While your business may not need to comply with a federal regulation, healthcare requirements, or an international standard, it most likely will need to comply with its insurance policy. As threat actor activity increases and breaches increase in size and cost, most insurance companies are not only raising their costs, but also checking your work.

The insurance industry has been hit hard the past few years with the numerous volume of breaches and the requests for payouts. Policy underwriters are now asking harder questions in order to set their carriers up for success. These questions have become more detailed and go beyond the “yes” or “no” necessary responses. The insurance carriers are becoming smarter and more careful with their policies and trying to reduce their occurrence of payouts.

Some of the new requests from insurance companies are:

• How many personal identifiable (PII) records are under management?
• Do you have an end-point detection and response (EDR) service?
  • If so, which one?
• Are your business systems compliant with a monitoring solution?
  • If so, what do you monitor for?
• Do you have a written vulnerability management program?
  • If so, how often are you penetration testing the systems?

Simply saying “yes” is no longer an option. Put the correct controls and systems in place to meet this growing demand for insurance compliance, as well as increasing your cybersecurity posture. ACSM provides a host of various solutions from EDR, SOC/SIEM Monitoring to Forensic retainer, to help meet the newly evolving insurance criteria.

AmericanCSM.com helps its clients by outlining a Secure IT Environment (S.I.T.E.), where a variety of services can be selectively engaged to meet your specific business needs. You can read more about our MSP/MSSP offerings here https://www.americancsm.com/acsm-s-i-t-e-msp-mssp-services/ We can set up an initial discovery meeting to help you map these services to your needs and deliver quick quoting to demonstrate the values of the MSP/MSSP.

ACSM has been helping businesses protect their assets and improve their security and privacy posture since 2006. Our skilled team can help your business understand its cyber weaknesses and potential threats as well as improve your security, privacy, and compliance postures. Our services include penetration testing, maturity assessments, cyber security, and privacy implementation assistance, CISO-as-a-Service, DPO-as-a-Service, and numerous MSP and MSSP services, to mention a few.

To learn more about how ACSM can help support your cyber defense needs, please use our contact page https://www.americancsm.com/contact-us/ and schedule a free consultation call today.

Cybersecurity and Privacy Expertise and Community Support at RMISC 2026.

At AmericanCSM.com (https://www.americancsm.com/), we are thrilled to announce our continued support and sponsorship for the Rocky Mountain Information Security Conference (RMISC) 2026. This prestigious 3-day event is set to take place at the Colorado Convention Center from June 23-25, 2026, and represents a vital meeting ground for cybersecurity, compliance, and privacy professionals in the Rocky Mountain region and beyond.

As a company that prides itself on delivering top-notch cybersecurity and privacy services—including Security or Privacy Assessments, Pen Tests, and our CISO-as-a-Service and DPO-as-a-Service, AmericanCSM.com understands the importance of fostering a strong cybersecurity community. RMISC 2026 is the perfect platform for this, offering a rich tapestry of sessions that cover the most pressing topics in our field today, from IT security, privacy, and compliance to emerging threats and cybersecurity innovations.

At AmericanCSM.com, we also offer Privacy services, such as privacy assessments and DPO-as-a-Service, recognizing that privacy and security are two sides of the same coin. Events like RMISC allow us to showcase these services while gaining insights into the needs and challenges faced by our community, ensuring that our offerings remain at the cutting edge.

As always, we are not just sponsors; we are also proud participants. Carlin Dornbusch will share his insights and expertise, contributing to the knowledge exchange that RMISC facilitates so well. Carlin’s talk on “Separating Egos from Ideas” is a must-see for leaders wishing to gain the most from their organizations when making informed decisions.

Supporting local cybersecurity events like RMISC is crucial for several reasons. First, it allows us to give back to the community that drives our industry forward. These gatherings are essential for networking, sharing knowledge, and discussing new ideas and technologies that can shape the future of cybersecurity and privacy. Second, by sponsoring RMISC, we help ensure that the local cybersecurity, compliance, and privacy community remains vibrant and accessible, providing professionals of all levels with opportunities to learn, grow, and collaborate.

We invite all attendees to connect with us during the conference, whether it’s attending Carlin’s talk, visiting our booth in the exhibitor’s hall, or just saying hello. Let’s make RMISC 2026 a landmark event for collaboration, learning, and advancement in cybersecurity!

For more information on RMISC 2026, please visit their website at https://rmisc.org/, and we look forward to seeing you there and continuing to build a safer digital world together.

Happy Data Privacy Day!

January 28th is celebrated as Data Privacy Day,  since 2008.

It is a good time to reflect on the Principles of GDPR, which have now become the core privacy principles all businesses should follow for Data Privacy:

• Lawfulness, fairness, and transparency: Personal data must be processed in a lawful, fair, and transparent manner. 
• Purpose limitation: Personal data can only be collected for specific, legitimate, and explicit purposes. 
• Data minimization: Personal data processing must be relevant, adequate, and limited to what is necessary. 
• Accuracy: Personal data must be accurate and kept up to date. 
• Storage limitation: Personal data should only be kept for as long as necessary to fulfill the purposes for which it was collected. 
• Integrity and confidentiality: Personal data must be protected with integrity and confidentiality. 
• Accountability: Everyone who processes personal data must be able to demonstrate compliance with the other six principles. 

