put Your Data at Risk
The gravest risk to your data is taking an ad hoc approach to security instead of implementing a carefully thought-out security program. Creating a security policy requires assessing risk and making decisions on how to mitigate it. Selecting security controls requires going through a process to find...
Read More
Maintaining Business Continuity in the Face of a Cyber-Attack
Molson Coors suffered a cyber-attack on March 11, 2021, that disrupted "its brewery operations, production, and shipments." By early April, the company reported to investors the company still wasn't operating at full capacity. In contrast, meatpacking giant JBS was able to recover ope...
Read More
Ransomware Attacks and Small Businesses
Ransomware attacks are big news right now. According to US Secretary of Homeland Security Alejandro Mayorkas, ransomware attacks are up a whopping 300% over the last year. Sadly, major pipelines and meatpacking plants and their million-dollar ransoms are just two mid-2021 examples of how s...
Read More
Why we use NIST 800-53 as our base-level Security Standard
The SPIO platform helps small companies build, mature, and document their security programs. We designed the SPIO platform around the NIST 800-53 standard. It's the model for the policies, training, and task buckets we’ve created for our clients to use. Our clients don't have to start with NIST 80...
Read More
1 2 3

Deliver security your clients can trust

Excellent security for small companies to build a standards and audit ready cybersecurity program.
© 2021 Jemurai. All rights reserved.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram