As an IT or Cyber Executive, what area is most important for me to focus my time and money?  If you haven’t had a maturity assessment lately, you may not know.  Sure, lots of things might help, but what is the most important gap to fill, to take your security program to the next level?  Getting clarity, focus, and a clear understanding of where you should be focusing your team, your budget, and your time is an activity that is well worth completing.

Many CISOs and Executives are doing their best to put out fires and catch up on the latest threats, all while ensuring their teams are keeping everything secure. That is a tall order.  Rather than guessing what are the most important things, why not get a clear unbiased list of gaps with recommendations of what needs to be done to take your security to the next level?  

Benefits include:

• Gain knowledge and visibility to your security gaps
• Learn best security practices
• Gain insight into your security vulnerabilities and mitigation steps
• Prepare for security compliance
• Assess the impact of change on your security program
• Identify security training needs and skills

We already know that you are expected to be all things security to all of your stakeholders and handle all security with 100% effectiveness.  While that is not realistic, it is the world you experience.  Let us support you in determining the real needs of your business.  We are not about selling more solutions, in fact, we don’t sell solutions.  This allows us to give you an unbiased view and recommendations of where your gaps are, and how to best leverage your resources to maximize your security.  Needing additional compliance or privacy support – we can help there too.

ACSM has been helping businesses protect their assets and improve their security and privacy posture since 2006. Our skilled team can help your business understand its cyber weaknesses and potential threats as well as improve your security, privacy, and compliance postures. Our services include penetration testing, maturity assessments, cyber security and privacy implementation assistance, CISO-as-a-Service, and DPO-as-a-Service, to mention a few.

To learn more about how ACSM can help support your data privacy needs, please use our contact page https://www.americancsm.com/contact-us/ and schedule a free consultation call today.

In the rapidly evolving landscape of data privacy, staying abreast of new regulations is vital for businesses. The Colorado Privacy Act (CPA), a recent addition to this landscape, has significant implications for businesses, and it is now in effect as of July 1, 2023! Does this apply to your business?

The CPA has specific criteria for applicability. It pertains to legal entities (Companies) that:

• Conduct business or produce commercial products or services for Colorado residents.
• Control or process personal data of at least 100,000 consumers per calendar year or,
• Derive profit from the sale of personal information of 25,000 or more Colorado residents.

Failure to comply with the CPA can lead to civil penalties, emphasizing the importance of understanding and adhering to this law.  In the complex world of data privacy, ensuring your business is CPA-compliant is a crucial step.

This law specifies certain rights that Colorado citizens have and can use against these businesses. Colorado citizens can:

• Opt-out of data processing for targeted advertising, sale, or profiling
• Access their data that has been collected
• Correct their data if it is incorrect or out of date
• Request the deletion of their data
• Obtain a portable copy of the data, or have it transferred to another business

The Colorado AG’s Office will enforce this regulation and offending businesses will be given 60 days in which to comply, otherwise fines or criminal charges could be brought.

 Resources:

• Our Blog at https://www.americancsm.com/news/
• ISSA Denver Privacy Special Interest Group Events – https://www.denverissa.org/events
• IAPP KnowledgeNet Denver Events – https://www.linkedin.com/groups/12025846/
• ACSM CPA-Readiness Assessment – https://www.americancsm.com/cpa-readiness-offering/

American Cyber Security Management is a leader in data privacy, cybersecurity, and Compliance. Our mission is to help enterprises protect their data from internal and external threats. We offer on-demand assessment, implementation, and sustainability services that focus on Privacy and Cybersecurity readiness and compliance, risk reduction, and mitigation. https://www.americancsm.com

Do you know what makes a quality penetration test? 

Important aspects to consider:

• Quality of the “report” or “deliverables” from the pen test!
• Clarity of ranking of findings (Critical, High, Med, etc.)
• Usefulness of the suggested remediation steps
• Accuracy of the scope
• Applicability to your compliance needs
• Speed of results (so you can secure it quickly)
• Expertise and experience of testing team
• Alignment with Pen Testing Execution Standard (PTES)

While pen tests are required by many regulatory and compliance guidelines, they are more importantly a real-world view of the security (or not) of your systems.  In today’s world of increasingly sophisticated attacks, having a handle on your actual security posture is more important than ever!

Empower your team to quickly and more easily know how to secure any critical, high or medium findings using clear and direct remediation steps.  Ensure your pen testing partner is giving you what you need to successfully secure and reduce your business risk.