And of course, here is just a reminder of some critical steps for businesses to take to protect their data:

• Know how your data is collected
• Know your data locations
• Know your data types
• Know where your data is going
• Classify your data
• Secure your data with encryption
• Manage access to your data based on classification and roles
• Delete data as it ages or becomes unnecessary
• Utilize data deliberately

ACSM has been helping businesses protect their assets and improve their security and privacy posture since 2006. Our skilled team can help your business understand its cyber weaknesses and potential threats, and improve your security, privacy, and compliance postures. Our services include penetration testing, maturity assessments, cyber security and privacy implementation assistance, CISO-as-a-Service and DPO-as-a-Service, to mention a few.

To learn more about how ACSM can help support your cyber defense needs, please use our contact page https://www.americancsm.com/contact-us/ and schedule a free consultation call today.

Are your critical assets under management, under protection, or even monitored?

The need for business environments to establish and maintain a currency around their security posture has never been greater. As criminal activities increase and the advances in technology increase by the threat actors, today’s businesses need to stay in front of these threats through proactive security monitoring methods and mature response capabilities.

By just having your assets under a monitoring solution, it can greatly reduce the business’s risk to threats. Not only will the monitoring be an eye opening experience for the first-time consumer, but it will also aid in identifying real threats from basic events.

Some of the immediate values to security event monitoring from an MSSP are:

• Cost Effective, and pay as you need
• Easily Deployed and Managed
• Compliance Supporting
• Just-in Time Expertise

MSSP’s monitoring is usually a 3-year fixed contract with the ability to add more resources as your business grows. It can also come with 24×7 monitoring and support, allowing you to sleep well at night and put more resources into core business activities. Some of the better MSSP’s can even provide the service at a cost that does not include any data transfer fees, which in many cases make the solution much more expensive depending on the cyber noise in the environment. Most MSSPs allow you to upgrade the service to a “management” level, which includes their responsibility for patching and updating the monitored devices.

So, how do businesses keep up with the threats? What technologies should the business invest in to reduce these risks? Who in the organization has the time and experience to ensure appropriate security monitoring is enabled and monitored? Where can the business find acceptable solutions at a reasonable price?

To help companies defend against the modern threats of today, American Cyber Security Management offers its Security Monitoring offering. The Security Monitoring offering is designed to provide security event monitoring at a fraction of the cost. The technology solution is coupled with a top-down asset assessment, monitoring policy updates, and board-level metrics.

ACSM’s Security Monitoring offering helps businesses understand their threats, defend against attacks, and create a visible set of metrics and alerts allowing the business to attend to more important efforts. ACSM’s Security Monitoring allows the appropriate level of executive visibility and management for the business to perform at a more risk-free rate. Learn more about ACSM’s security and privacy offerings at the link below.

Security Monitoring

AmericanCSM.com helps its clients by outlining a Secure IT Environment (S.I.T.E.), where a variety of services can be selectively engaged to meet your specific business needs. You can read more about our MSP/MSSP offerings here https://www.americancsm.com/acsm-s-i-t-e-msp-mssp-services/ We can set up an initial discovery meeting to help you map these services to your needs and deliver quick quoting to demonstrate the values of the MSP/MSSP.

ACSM has been helping businesses protect their assets and improve their security and privacy posture since 2006. Our skilled team can help your business understand its cyber weaknesses and potential threats as well as improve your security, privacy, and compliance postures. Our services include penetration testing, maturity assessments, cybersecurity, and privacy implementation assistance, CISO-as-a-Service, DPO-as-a-Service, and numerous MSP and MSSP services, to mention a few.

To learn more about how ACSM can help support your cyber defense needs, please use our contact page https://www.americancsm.com/contact-us/ and schedule a free consultation call today.

Happy Cyber Resilience Awareness Day!

Did you know that one of the first computer viruses was created in 1971? It was called Creeper, and while it was a harmless experiment, it proved the concept of a self-replicating computer program. And then, the creator made —yep, you guessed it —the first antivirus program, called Reaper, designed to find and remove the Creeper software.

Look at how far we’ve come since 1971. Hackers can breach complex security networks, access millions of Personal Identifiable Information (PII) records, hold the stewards for ransom until paid in virtual currency, and then sell that information to another entity that can analyze it and use it for more harmful purposes. And this is after our antivirus software has advanced significantly, is able to be quickly updated, and can even lock down specific systems when attacks are detected.

History has shown that mankind is fallible. We can misconfigure security controls, forget, be careless, get distracted, and even act maliciously. Becoming cyber resilient means having the ability to predict, withstand, recover from, and adapt to threats.

Here are some areas that business leadership should review and ensure they have the resiliency they need:

• Can you adequately PREVENT a cyber incident?
• Can you DETECT a security event?
• Can you DETERMINE the difference between an event and an incident?
• Can you RESPOND and CONTAIN the situation?
• And then are you able to RECOVER from the incident?

As we know, a layered security approach is essential, and no single product can address every threat. Consider your resilience, align your controls with a risk-based strategy, and train your teams through table-top exercises and role-playing processes.

ACSM has been helping businesses protect their assets and enhance their security and privacy posture since 2006. Our experienced team can assist your business in identifying cyber vulnerabilities and potential threats, as well as strengthening your security, privacy, and compliance efforts. Our services include penetration testing, maturity assessments, cybersecurity and privacy implementation support, CISO-as-a-Service, DPO-as-a-Service, and a variety of MSP and MSSP offerings, among others.

To learn more about how ACSM can help support your cyber defense needs, please use our contact page https://www.americancsm.com/contact-us/ and schedule a free consultation call today.