What is CMMC? How will it impact my organization?
Over the past two months, we've been hearing a lot of buzz about CMMC, both with active customers and security partners. In this post, we will talk about our initial high-level reaction to the significant new standard. WHAT IS CMMC The Cybersecurity Maturity Model Certification is a n...
Read More
Which Security Standard Should I Use?
One of the big questions we get is "which standard should we use?"  Or "which security certification should we get?"  Oh and what is a SOC 2 Type 2 anyway??? Although securityprogram.io is neutral to which standard you use, we have seen customers mature through different levels of security...
Read More
Pipeline Security Automation
This post talks about how we approach security automation in BitBucket Pipelines. It also introduces some new open source tools we built and use in the process. Security In Pipelines We’ve written before about using GitHub Actions and provided an Action friendly “workflo...
Read More
Getting Ready For A SOC 2 Audit
If you’re a product or service organization that handles client data, you should seriously consider getting a SOC 2 audit. Larger companies that contract your services often require having a SOC 2 audit report to do business with them. More importantly, though, you’ll need to develop a security ...
Read More
Your Next(or First) Security Hire Should Be...
For years, a common rule-of-thumb said your security spending should be around 10% of your company’s IT budget—but that rule doesn’t quite hold up anymore. In fact, a 2020 Deloitte survey on cybersecurity says this number is now more like 10.9% and rising year after year. That’s no...
Read More
Companies getting serious about security should start small
A security program takes time to build. But you need one, no matter the size of your company, so, if you have to, start small. It's better than procrastinating and leaving your company vulnerable. Starting small means making some security decisions that you can act on immediately. We'll help you out...
Read More
Five Things You're Not Doing That Put Your Data at Risk
The gravest risk to your data is taking an ad hoc approach to security instead of implementing a carefully thought-out security program. Creating a security policy requires assessing risk and making decisions on how to mitigate it. Selecting security controls requires going through a process to find...
Read More
Maintaining Business Continuity in the Face of a Cyber-Attack
Molson Coors suffered a cyber-attack on March 11, 2021, that disrupted "its brewery operations, production, and shipments." By early April, the company reported to investors the company still wasn't operating at full capacity. In contrast, meatpacking giant JBS was able to recover ope...
Read More
Ransomware Attacks and Small Businesses
Ransomware attacks are big news right now. According to US Secretary of Homeland Security Alejandro Mayorkas, ransomware attacks are up a whopping 300% over the last year. Sadly, major pipelines and meatpacking plants and their million-dollar ransoms are just two mid-2021 examples of how s...
Read More
Why we use NIST 800-53 as our base-level Security Standard
The SPIO platform helps small companies build, mature, and document their security programs. We designed the SPIO platform around the NIST 800-53 standard. It's the model for the policies, training, and task buckets we’ve created for our clients to use. Our clients don't have to start with NIST 80...
Read More
What is the difference between a security program and security compliance?
When we start talking about security programs and standards, we need to also talk about security compliance. Unfortunately, these terms can start to blur together. To eliminate confusion, we define them here and explain how you will want to use them together to optimize your company’s information ...
Read More
1 2 3

Deliver security your clients can trust

Excellent security for small companies to build a standards and audit ready cybersecurity program.
© 2021 Jemurai. All rights reserved.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram