risk3sixty white papers

In this video, you will learn about ISO 27001 from Sawyer Miller the ISO leader at risk3sixty. Sawyer has worked with companies of all sizes to implement ISO 27001 into their business. ISO 27001 is the only auditable international standard that defines the requirements of an ISMS (information security management system). An ISMS is a set of policies, procedures, processes, and systems that manage information security risks, such as cyber-attacks, hacks, data leaks, or theft. In this video you'll obtain: 00:00 Into 02:22 An overview of the ISO 27001 framework 05:50 The business case for getting ISO 27001 certified 08:37 Steps to achieving ISO 27001 compliance 24:45 The typical timeline to set it up 25:55 A breakdown of who needs to be involved 29:25 Q&A For additional information on The Business Case for ISO 27001 Implementation please download our free whitepaper: https://risk3sixty.com/whitepaper/iso-27001-path-to-certification/ Signup for a free Phalanx GRC account: https://phalanxgrc.com/apply-for-a-free-account/

17.9K views August 9, 2022 7:11 pm

YouTube Video UExib05aOGxnTGtVamczNTNBbTN4NFN5dEhtZS1YREwyTi4yMDhBMkNBNjRDMjQxQTg1

ISO 27001: A Simple Intro to ISO 27001 for Companies Getting Certified for the First Time

ISO 27001 Part 2 of 4: Everything You Need to Get Ready for an ISO 27001 Audit In this webinar, we help businesses get ready for an ISO 27001 audit. Overview: 00:00 Intro 02:10 Before the Audit 11:02 During the Audit 18:57 After the Audit 24:52 Special Considerations 29:34 Free ISO GRC Tool 31:20 Q&A Please download this whitepaper that gives even more details: A Step-By-Step Overview of the ISO 27001 Certification Process https://risk3sixty.com/whitepaper/iso-27001-certification-process-whitepaper-page/

2.9K views September 7, 2022 1:26 pm

YouTube Video UExib05aOGxnTGtVamczNTNBbTN4NFN5dEhtZS1YREwyTi5GM0Q3M0MzMzY5NTJFNTdE

ISO 27001: How to Get Ready for an ISO 27001 Certification Audit

Learn how to maintain your ISO 27001 Program from expert Sawyer Miller from risk3sixty. In this video, he covers: 00:00 Intro 02:11 What You Need to be Successful 05:42 Elements of an ISO 27001 Program with Ownership (Plan on a Page) 11:45 How to Maintain an ISO 27001 Program 12:19 By Role 20:11 By Department 36:40 Recurring Tasks at a Glance 44:33 Q&A Please download the whitepaper "The Business Case for ISO 27001 Implementation" here: https://risk3sixty.com/whitepaper/iso-27001-path-to-certification/

1.8K views October 6, 2022 2:28 pm

YouTube Video UExib05aOGxnTGtVamczNTNBbTN4NFN5dEhtZS1YREwyTi4zRjM0MkVCRTg0MkYyQTM0

ISO 27001: How to Maintain Your ISO 27001 Certification Between Audits

In this video, we provide an easy-to-follow review of ISO 27001 and the upcoming changes for 2022. Sawyer Miller completed his 4 part series on ISO 27001 with a plain English overview of the framework. Overview: 00:00 Intro 01:48 Framework Overview 07:30 ISMS - Information Security Management System 18:55 ISO/IEC 27001:2013 Annex A 26:15 ISO.IEC 27001:2022 Annex A 28:31 Common Gaps 40:34 How to get Started with ISO 27001 42:00 Q&A

7.6K views November 2, 2022 1:26 pm

YouTube Video UExib05aOGxnTGtVamczNTNBbTN4NFN5dEhtZS1YREwyTi45NzUwQkI1M0UxNThBMkU0

ISO 27001: A Simplified Review of ISO 27001 In Plain English (Full Framework Review)

In this video, we discuss the ISO 27001 2022 updates you need to know and the implications they have for organizations seeking to attain or maintain certification. Agenda: 00:00 Intro 03:19 What is ISO 27001? What is changing in 2022? 08:04 ISMS 2013 vs. 2022 15:14 What are the changes - ISO 27002:2022 18:47 ISO 27002:2022 Annex A 30:40 Implications for Customers 36:24 What is a Transition Audit? 42:11 Next Steps 46:00 Q&A Sign Up for Phalanx GRC here: phalanxgrc.com

5.8K views January 23, 2023 7:06 pm

YouTube Video UExib05aOGxnTGtVamczNTNBbTN4NFN5dEhtZS1YREwyTi5DNzE1RjZEMUZCMjA0RDBB

ISO 27001 2022 Updates: Everything You Need to Get Certified (Part 1)

We discussed the ISO 27001 2022 updates you need to know and their implications for organizations seeking to attain or maintain certification. Overview: 00:00 Intro 03:57 Where to Start 09:50 Cost Implications 31:18 Resource Implications 34:52 Implications for Customers 40:06 Q&A

2.2K views March 20, 2023 1:00 pm

YouTube Video UExib05aOGxnTGtVamczNTNBbTN4NFN5dEhtZS1YREwyTi43MTI1NDIwOTMwQjIxMzNG

ISO 27001 2022 Updates: Everything You Need to Get Certified (Part 2)

So far in this three-part series, we've explored the impacts the 2022 updates are going to have on businesses, and we've explored various implementation strategies and considerations. In part 3, Sawyer Miller explores the next steps you can take and pitfalls to avoid! Overview: 00:00 Intro 01:46 Execute the Internal Audit 09:00 Pitfalls of the Internal Audit 15:45 Planning to Transition 25:26 Pitfalls of the Transition 28:43 Resource Implications 32:07 Implications for Customers 34:33 Q&A

860 views June 12, 2023 2:14 pm

YouTube Video UExib05aOGxnTGtVamczNTNBbTN4NFN5dEhtZS1YREwyTi5DQ0MyQ0Y4Mzg0M0VGOEYw

ISO 27001 2022 Updates: Everything You Need to Get Certified (Part 3)

In this video, we will cover the basics of ISO 27001, the implementation process, and the certification process. Download the whitepaper: https://risk3sixty.com/iso-27001-path-to-certification-part-2/ #ISO27001 #cybersecurity #risk3sixty 0:00 Introduction 1:08 ISO 27001 Background 6:06 ISO 27001 Overview 8:22 ISMS: Clauses 4-10 11:34 Annex A: 114 Controls 23:54 Implementation Process 28:34 Certification Process 33:28 Typical Timeline 34:49 Q&A - Rapid Fire 42:37 Additional Resources

80.8K views May 28, 2020 2:03 pm

YouTube Video UExib05aOGxnTGtVamczNTNBbTN4NFN5dEhtZS1YREwyTi4yODlGNEE0NkRGMEEzMEQy

ISO 27001 Basics: Everything You Need to Get Certified

In December 2020, risk3sixty became the first security consulting firm to become both ISO 27001 and ISO 27701 certified. In this webcast, we discuss our journey and provide tips that may be helpful for other organizations considering certification for themselves. RESOURCES: ISO 27001 Learning Center: https://risk3sixty.com/learn/ ISO 27001 Video Series: https://www.youtube.com/playlist?list=PLboNZ8lgLkUjg353Am3x4SytHme-XDL2N #ISO27001 #ISO27701 #Security #Cybersecurity #Compliance 0:00 Introduction 1:42 Implementation Process 7:24 Program Elements and Challenges 8:11 Implementation Challenges 13:57 Certification Process 25:24 Certification Challenges

6.1K views January 4, 2021 12:00 pm

YouTube Video UExib05aOGxnTGtVamczNTNBbTN4NFN5dEhtZS1YREwyTi41MjE1MkI0OTQ2QzJGNzNG

ISO 27001: How We Got ISO 27001 Certified

Load More... Subscribe

In this webinar we cover the basics of SOC 2 reporting, what to expect during a SOC 2 audit, and why a SOC 2 report may make sense for your organization. #SOC2 #cybersecurity #Compliance Download our Free Whitepaper - The Business Case for a SOC 2 Report: https://risk3sixty.com/whitepaper/business-case-for-soc-2/ 0:00 Introduction 1:05 SOC 2 Background and History 5:05 SOC 2 Scoping 8:25 SOC 2 Readiness and Audit Process 12:50 Typical Readiness and Audit Timeline 16:25 Typical Effort Breakdown by Resource 18:35 SOC 2 Tips and Commonly Asked Questions 30:25 Free Resources and Contact Information

28.6K views June 19, 2020 4:35 pm

YouTube Video UExib05aOGxnTGtVaVZocHpiZmtnSUtuNnhhajhSUF9MbC41NkI0NEY2RDEwNTU3Q0M2

SOC 2: Everything You Need to Get a SOC 2 Report

In this video, we cover the following: 00:00 Intro 01:20 An overview of the SOC 2 framework 04:11 The business case for SOC 2 07:38 Steps to achieving SOC 2 compliance 09:40 The typical timeline to set up SOC 2 14:35 Effort estimates 17:11 Framework Overview Download our free whitepaper, SOC Reporting Process Overview https://risk3sixty.com/soc-reporting-process-overview-whitepaper/

10.2K views August 24, 2022 7:02 pm

YouTube Video UExib05aOGxnTGtVaVZocHpiZmtnSUtuNnhhajhSUF9MbC41MzJCQjBCNDIyRkJDN0VD

SOC 2: A Simple Intro to SOC 2 for Companies Getting Certified for the First Time

In this video, we explain all of the requirements of SOC 2 – in plain English. We walk through every SOC 2 category, discuss the controls most companies put into place to meet the requirements, and what is often required during an audit. Sign up for a free SOC 2 readiness assessment here: www.phalanxgrc.com

6.3K views June 28, 2022 6:07 pm

YouTube Video UExib05aOGxnTGtVaVZocHpiZmtnSUtuNnhhajhSUF9MbC4wOTA3OTZBNzVEMTUzOTMy

SOC 2 Simplified: Full Framework Review in Plain English

The "SOC 2 Explained" Series is a free learning series to help individual understand the SOC 2 framework, the controls and implementation guidance, as well as typical audit evidence required during a certification audit. Download our free Simple Guide to SOC for Cybersecurity here: https://risk3sixty.com/whitepaper/simple-guide-to-soc-for-cybersecurity/ About risk3sixty: About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

791 views August 19, 2021 8:27 pm

YouTube Video UExib05aOGxnTGtVaVZocHpiZmtnSUtuNnhhajhSUF9MbC4wMTcyMDhGQUE4NTIzM0Y5

SOC 2 Explained - Series Introduction

This video covers SOC 2 Control Object CC1.1 Leadership and Ethical Values and the controls within. About this Series: The "SOC 2 Explained" Series is a free learning series to help individual understand the SOC 2 framework, the controls and implementation guidance, as well as typical audit evidence required during a certification audit. Download our free Simple Guide to SOC for Cybersecurity here: https://risk3sixty.com/whitepaper/simple-guide-to-soc-for-cybersecurity/ About risk3sixty: About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

702 views June 28, 2021 7:08 pm

YouTube Video UExib05aOGxnTGtVaVZocHpiZmtnSUtuNnhhajhSUF9MbC4yODlGNEE0NkRGMEEzMEQy

SOC 2 Explained: CC1.1: Leadership and Ethical Values

This video covers SOC 2 Control Object CC1.2 Board Oversight and the controls within. About this Series: The "SOC 2 Explained" Series is a free learning series to help individual understand the SOC 2 framework, the controls and implementation guidance, as well as typical audit evidence required during a certification audit. Download our free Simple Guide to SOC for Cybersecurity here: https://risk3sixty.com/whitepaper/simple-guide-to-soc-for-cybersecurity/ About risk3sixty: About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

556 views August 19, 2021 8:50 pm

YouTube Video UExib05aOGxnTGtVaVZocHpiZmtnSUtuNnhhajhSUF9MbC41MjE1MkI0OTQ2QzJGNzNG

SOC 2 Explained: CC1.2 Board Oversight

In this video, we provide you with Everything You Need to​ Maintain Your​ SOC 2 Program. Our team of SOC 2 experts shows you what you need to be successful​ at SOC 2. We cover: 00:00 Intro 06:37 SOC 2 Governance and Leadership​ 10:55 SOC 2 Information Technology and Security​ 14:53 SOC 2 Product and Engineering​ Here is a great whitepaper we created with additional information on SOC 2, SOC Reporting Process Overview. https://risk3sixty.com/soc-reporting-process-overview-whitepaper/

1.2K views September 6, 2022 5:15 pm

YouTube Video UExib05aOGxnTGtVaVZocHpiZmtnSUtuNnhhajhSUF9MbC45NDk1REZENzhEMzU5MDQz

SOC 2: How to Maintain a SOC 2 Program Between Audits

In this video, we cover Everything You Need to Get Ready for a SOC 2 Audit​: 00:00 Intro 01:18 Before the audit 06:49 During the audit 13:21 After the audit For more information, please download our free whitepaper: Simple Guide to SOC for Cybersecurity - https://risk3sixty.com/whitepaper/simple-guide-to-soc-for-cybersecurity/

2K views September 9, 2022 1:05 pm

YouTube Video UExib05aOGxnTGtVaVZocHpiZmtnSUtuNnhhajhSUF9MbC5GNjNDRDREMDQxOThCMDQ2

SOC 2: How to Get Ready for a SOC 2 Audit​

HITRUST i1 or SOC2 (or both)? Which makes the most sense for your business? This video will give you everything you need to know to help you decide. The business drivers for obtaining a SOC 2 report or a HITRUST i1 certification may be similar. Still, important distinctions between the two should be considered to make the best possible decision. Agenda: 00:00 Intro 01:00 Overview and comparison of the HITRUST and SOC 2 14:11 HITRUST i1 Readiness and Assessment Process 18:59 HITRUST i1 Typical Timeline 22:52 SOC 2 Readiness and Assessment Process 25:31 SOC 2 Typical Timeline 26:46 Compliance Best Practices 33:51 Q&A 58:51 Additional Resources For more details, please check out the Blog Post: HITRUST i1 vs SOC 2: What’s The Difference? by Gary Holverson https://risk3sixty.com/2022/09/07/hitrust-i1-vs-soc-2-whats-the-difference/ As discussed in the video, here is the 5 part blog series "The CISO Role" The CISO Role: How to Design a Security Leadership Role: https://risk3sixty.com/2020/08/11/the-ciso-role-how-to-design-a-security-leadership-role/ How to Design a Security Program Organizational Structure That Supports Your Business Goals: https://risk3sixty.com/2020/09/14/how-to-design-a-security-program-organizational-structure-that-supports-your-business-goals-part-2/ How to Build a Budget for a Security Program and Get it Approved: https://risk3sixty.com/2020/09/16/how-to-build-a-budget-for-a-security-program-and-get-it-approved-part-3/ The Business Case: How to Build a Business Case for Security Initiatives: https://risk3sixty.com/2020/09/21/how-to-build-a-business-case-for-security-initiatives-part-4/ How to Recruit, Develop, and Keep Top Cybersecurity Talent: https://risk3sixty.com/2020/10/05/how-to-recruit-develop-and-keep-top-cybersecurity-talent-part-5/

views January 30, 2023 6:00 pm

YouTube Video UExib05aOGxnTGtVaVZocHpiZmtnSUtuNnhhajhSUF9MbC40NzZCMERDMjVEN0RFRThB

HITRUST i1 vs SOC 2 : What's the Difference between SOC 2 and HITRUST

Load More... Subscribe

In this episode of Tuesday Morning Grind, Christian White and Christian Hyatt discuss and address many of the common questions associated with PCI DSS, the process to become certified, how to prepare a budget, and how long it takes. Free resource: PCI Compliance of Business Growth - Whitepaper https://risk3sixty.com/whitepaper/pci-compliance-for-business-growth-whitepaper/ About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high-growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

21K views June 4, 2021 4:05 pm

YouTube Video UExib05aOGxnTGtVaHVLa1poQkJrUDUzV3A5UjJSWGxfZy4yODlGNEE0NkRGMEEzMEQy

PCI DSS Basics: Everything You Need to Get PCI DSS Certified

This is everything you need to know to get PCI DSS certified in 2022. Chris Donaldson is a PCI Expert and the PCI Practice Leader at risk3sixty. Chris has helped organizations from start-ups to Fortune 10 achieve PCI certification. In this episode of Tuesday Morning Grind, Chris and Christian talk through everything a company needs to know to begin its PCI certification journey. Free Whitepaper Download: PCI DSS Process Overview https://risk3sixty.com/pci-dss-process-overview/ Free Whitepaper Download: PCI Compliance of Business Growth https://risk3sixty.com/whitepaper/pci-compliance-for-business-growth-whitepaper/ About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high-growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

6.3K views January 18, 2022 11:00 am

YouTube Video UExib05aOGxnTGtVaHVLa1poQkJrUDUzV3A5UjJSWGxfZy4wMTcyMDhGQUE4NTIzM0Y5

PCI DSS: How to Get PCI Certified

In this video, we discuss the new version of PCI v4.0 and what cloud-native/SaaS service providers need to know about the new requirements, timelines, and what organizations should focus on over the next two years for the new version of PCI DSS. 00:00 Intro 06:26 PCI Service Provider Types 08:36 Summary of Changes with PCI 4.0 15:52 Medium and High Impact Changes in PCI 4.0 24:21 Rapid PCI 4.0 Gap Assessment 29:09 Before you start solutioning 34:26 Priority Action Items for PCI 4.0 40:50 Q&A #pci #pcidss #fintech #saas

1.6K views July 13, 2022 1:16 pm

YouTube Video UExib05aOGxnTGtVaHVLa1poQkJrUDUzV3A5UjJSWGxfZy41MjE1MkI0OTQ2QzJGNzNG

PCI 4.0: A Simple Checklist of the PCI DSS 4.0 Requirements

Chris Donaldson is the leader of the PCI DSS practice at risk3sixty and an expert QSA. A qualified security assessor, or QSA for short, is an individual that helps companies identify gaps in their cybersecurity and their cyber security awareness training for the credit card industry. In this webinar, Chris provides useful information on: 00:00 Into 04:05 An overview of PCI and the overall framework 16:36 PCI DSS v3.2.1 19:06 PCI DSS Compliance Applicability 23:10 The business case for PCI 28:24 Steps to achieve PCI compliance 34:50 Path to Certification 37:28 Timeline 40:31 Effort Estimates 42:20 Q&A

3.3K views August 15, 2022 2:23 pm

YouTube Video UExib05aOGxnTGtVaHVLa1poQkJrUDUzV3A5UjJSWGxfZy4wOTA3OTZBNzVEMTUzOTMy

PCI DSS: A Simple Intro to PCI DSS for Companies Getting Certified for the First Time

In this video, we teach you everything you will need to get ready for a PCI DSS audit from an expert QSA Chris Donaldson. We cover: 00:00 Intro 02:56 PCI Scoping Strategies​ 12:52 Before the Audit ​ 27:38 During the Audit​ 30:59 After the Audit​ 33:40 Q&A For additional information on how to choose a QSA for your PCI needs, please download our whitepaper - PCI Compliance of Business Growth https://risk3sixty.com/whitepaper/pci-compliance-for-business-growth-whitepaper/

1.3K views September 16, 2022 6:25 pm

YouTube Video UExib05aOGxnTGtVaHVLa1poQkJrUDUzV3A5UjJSWGxfZy4xMkVGQjNCMUM1N0RFNEUx

PCI DSS: How to Get Ready for a PCI Certification Audit

Please join Risk3sixty for part 3 of our PCI DSS webinar series. So far we've talked about what you should do to ensure you get certified successfully. Now we'll dive into how you can effectively maintain your PCI program after certification is achieved! Discover: 00:00 Intro 02:26 Why Organizations fall out of compliance 08:49 Maintaining Compliance 14:01 Best Practices for maintaining PCI compliance 37:21 Accelerator

546 views October 20, 2022 2:07 pm

YouTube Video UExib05aOGxnTGtVaHVLa1poQkJrUDUzV3A5UjJSWGxfZy41MzJCQjBCNDIyRkJDN0VD

PCI DSS: How to Maintain Your PCI DSS Program Between Audits

This installment will break down the PCI DSS framework in plain English. This webinar will closely examine the framework itself and spell out the complex requirements in a way that's easier to understand. Topics We'll Cover Include: - PCI DSS v3.2.1 vs. PCI DSS v4.0 - An easy-to-understand look at the requirements in the current version of the framework and the version that will be mandatory in 2023 - Common gaps clients often see when trying to meet PCI's requirements Overview: 00:00 Intro 03:09 Summary of PCI DSS 12:27 Shared Hosting Providers 13:13 Focus Areas and Common Gaps 42:11 Cloud PCI Considerations 45:01 Q&A Free whitepaper: PCI DSS Process Overview Helping Firms and Their Owners Navigate Payment Card Compliance Requirements https://risk3sixty.com/pci-dss-process-overview/

1.8K views December 12, 2022 2:10 pm

YouTube Video UExib05aOGxnTGtVaHVLa1poQkJrUDUzV3A5UjJSWGxfZy5DQUNERDQ2NkIzRUQxNTY1

PCI DSS: A Simplified Review of PCI DSS In Plain English (Full Framework Review)

Outsourcing PCI Compliance can provide several benefits to companies. In this video will explore some key advantages of outsourcing PCI compliance and how outsourcing can support your security and compliance program. Overview: 00:00 Intro 00:52 The Reality of PCI 03:21 Bottom Line Upfront 06:20 Advantages of Outsourcing PCI Compliance 20:30 Options for Managing PCI 24:23 Head-to-Head Comparison - In-house vs Outsourced 30:47 How we can help 34:15 Q&A

233 views February 27, 2023 2:15 pm

YouTube Video UExib05aOGxnTGtVaHVLa1poQkJrUDUzV3A5UjJSWGxfZy45NDk1REZENzhEMzU5MDQz

PCI as a Service: Advantages of Outsourcing PCI Compliance

Let's say your organization thinks that outsourcing your PCI compliance program is a great idea...what do you do now? How do you pick a vendor? What are the red flags? In this webinar, we will go over our recommendations for how to go about outsourcing your PCI compliance program. Overview: 00:00 Intro 04:30 Get Your Stuff Together 11:04 Select a Partner 21:37 Get Your Partner Started 26:22 Monitor Your Partner Throughout the Process 28:45 Pro-Tips 32:34 How to Think about Price 38:48 Q&A

150 views May 15, 2023 1:00 pm

YouTube Video UExib05aOGxnTGtVaHVLa1poQkJrUDUzV3A5UjJSWGxfZy5GNjNDRDREMDQxOThCMDQ2

Best Practices for Outsourcing PCI Compliance (Part 2 of PCI as a Service Series)

Load More... Subscribe

In this video, Christian White, President of risk3sity services, provides a detailed overview of the new HITRUST e1 offering. Overview: 00:00 Intro 00:48 What is HITRUST e1 06:24 The Business Case for HITRUST e1 10:57 HITRUST e1 Readiness & Assessment Process 12:34 Typical HITRUST e1 Timeline 13:39 Q&A

202 views March 31, 2023 2:13 pm

YouTube Video UExib05aOGxnTGtVajFMNFdPWVIyOXZNdm5sZVpNRTA0Ui40NzZCMERDMjVEN0RFRThB

HITRUST e1: Everything You Need to Know to Get Certified

HITRUST i1 or SOC2 (or both)? Which makes the most sense for your business? This video will give you everything you need to know to help you decide. The business drivers for obtaining a SOC 2 report or a HITRUST i1 certification may be similar. Still, important distinctions between the two should be considered to make the best possible decision. Agenda: 00:00 Intro 01:00 Overview and comparison of the HITRUST and SOC 2 14:11 HITRUST i1 Readiness and Assessment Process 18:59 HITRUST i1 Typical Timeline 22:52 SOC 2 Readiness and Assessment Process 25:31 SOC 2 Typical Timeline 26:46 Compliance Best Practices 33:51 Q&A 58:51 Additional Resources For more details, please check out the Blog Post: HITRUST i1 vs SOC 2: What’s The Difference? by Gary Holverson https://risk3sixty.com/2022/09/07/hitrust-i1-vs-soc-2-whats-the-difference/ As discussed in the video, here is the 5 part blog series "The CISO Role" The CISO Role: How to Design a Security Leadership Role: https://risk3sixty.com/2020/08/11/the-ciso-role-how-to-design-a-security-leadership-role/ How to Design a Security Program Organizational Structure That Supports Your Business Goals: https://risk3sixty.com/2020/09/14/how-to-design-a-security-program-organizational-structure-that-supports-your-business-goals-part-2/ How to Build a Budget for a Security Program and Get it Approved: https://risk3sixty.com/2020/09/16/how-to-build-a-budget-for-a-security-program-and-get-it-approved-part-3/ The Business Case: How to Build a Business Case for Security Initiatives: https://risk3sixty.com/2020/09/21/how-to-build-a-business-case-for-security-initiatives-part-4/ How to Recruit, Develop, and Keep Top Cybersecurity Talent: https://risk3sixty.com/2020/10/05/how-to-recruit-develop-and-keep-top-cybersecurity-talent-part-5/

views January 30, 2023 6:00 pm

YouTube Video UExib05aOGxnTGtVajFMNFdPWVIyOXZNdm5sZVpNRTA0Ui5GNjNDRDREMDQxOThCMDQ2

HITRUST i1 vs SOC 2 : What's the Difference between SOC 2 and HITRUST

In this video we cover the following: 00:00 Intro 02:32 What is HITRUST?  04:20 Benefits of HITRUST Certification  11:35 The HITRUST Process  17:44 Getting Started  19:15 Q&A Download the eBook that accompanies this video: https://risk3sixty.com/whitepaper/hitrust-ebook-helping-b2b-technology-providers-enter-the-healthcare-market/

209 views September 26, 2022 6:29 pm

YouTube Video UExib05aOGxnTGtVajFMNFdPWVIyOXZNdm5sZVpNRTA0Ui45NDk1REZENzhEMzU5MDQz

HITRUST: Why Are Clients Asking for a HITRUST Certification in the Healthcare Industry

The HITRUST CSF is a security and privacy framework incorporating more than 40 other security and privacy-related standards and regulations. Given its extensive coverage across these standards and regulations, HITRUST is the golden standard for enabling a single framework strategy. Organizations that achieve a HITRUST certification are able to map the controls that they test as part of the HITRUST CSF to other frameworks and standards. This mapping allows entities to demonstrate compliance across numerous frameworks, leveraging just a single set of controls and the associated testing of those controls. Free Whitepaper: Understanding the HITRUST CSF Framework https://risk3sixty.com/2022/01/25/hitrust-single-framework-strategy/

322 views February 23, 2022 4:26 pm

YouTube Video UExib05aOGxnTGtVajFMNFdPWVIyOXZNdm5sZVpNRTA0Ui5DQUNERDQ2NkIzRUQxNTY1

HITRUST: Single Framework Strategy

HITRUST CSF Certification represents one of the fastest-growing and most popular forms of providing information assurance over a company’s implemented system to prospects, clients, partners, and other stakeholders in the healthcare industry. In an age where third-party due diligence is a business imperative, organizations are increasingly being pressured by regulators and other stakeholders to conduct due diligence on their partners and vendors. This often comes in the form of annual security questionnaires and requirements for vendors to fill out vendor security packets. In an effort to streamline this time-consuming and lengthy process, organizations often accept or require third-party assurance reporting, such as a SOC 2 report, ISO 27001 certification, or HITRUST CSF Certification, in lieu of or as a complement to other vendor risk management requirements. For companies seeking to meet the most popular and preferred third-party assurance standard in the healthcare industry, streamline the sales process, reduce barriers to doing business, and unify compliance efforts across multiple frameworks and regulatory requirements, implementing the HITRUST CSF and obtaining a HITRUST CSF Certification provides one of the most compelling ways to build, manage, and maintain a security and compliance program. Free whitepaper: Understanding the HITRUST CSF Framework https://risk3sixty.com/whitepaper/hitrust-csf-certification-whitepaper/

808 views February 23, 2022 3:22 pm

YouTube Video UExib05aOGxnTGtVajFMNFdPWVIyOXZNdm5sZVpNRTA0Ui41MzJCQjBCNDIyRkJDN0VD

HITRUST: How to Get HITRUST Certified

How can organizations leverage their information security program to amplify their growth? Here are three ways a HITRUST certification can expand business opportunities. The Case for a HITRUST Certification As organizations continue to become more interconnected globally, there is an increasing emphasis on third-party risk. Before agreeing to form a business relationship, entities want to ensure that service providers and other third parties can safeguard data entrusted to them. Business-to-business (B2B) technology providers have discovered that having a solid information security program is no longer just a means of mitigating risk. It has evolved into a business enabler. Obtaining a HITRUST certification can help organizations gain customers’ trust, expedite their sales process, and enter new markets. Free Whitepaper: Understanding the HITRUST CSF Framework https://risk3sixty.com/whitepaper/hitrust-csf-certification-whitepaper/

83 views February 23, 2022 3:10 pm

YouTube Video UExib05aOGxnTGtVajFMNFdPWVIyOXZNdm5sZVpNRTA0Ui4xMkVGQjNCMUM1N0RFNEUx

How HITRUST Fuels Growth for B2B SaaS Companies

In 2022, HITRUST will change its Assurance Assessments and Results Distribution to include three levels bC, i1, and r2. Basic, Current-state Assessment (bC) will focus on good security hygiene controls for almost any size organization. Implemented, 1-year Assessment (i1) will focus on leading security practices and is designed to provide moderate assurance. Risk-based, 2-year Assessment (r2) will have the same level of assurance and effort as the legacy HITRUST CSF Validated Assessment. These changes will help start-ups and high-growth organizations obtain assurance assessments through HITRUST. About Gary Holverson Gary is a Cyber Risk Consultant for risk3sixty, an Atlanta-based Information Risk Management (IRM) firm helping clients implement business-first information security and compliance programs. Gary brings experience in healthcare IT operations and information security frameworks to help organizations build, manage, and assess data security and privacy programs with a risk-based approach. Gary’s primary responsibilities include -HITRUST Practitioner: Leading HITRUST gap assessments, validated assessments, and program implementations. - Assisting with the creation and maintenance of security and compliance-related initiatives such as ISO 27001, HIPAA, HITRUST, and NIST 800-53. - Enabling sound security strategy by delivering expert-level guidance on cybersecurity best practices. - Helping companies communicate their security/compliance story to partners, customers, and regulators.

232 views February 17, 2022 5:06 pm

YouTube Video UExib05aOGxnTGtVajFMNFdPWVIyOXZNdm5sZVpNRTA0Ui4wOTA3OTZBNzVEMTUzOTMy

New 2022 HITRUST Assurance Assessments and Results Distribution System (by Gary Holverson)

Mike Carroll, HITRUST practice leader at risk3sixty, discusses how to comply with multiple compliance frameworks in a single harmonized workstream. This recording was from an ISACA Geek Week conference in August of 2021. About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high-growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com. 0:00 Introduction 2:55 Where We're Going 5:01 Addressing Traditional Audit Challenges 10:48 Common Pitfalls 14:29 Best Practices for a Leveraged Approach 19:49 Streamlining the Process 24:32 Certification Maintenance

251 views October 2, 2021 2:34 pm

YouTube Video UExib05aOGxnTGtVajFMNFdPWVIyOXZNdm5sZVpNRTA0Ui41MjE1MkI0OTQ2QzJGNzNG

Test Once, Report Many: Easier Compliance with Multiple Frameworks

In this video, we will provide all of the important details you need to get HITRUST certified, including HITRUST's background, certification process, typical timeline, and efforts, as well as answer many of the most common questions from our clients. About risk3sixty: risk3sixty is a HITRUST assessor firm that specializes in helping high-growth technology firms build and assess their security program. Over the last 5 years, we have helped 100s technology firms from start-ups to global technology organizations reach their certification goals. We make compliance simple and security programs better. You can learn more about risk3sixty's HITRUST programs at www.risk3sixty.com/hitrust. Free HITRUST Resources: - HITRUST Learning Center: https://risk3sixty.com/learn/ - HITRUST YouTube Playlist: https://www.youtube.com/playlist?list=PLboNZ8lgLkUj1L4WOYR29vMvnleZME04R #HITRUST #Security #Compliance

6.5K views April 16, 2021 2:48 pm

YouTube Video UExib05aOGxnTGtVajFMNFdPWVIyOXZNdm5sZVpNRTA0Ui4wMTcyMDhGQUE4NTIzM0Y5

HITRUST Basics: Everything you need to get HITRUST certified

Load More... Subscribe

In this webinar, our experts will walk you through the key elements of ISO 27701 program maintenance, equipping you with the knowledge and strategies necessary to ensure ongoing compliance and data privacy protection. 0:00 Intro 1:37 What You Need to be Successful 4:34 PIMS: Classes 5 10:34 Legal & Security 18:58 Product & Engineering 25:07 List of Recurring Tasks 30:02 Phalanx GRC 30:57 Q&A

123 views August 16, 2023 2:35 pm

YouTube Video UExib05aOGxnTGtVZ0ZkYUxBQzljVXpOZ3VFeG5wT3FXVC5EQUE1NTFDRjcwMDg0NEMz

Everything You Need to Maintain ISO 27701 Program

Preparation is everything to getting ISO 27701 certified. Join Phil Brudney, our expert on all things ISO 27701, as he explores everything you should do to prepare for a successful audit. Overview: 00:00 Intro 01:52 Internal Audit vs. External Audit 03:39 Who is Typically Involved 06:11 Processor, Controller, or Both? 12:09 Common Findings 18:32 The Audit Process 31:04 Q&A For more information, please download - ISO 27701: The Path to Privacy Program Certification and Implementation - https://risk3sixty.com/whitepaper/iso-27701-whitepaper/

206 views May 1, 2023 9:10 pm

YouTube Video UExib05aOGxnTGtVZ0ZkYUxBQzljVXpOZ3VFeG5wT3FXVC41Mzk2QTAxMTkzNDk4MDhF

ISO 27701: Everything You Need To Get Ready for an ISO 27701 Certification Audit

ISO 27701 has quickly become a globally recognized mark of a company's commitment to its privacy program. Over the past 3 years, risk3sixty has helped dozens of organizations prepare for and pass their ISO 27701 certification audits. Join us for this intro on everything you need to know. Overview: 00:00 Intro 00:30 What is ISO 27701? 04:19 The Business Case for ISO 27701 08:51 The ISO Ecosystem 11:02 ISMS/PIMS 15:28 Annex A ISO 27701 18:46 Annex B ISO 27701 21:56 Processes and Timelines 30:57 Q&A For more information about ISO 27701, please download our free whitepaper - ISO 27701: The Path to Privacy Program Certification and Implementation. https://risk3sixty.com/whitepaper/iso-27701-whitepaper/

482 views February 9, 2023 7:56 pm

YouTube Video UExib05aOGxnTGtVZ0ZkYUxBQzljVXpOZ3VFeG5wT3FXVC4zMDg5MkQ5MEVDMEM1NTg2

ISO 27701: Everything You Need to Get Certified for the ISO 27701 Privacy Framework

In this webinar, we will discuss the California Privacy Rights Act, which takes effect on January 1, 2023. Specifically, we will talk through where it came from, who it applies to, and how to begin your compliance journey: First, we will talk about the Background · What is the CPRA? · Who needs to comply? · Who is exempt? Second, we will talk about key compliance requirements · Items such as disclosures, data subject rights, vendor contracts Third, we will talk about immediate steps to get ready for CPRA · Privacy notice reviews · Data subject request preparedness · Data inventory updates Outline: 00:00 Introduction 01:06 What is the CPRA? 03:53 Who needs to comply? 05:14 Who is exempt? 07:30 What are key compliance requirements? 24:10 What should I do today? 29:27 Q&A

1.1K views November 21, 2022 9:37 pm

YouTube Video UExib05aOGxnTGtVZ0ZkYUxBQzljVXpOZ3VFeG5wT3FXVC45ODRDNTg0QjA4NkFBNkQy

CPRA: A Simple Intro to California Privacy Rights Act (CPRA) for Companies Trying to Comply

Privacy considerations in the world of healthcare, emerging tech, and regulation. From regulations like HIPAA, GDPR, and CPRA to home listening devices -- Kate and Christian discuss the future of privacy and the potential implications for businesses and individuals. About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

118 views March 8, 2022 11:00 am

YouTube Video UExib05aOGxnTGtVZ0ZkYUxBQzljVXpOZ3VFeG5wT3FXVC5EMEEwRUY5M0RDRTU3NDJC

Privacy: Healthcare Regulations, Social Media, and Listening Devices (w/ Kate Godfrey)

Stuart Lee, Chief Privacy Officer at VMWare, shares insights on building a global privacy program that is good for people and good for business. Stuart is a privacy expert with extensive experience building privacy programs for global organizations. In this episode of Tuesday Morning Grind, Stuart and Christian, discuss topics ranging from privacy regulation, privacy by design, and the societal impact of mass data collection. About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com. #privacy

245 views November 9, 2021 11:00 am

YouTube Video UExib05aOGxnTGtVZ0ZkYUxBQzljVXpOZ3VFeG5wT3FXVC40NzZCMERDMjVEN0RFRThB

#47: Privacy in a Digital World (w/ Stuart Lee)

Mass data harvesting, government surveillance, and regulations at every turn. How do people and businesses navigate the current privacy environment? Privacy is one of the most important challenges facing our society. How we communicate, our opinions, and our individual freedoms are at stake. Tack on a patchwork of compliance and regulatory requirements and it can be overwhelming. In this episode of Tuesday Morning Grind, Virginia and Christian discuss many of the problems and potential solutions as our society and businesses navigate one of the most important challenges of our time: Privacy. About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com. #privacy

150 views October 5, 2021 10:00 am

YouTube Video UExib05aOGxnTGtVZ0ZkYUxBQzljVXpOZ3VFeG5wT3FXVC5GNjNDRDREMDQxOThCMDQ2

#43: Mass Surveillance, Data Harvesting, and Freedom (w/ Virginia MacSuibhne)

In the webinar, we covered how having a privacy program can help you grow your business. It will be hosted by our managing director Christian Hyatt and the presenters will be Philip Brudney and Christopher Ventura. Philip and Chis oversee our privacy program at risk3sixty. They both are true thought leaders in the space and will be providing great information about how having a privacy program can help your business close more deals. #privacy 0:00 Introduction 1:35 Your Privacy Guides 2:57 Can You Answer These Questions? 4:12 What to Expect Today 5:19 Why Privacy Matters to You Personally 6:18 Privacy in History 9:26 The Right to Privacy: Where does it come from? 10:35 What does our Constitution infer about privacy? 15:02 Privacy Right-What laws apply? 17:20 How is Privacy maintained? 18:20 The Business Context of Compliance 19:15 MSA Compliance-What is the Standard of Care? 21:46 MSA Compliance-When does negligence arise? 22:50 MSA Compliance and Negligence Per Se 23:49 Overcoming These 3 Challenges 24:31 The Ownership Problem 28:45 The Whack-a-Mole Problem 31:17 Contract Clause: Health Data Confidentiality and Privacy 33:18 Contract Clause: Data Retention 36:02 Contract Clause: Data Location 38:47 Other Common Terms 41:05 The Bottom Line 42:38 Privacy Program Cheat Sheet 43:22 Get Your Company Ready

259 views October 1, 2021 2:57 pm

YouTube Video UExib05aOGxnTGtVZ0ZkYUxBQzljVXpOZ3VFeG5wT3FXVC45NDk1REZENzhEMzU5MDQz

Privacy Clauses in Contracts: What Should You Look Out for in Contracts

Robert is a longtime privacy leader, currently serving as a Vice President & Chief Privacy Officer at Entisys360. In this episode of the Tuesday Morning Grind, Robert and Christian talk about Robert’s path into the privacy field, board-level awareness of privacy concerns, ethics and privacy, education, and much more. About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

90 views June 22, 2021 10:00 am

YouTube Video UExib05aOGxnTGtVZ0ZkYUxBQzljVXpOZ3VFeG5wT3FXVC5DQUNERDQ2NkIzRUQxNTY1

#28 Matters of Privacy (with Privacy Guru Robert Glaser)

Load More... Subscribe

With experience working with hundreds of organizations, in this webcast, we discuss the security organization structures most effective in reducing risk, reducing cost/overhead, and consistently being able to obtain certifications like #ISO27001 and #SOC2. Free resource: Security Team Operating System Workbook https://risk3sixty.com/whitepaper/security-team-operating-system-ebook/

4.7K views September 18, 2020 9:41 pm

YouTube Video UExib05aOGxnTGtVZ1ZuVGc1X01UbVQ2VHB6N25VZFBqNi41NkI0NEY2RDEwNTU3Q0M2

How to Design a Security Organizational Structure

Nick is the CEO and Founder of Curricula, a learning management platform where they make fun security awareness training. In this interview, we talk a lot about building a Saas company, including culture, people, ops, and of course, cybersecurity.

156 views March 30, 2021 9:00 am

YouTube Video UExib05aOGxnTGtVZ1ZuVGc1X01UbVQ2VHB6N25VZFBqNi4wOTA3OTZBNzVEMTUzOTMy

#17: Building a SaaS Company, Security Awareness, Creating Cartoons (with Nick Santora)

Rob and Christian discuss what it means to be a leader and how great leaders can scale organizations. Rob Campbell is a leadership coach, keynote speaker, and author of two books. Prior to leadership coaching, Rob was an Army Colonel and Brigade Commander for the 101 st Airborne Division where he lead a brigade of nearly 5000 individuals. About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

83 views July 13, 2021 10:00 am

YouTube Video UExib05aOGxnTGtVZ1ZuVGc1X01UbVQ2VHB6N25VZFBqNi4xMkVGQjNCMUM1N0RFNEUx

#31: How Great Leaders Scale Organizations (w/ Colonel Rob Campbell)

Steve Dotson, CISO at Acoustic, discusses tools of the trade to build security programs at high growth technology companies. What does your first 90 days as a security executive look like? How do you get a seat at the table with executives? How do you get a budget approved? How do you build a team? From start-up advisor and investor, CISO, and business executive, Steve’s journey has helped him build security teams at organizations as diverse as multi-billion-dollar organizations to start-ups. In this episode of Tuesday Morning Grind, Christian and Steve discuss what it takes to be an effective security executive. About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

133 views September 28, 2021 10:00 am

YouTube Video UExib05aOGxnTGtVZ1ZuVGc1X01UbVQ2VHB6N25VZFBqNi41MzJCQjBCNDIyRkJDN0VD

#42: Acoustic’s Security Journey (w/ Steve Dotson)

Christian Hyatt, the co-founder of risk3sixty, reviews trends of the firm's last 1000 security assessments revealing common challenges and potential solutions facing organizations across the globe. This recording was from an ISACA Geek Week conference in August of 2021. About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high-growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

573 views October 2, 2021 2:31 pm

YouTube Video UExib05aOGxnTGtVZ1ZuVGc1X01UbVQ2VHB6N25VZFBqNi5DQUNERDQ2NkIzRUQxNTY1

Cybersecurity Trends: Results of the last 1000 Security Assessments

SOC 2, PCI DSS, ISO 27001, FedRAMP, GDPR – the list goes on. In this episode, Jewel and Christian discuss how to build a global security and compliance program poised to support multiple frameworks. Jewel is an expert in governance, risk, and compliance with experience building teams and navigating the complexities of global compliance initiatives. Having forged a non-traditional route to a GRC leadership position, Jewel is passionate about helping others do the same. In this episode of Tuesday Morning Grind, Jewel and Christian discuss how to get into cybersecurity, the challenges that come with leadership, and many of the tactics of being an effective GRC professional. About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

811 views October 26, 2021 10:00 am

YouTube Video UExib05aOGxnTGtVZ1ZuVGc1X01UbVQ2VHB6N25VZFBqNi45NDk1REZENzhEMzU5MDQz

#46: Building a GRC Program (w/ Jewel Hefner)

George Finney, CISO at SMU and Author of Well Aware, discusses the 9 habits of building cybersecurity awareness. George Finney is the CISO at Southern Methodist University and the author of the book Well Aware. In this episode of Tuesday Morning Grind, George and Christian discuss the challenges of building cybersecurity programs for Higher Education, cybersecurity threats, careers in cybersecurity, and why we are excited about the future. About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

135 views December 14, 2021 11:00 am

YouTube Video UExib05aOGxnTGtVZ1ZuVGc1X01UbVQ2VHB6N25VZFBqNi5GNjNDRDREMDQxOThCMDQ2

How to Build Security Awareness (w/ George Finney)

CJ DuBe' has helped over 110 companies implement habits to run a better business. She also shares her #1 tip for success – the Level 10 Meeting™. CJ DuBe' is an expert in helping companies implement the Entrepreneurial Operating System® (EOS®) made famous by the book Traction by Gino Wickman. CJ says at the heart of EOS is the ability to help manage and focus human energy. Through setting vision, establishing meet rhythms, getting the right people on the team doing the right jobs and a host of other activities – CJ helps companies thrive. In this episode of Tuesday Morning Grind, CJ and Christian explore a few aspects of an EOS and share practical tips to get started building a better company. Featured How to Guide: How to Run a Better Meeting Featured Book or Resource: Check out the book “Traction” and the free resources and templates at EOS Worldwide. About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

64 views January 11, 2022 11:00 am

YouTube Video UExib05aOGxnTGtVZ1ZuVGc1X01UbVQ2VHB6N25VZFBqNi40NzZCMERDMjVEN0RFRThB

A System for Running Your Business and the Best Meeting Format (w/ CJ DuBe')

Security leaders must have strong business acumen if they want to be successful. Otherwise, they are destined to the child’s table within the leadership ranks at their organization. Security programs must align the organization’s most important business objectives. This is a fact that all successful security leaders must understand. In this episode of Tuesday Morning Grind, Matthew and Christian discuss business topics that every security leader needs to know to successfully serve their organization – and how business is directly linked into cybersecurity. Book Recommendation: CISO Evolution by Matthew Sharp (https://www.cisoevolution.com/) About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

118 views January 25, 2022 11:00 am

YouTube Video UExib05aOGxnTGtVZ1ZuVGc1X01UbVQ2VHB6N25VZFBqNi4zMDg5MkQ5MEVDMEM1NTg2

How Security Leaders Can Upgrade to Business Leaders (w/ Matthew Sharp)

Load More... Subscribe

This Webinar is for Current or Aspiring Security Leaders From this webinar, you will discover your strengths, weaknesses, areas where you need support from your team, and the types of organizations you best fit. We call these attributes Security Leader Archetypes. We will also provide the tools to analyze organizations to better understand their security priorities. You will be able to use these tools to identify organizations that would most benefit from your natural strengths as a security leader. Organizations that you will love to work with and that would love to have you as part of their team. Ultimately, we believe following the steps outlined in this webinar will make you a more effective security leader and more satisfied with your career. Download the resources from this webinar here: https://landing.risk3sixty.com/5-ciso-archetypes #cybersecurity #careercyber #careertips #ciso

533 views February 11, 2022 1:51 pm

YouTube Video UExib05aOGxnTGtVak1BZ0lLVm1PXzZ1V29HZDFDOWtrZy5GM0Q3M0MzMzY5NTJFNTdE

Cybersecurity Careers: The Different Type of CISOs

Christian Hyatt, the co-founder of risk3sixty, reviews trends of the firm's last 1000 security assessments revealing common challenges and potential solutions facing organizations across the globe. This recording was from an ISACA Geek Week conference in August of 2021. About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high-growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

573 views October 2, 2021 2:31 pm

YouTube Video UExib05aOGxnTGtVak1BZ0lLVm1PXzZ1V29HZDFDOWtrZy5ENDU4Q0M4RDExNzM1Mjcy

Cybersecurity Trends: Results of the last 1000 Security Assessments

In the webinar, we covered how having a privacy program can help you grow your business. It will be hosted by our managing director Christian Hyatt and the presenters will be Philip Brudney and Christopher Ventura. Philip and Chis oversee our privacy program at risk3sixty. They both are true thought leaders in the space and will be providing great information about how having a privacy program can help your business close more deals. #privacy 0:00 Introduction 1:35 Your Privacy Guides 2:57 Can You Answer These Questions? 4:12 What to Expect Today 5:19 Why Privacy Matters to You Personally 6:18 Privacy in History 9:26 The Right to Privacy: Where does it come from? 10:35 What does our Constitution infer about privacy? 15:02 Privacy Right-What laws apply? 17:20 How is Privacy maintained? 18:20 The Business Context of Compliance 19:15 MSA Compliance-What is the Standard of Care? 21:46 MSA Compliance-When does negligence arise? 22:50 MSA Compliance and Negligence Per Se 23:49 Overcoming These 3 Challenges 24:31 The Ownership Problem 28:45 The Whack-a-Mole Problem 31:17 Contract Clause: Health Data Confidentiality and Privacy 33:18 Contract Clause: Data Retention 36:02 Contract Clause: Data Location 38:47 Other Common Terms 41:05 The Bottom Line 42:38 Privacy Program Cheat Sheet 43:22 Get Your Company Ready

259 views October 1, 2021 2:57 pm

YouTube Video UExib05aOGxnTGtVak1BZ0lLVm1PXzZ1V29HZDFDOWtrZy45RTgxNDRBMzUwRjQ0MDhC

Privacy Clauses in Contracts: What Should You Look Out for in Contracts

Mike Carroll, HITRUST practice leader at risk3sixty, discusses how to comply with multiple compliance frameworks in a single harmonized workstream. This recording was from an ISACA Geek Week conference in August of 2021. About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high-growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com. 0:00 Introduction 2:55 Where We're Going 5:01 Addressing Traditional Audit Challenges 10:48 Common Pitfalls 14:29 Best Practices for a Leveraged Approach 19:49 Streamlining the Process 24:32 Certification Maintenance

251 views October 2, 2021 2:34 pm

YouTube Video UExib05aOGxnTGtVak1BZ0lLVm1PXzZ1V29HZDFDOWtrZy4yMDhBMkNBNjRDMjQxQTg1

Test Once, Report Many: Easier Compliance with Multiple Frameworks

July 2021 marks risk3sixty’s 5-year anniversary. To celebrate, Christian Hyatt and Christian White talk about their journey and where risk3sixty is headed next. We have two goals with this episode of Tuesday Morning Grind: 1) We want to get current team members excited about being a part of risk3sixty. We want our team to have some insight into where we have been, where we are going, and why this is a unique place to build a career. 2) We want future team members that are considering risk3sixty to have a reference guide to risk3sixty. We want prospective team members to have one place to learn about where risk3sixty has been and where we are going. If you are considering a career at risk3sixty – reach out at vibes@risk3sixty.com! About risk3sixty: risk3sixty is a security, privacy, and compliance consulting firm that helps high growth technology organizations build, manage, and assess security and privacy programs. Offering services related to SOC 2, ISO 27001, PCI DSS, HITRUST, Virtual CISO, Privacy Programs (GDPR, CCPA, etc.), Penetration Testing, and a GRC Platform built for cloud technology companies, Phalanx. You can learn more about risk3sixty at www.risk3sixty.com.

226 views July 27, 2021 10:00 am

YouTube Video UExib05aOGxnTGtVak1BZ0lLVm1PXzZ1V29HZDFDOWtrZy4yMUQyQTQzMjRDNzMyQTMy

#33: risk3sixty 5 Years in Review (w/ Co-founder Christian White)

IAPP Privacy Fellow, Philip Brudney, speaks with Christian Hyatt about the most important elements of California's latest privacy regulation (CPRA) and how organizations can best prepare for the coming requirements. #cybersecurity #privacy #CPRA #risk3sixty

1.9K views November 6, 2020 4:39 pm

YouTube Video UExib05aOGxnTGtVak1BZ0lLVm1PXzZ1V29HZDFDOWtrZy45ODRDNTg0QjA4NkFBNkQy

California Privacy Rights Act (CPRA): Top 10 Tips for CPR Compliance

With experience working with hundreds of organizations, in this webcast, we discuss the security organization structures most effective in reducing risk, reducing cost/overhead, and consistently being able to obtain certifications like #ISO27001 and #SOC2. Free resource: Security Team Operating System Workbook https://risk3sixty.com/whitepaper/security-team-operating-system-ebook/

4.7K views September 18, 2020 9:41 pm

YouTube Video UExib05aOGxnTGtVak1BZ0lLVm1PXzZ1V29HZDFDOWtrZy4wOTA3OTZBNzVEMTUzOTMy

How to Design a Security Organizational Structure

In this video, we will discuss the recent Privacy Shield invalidation and the relevant implications for companies. #privacy #PrivacyShield #Security

430 views July 29, 2020 11:29 pm

YouTube Video UExib05aOGxnTGtVak1BZ0lLVm1PXzZ1V29HZDFDOWtrZy5EMEEwRUY5M0RDRTU3NDJC

Privacy Shield was Invalidated - Now What?

We discuss the common pitfall of the CISO role as well as a framework to design a CISO role that makes sense for your organization. Free resource: Security Team Operating System - workbook https://risk3sixty.com/whitepaper/security-team-operating-system-ebook/ Podcast Here: https://anchor.fm/risk3sixty #security #cybersecurity #CISO #compliance 0:00 Introduction 1:54 Why This Matters 3:59 Framework: Define Business Problems 7:35 Framework: Priorities Roles and Responsibilities 12:11 Framework: CISO RACI Diagram 17:41 CISO Profiles: Security Focused 26:22 CISO Profiles: Compliance Focused 31:39 CISO Profiles: Non-CISO Executive 40:18 What's Next: Org Structure

836 views July 24, 2020 3:34 pm

YouTube Video UExib05aOGxnTGtVak1BZ0lLVm1PXzZ1V29HZDFDOWtrZy4xMkVGQjNCMUM1N0RFNEUx

The CISO Role: How to Design a Security Leadership Role Custom Fit to for Your Organization

Load More... Subscribe

Speak With An Expert

Let Us Know How We Can Help

Fill out the form and let us know what service you’re interested in; or ask any general question and we’ll get back to you as soon as possible.

Speak with an Expert