Comprehensive business continuity and disaster recovery plans are must-haves for companies of all sizes that are dependent on their systems to run their businesses. In Part 2 on this topic, I discuss factors that have to be considered when building a plan. Preparing for a disaster can be a daunting task, involving many factors. A […]
About Jeff VanSickel
Based in the Philadelphia area, Jeff VanSickel is a seasoned Information Security Professional with over 20 years’ experience in the areas of Information Security, Information Technology, Audit Compliance, Risk and Project Management. Jeff, being a Payment Card Industry (PCI) Qualified Security Assessor (QSA), a certified CISSP and CISM, he is highly knowledgeable about US Federal and State Law (including SOX, HIPAA, GLBA and Breach Law), US Regulations, ISO-27001/2, NIST, and PCI-DSS.
Entries by Jeff VanSickel
Comprehensive business continuity and disaster recovery plans are must-haves for companies of all sizes that are dependent on their systems to run their businesses. The definition of a disaster is anything that can impact the continuation of business operations. Most people think disasters would just include major weather events (snowstorms, hurricanes, flood, and tornadoes), fire, […]
Third Party Risk Management Following up on my prior post Third Party Risk Management, (4/9/18), I’d like to share my recommendations to monitor and manage IT risk. There are a number of Governance, Risk, and Compliance (GRC) tools available, ranging from the inexpensive to the extremely expensive. Small to medium size companies are generally not […]
Third Party Risk Management Topping my list of information security risks for the coming year is third party risk management. Small to medium size companies do not have the workforce necessary to monitor the security posture of their technology service providers. To properly address the issue, a company will need to put the following in place […]
How should a small organization quantify risk when it comes to IT security? In my last post, I discussed how people with little or no IT security experience are often put in charge of IT security at small companies. I explained how they might approach telling their boss how things are going on the […]
Ask where somebody working in IT security at a small company got started, and there is a good chance it had nothing to do with IT security at all. Considering the management infrastructure of the typical small organization, IT security is usually handed off to somebody who knows little about it, usually somebody from the […]
There is something quirky about the 27000 series of standards published by the International Organization for Standardization (ISO). Perhaps it is presented deliberately this way as a lesson in due diligence. Perhaps it is just a random error. But the standards are in the wrong numerical order. Judging from our interactions with company IT organizations, […]
I’d like to share answers to questions recently asked about disaster recovery. 1. What advice would you give to tie cybersecurity protection and IT disaster recovery together for business continuity? There are a number of activities performed by the IT operational group within an organization that deal with Disaster Recovery. They include performing data backups, […]
Inquiry: Earlier this month we received an email from Matthew Todd of Financial Engines, Inc. that said, “Back in 2011, Phil Cox (SystemExperts) wrote some guidance on using Windows BitLocker to meet PCI-DSS requirements. PCI-DSS has been updated since then, and I’m curious if SE has updated guidance.” Response: Section 3.4.1 of PCI-DSS version 3.1, […]
Since 1994, SystemExperts has been helping companies see the big picture and design solutions to meet their comprehensive security needs. We over-deliver and provide unmatched personal attention, distilling problems to their root causes and recommending what’s appropriate for every client.
News & Insights
Tel: 1 (888) 749-9800
Fax: 1 (978) 440-9636