You will be hearing more about Pen Testing through many channels in the coming months. Here are just a few:

• Our Blog at https://www.americancsm.com/news/
• GLBA with new requirements starting June 9, 2023.  
• Pen Testing Execution Standard (PTES) at http://www.pentest-standard.org/

ACSM has been helping businesses protect their assets and improve their security and privacy posture since 2006. Our skilled team can help your business understand its cyber weaknesses and potential threats as well as improve your security, privacy, and compliance postures. Our services include penetration testing, maturity assessments, cyber security, and privacy implementation assistance, CISO-as-a-Service, and DPO-as-a-Service, to mention a few.

To learn more about how ACSM can help support your cyber defense needs, please use our contact page https://www.americancsm.com/contact-us/ and schedule a free consultation call today.

Iowa is now the 6th U.S. State to pass a privacy law.

Is your business ready for the Iowa Consumer Data Protection Act that goes into effect on January 1, 2025?

If your business processes more than 100,000 Iowa individuals’ data, or derives 50% of revenue from selling 25,000 individuals’ data, then your business will be subject to this new law. Nonprofits are included in this regulation as well.

Your business will need to be able to support the following processes for Iowa citizens, allowing them to:

• Confirm if the citizen’s data is being processed
• Request the deletion of their data
• Obtain a portable copy of their data
• Opt out of the sale of their data

All within 90 days of the request submission.

AmericanCSM.com are experts at helping any sized business understand their privacy risk and determine a level of effort necessary to programmatically implement a privacy program. As daunting as this sounds, our skilled privacy professionals have a deep appreciation of your business model and the privacy depth to help articulate the extent to which your risk begins to diminish through operating a privacy program.

If your business has never implemented a Privacy Program and is now subject to the Iowa Consumer Data Protection Act, AmericanCSM.com can help you through this process. Or, if your business already has a Privacy Program and you need to incorporate Iowa’s latest privacy law, we can assist with this as well.

We offer packaged services to help businesses prepare for fast-moving privacy regulations. Our privacy assessment offerings include the following:

• An Assessment of your Privacy gaps
• Recommendations to close the gaps
• Documentation of discovered systems
• And an initial Privacy training class

You can learn more about this offering and contact us for a free consultation here: https://www.americancsm.com/cpa-readiness-offering/ 

AmericanCSM.com has been helping businesses protect their assets and improve their security and privacy posture since 2006. Our skilled team can help your business understand its privacy obligations and effectively implement the needed changes to support these regulations.

To learn more about how AmericanCSM.com can help support your data privacy needs, please use our contact page https://www.americancsm.com/contact-us/ and schedule a free consultation call today.

American Cyber Security Management is a leader in data privacy, cybersecurity, and Compliance. Our mission is to help enterprises protect their data from internal and external threats. We offer on-demand assessment, implementation, and sustainability services that focus on Privacy and Cybersecurity readiness and compliance, risk reduction, and mitigation.    https://www.americancsm.com

Is your business ready for the Colorado Privacy Act (CPA) that goes into effect on July 1, 2023?

If your business processes more than 100,000 individual’s data, or derives revenue from selling 25,000 individual’s data, then your business will be subject to this new law. Nonprofits are included in this regulation as well.

Your business will need to be able to support the following processes for Colorado citizens, allowing them to:

• Opt-out of data processing for targeted advertising, sale or profiling
• Access their data that has been collected
• Correct their data if it is incorrect or out of date
• Request the deletion of their data
• Obtain a portable copy of their data, or have it transferred to another business

AmericanCSM.com are experts at helping any sized business understand their privacy risk and determine a level of effort necessary to programmatically implement a privacy program. As daunting as this sounds, our skilled privacy professionals have a deep appreciation of your business model and the privacy depth to help articulate the extent to which your risk begins to diminish through operating a privacy program.

If your business has never implemented a Privacy Program and is now subject to CPA, AmericanCSM.com can help you through this process. Or, if your business already has a Privacy Program and you need to incorporate CPA, we can assist with this as well.

We are offering a packaged effort to help businesses prepare for CPA. This offering includes the following:

• An Assessment of your CPA gaps
• Recommendations to close the gaps
• Documentation of discovered systems
• And an initial Privacy training class

You can learn more about this offering and contact us for a free consultation here: https://www.americancsm.com/cpa-readiness-offering/ 

AmericanCSM.com has been helping businesses protect their assets and improve their security and privacy posture since 2006. Our skilled team can help your business understand its privacy obligations and effectively implement the needed changes to support these regulations.

To learn more about how AmericanCSM.com can help support your data privacy needs, please use our contact page https://www.americancsm.com/contact-us/ and schedule a free consultation call today.

American Cyber Security Management is a leader in data privacy, cybersecurity, and Compliance. Our mission is to help enterprises protect their data from internal and external threats. We offer on-demand assessment, implementation, and sustainability services that focus on Privacy and Cybersecurity readiness and compliance, risk reduction, and mitigation.    https://www.americancsm.com