Do you know what makes a quality penetration test? 

Important aspects to consider:

• Quality of the “report” or “deliverables” from the pen test!
• Clarity of ranking of findings (Critical, High, Med, etc.)
• Usefulness of the suggested remediation steps
• Accuracy of the scope
• Applicability to your compliance needs
• Speed of results (so you can secure it quickly)
• Expertise and experience of testing team
• Alignment with Pen Testing Execution Standard (PTES)

While pen tests are required by many regulatory and compliance guidelines, they are more importantly a real-world view of the security (or not) of your systems.  In today’s world of increasingly sophisticated attacks, having a handle on your actual security posture is more important than ever!

Empower your team to quickly and more easily know how to secure any critical, high or medium findings using clear and direct remediation steps.  Ensure your pen testing partner is giving you what you need to successfully secure and reduce your business risk.

You will be hearing more about Pen Testing through many channels in the coming months. Here are just a few:

• Our Blog at https://www.americancsm.com/news/
• GLBA with new requirements starting June 9, 2023.  
• Pen Testing Execution Standard (PTES) at http://www.pentest-standard.org/

ACSM has been helping businesses protect their assets and improve their security and privacy posture since 2006. Our skilled team can help your business understand its cyber weaknesses and potential threats as well as improve your security, privacy, and compliance postures. Our services include penetration testing, maturity assessments, cyber security, and privacy implementation assistance, CISO-as-a-Service, and DPO-as-a-Service, to mention a few.

To learn more about how ACSM can help support your cyber defense needs, please use our contact page https://www.americancsm.com/contact-us/ and schedule a free consultation call today.

Iowa is now the 6th U.S. State to pass a privacy law.

Is your business ready for the Iowa Consumer Data Protection Act that goes into effect on January 1, 2025?

If your business processes more than 100,000 Iowa individuals’ data, or derives 50% of revenue from selling 25,000 individuals’ data, then your business will be subject to this new law. Nonprofits are included in this regulation as well.

Your business will need to be able to support the following processes for Iowa citizens, allowing them to:

• Confirm if the citizen’s data is being processed
• Request the deletion of their data
• Obtain a portable copy of their data
• Opt out of the sale of their data

All within 90 days of the request submission.

AmericanCSM.com are experts at helping any sized business understand their privacy risk and determine a level of effort necessary to programmatically implement a privacy program. As daunting as this sounds, our skilled privacy professionals have a deep appreciation of your business model and the privacy depth to help articulate the extent to which your risk begins to diminish through operating a privacy program.

If your business has never implemented a Privacy Program and is now subject to the Iowa Consumer Data Protection Act, AmericanCSM.com can help you through this process. Or, if your business already has a Privacy Program and you need to incorporate Iowa’s latest privacy law, we can assist with this as well.

We offer packaged services to help businesses prepare for fast-moving privacy regulations. Our privacy assessment offerings include the following:

• An Assessment of your Privacy gaps
• Recommendations to close the gaps
• Documentation of discovered systems
• And an initial Privacy training class

You can learn more about this offering and contact us for a free consultation here: https://www.americancsm.com/cpa-readiness-offering/ 

AmericanCSM.com has been helping businesses protect their assets and improve their security and privacy posture since 2006. Our skilled team can help your business understand its privacy obligations and effectively implement the needed changes to support these regulations.

To learn more about how AmericanCSM.com can help support your data privacy needs, please use our contact page https://www.americancsm.com/contact-us/ and schedule a free consultation call today.

American Cyber Security Management is a leader in data privacy, cybersecurity, and Compliance. Our mission is to help enterprises protect their data from internal and external threats. We offer on-demand assessment, implementation, and sustainability services that focus on Privacy and Cybersecurity readiness and compliance, risk reduction, and mitigation.    https://www.americancsm.com

Is your business ready for the Colorado Privacy Act (CPA) that goes into effect on July 1, 2023?

If your business processes more than 100,000 individual’s data, or derives revenue from selling 25,000 individual’s data, then your business will be subject to this new law. Nonprofits are included in this regulation as well.

Your business will need to be able to support the following processes for Colorado citizens, allowing them to:

• Opt-out of data processing for targeted advertising, sale or profiling
• Access their data that has been collected
• Correct their data if it is incorrect or out of date
• Request the deletion of their data
• Obtain a portable copy of their data, or have it transferred to another business

AmericanCSM.com are experts at helping any sized business understand their privacy risk and determine a level of effort necessary to programmatically implement a privacy program. As daunting as this sounds, our skilled privacy professionals have a deep appreciation of your business model and the privacy depth to help articulate the extent to which your risk begins to diminish through operating a privacy program.

If your business has never implemented a Privacy Program and is now subject to CPA, AmericanCSM.com can help you through this process. Or, if your business already has a Privacy Program and you need to incorporate CPA, we can assist with this as well.

We are offering a packaged effort to help businesses prepare for CPA. This offering includes the following:

• An Assessment of your CPA gaps
• Recommendations to close the gaps
• Documentation of discovered systems
• And an initial Privacy training class

You can learn more about this offering and contact us for a free consultation here: https://www.americancsm.com/cpa-readiness-offering/ 

AmericanCSM.com has been helping businesses protect their assets and improve their security and privacy posture since 2006. Our skilled team can help your business understand its privacy obligations and effectively implement the needed changes to support these regulations.

To learn more about how AmericanCSM.com can help support your data privacy needs, please use our contact page https://www.americancsm.com/contact-us/ and schedule a free consultation call today.

American Cyber Security Management is a leader in data privacy, cybersecurity, and Compliance. Our mission is to help enterprises protect their data from internal and external threats. We offer on-demand assessment, implementation, and sustainability services that focus on Privacy and Cybersecurity readiness and compliance, risk reduction, and mitigation.    https://www.americancsm.com

Rocky Mountain Information Security Conference is back! It is back to its regularly scheduled time of year, in June. The call for papers is open and we are building out our 3-day agenda. Once again, Wed June 7 will be a full day of Privacy. While it is not formally called Privacy Day, it is still the same level of programming you are used to.

In order to attend the Privacy Training either sign-up for the 3-day conference or just pay for a single day and select Wed June 7th.

We at AmericanCSM.com are proud to be a sponsor again for this year’s RMISC and hope to see you there.

---

Early Bird Registration

You can register early and get a good discount before March 31, 2023. Be sure to use your ISSA or ISACA membership for an additional discount.

---

American Cyber Security Management is a leader in data privacy, cybersecurity, and Compliance. Our mission is to help enterprises protect their data from internal and external threats. We offer on-demand assessment, implementation, and sustainability services that focus on Privacy and Cybersecurity readiness and compliance, risk reduction, and mitigation.    https://www.americancsm.com

With all of the bad actors using Facebook to lure citizens into false relationships, false advertising, deep fakes, and their numerous privacy violations, we have decided to drive more awareness around these issues with this post and by NOT participating in a historically insecure and privacy disrespecting environment.

Facebook has seen a long list of privacy and security violations, to list a few:

• Nov 2022 – €265M by Irish DPA
• April 2021 – 533 million user’s data leaked
• July 2020 – WhatApp breached
• July 2019 – $5B by FTC
• June 2019 – WhatApp infects 25 Million Android devices with malware
• April 2019 – Facebook uploads 1.5 million users data without consent
• April 2019 – 540 million users data exposed on Amazon
• March 2019 – Improper phone number collection via 2FA since 2011
• 2019 – Continual lobbying against privacy regulations
• March 2018 – Cambridge Analytica accesses 50 million users data unlawfully
• 2017 – Evidence is exposed showing Facebook selling user’s data 2012-2014
• May 2011 – 100,000 apps are found to be leaking FB data
• August 2008 – Violates federal wiretap law

An individual’s privacy and the secure control of their information is of utmost importance and social media systems need to take better care of every user’s data. We are choosing not to contribute to the bad actors taking advantage of Facebook user’s and as such will be halting our posting to this platform.

If you are visiting our Facebook page, please be aware that, at this point, most of the followers of our site are not real people and they are most likely bots or bad actors. If you are a follower of our Facebook page we encourage you to UnFollow us.

To learn more about how ACSM can help support your data privacy needs, please use our website contact page https://www.americancsm.com/contact-us/ and schedule a free consultation call today.