Blog
Five Essential Cybersecurity Controls for SMBs
A basic cybersecurity program focused on high-impact controls can protect you against the vast majority of cyberattacks. Learn about the five essential security control categories for SMBs included in the UK NCSC’s Cyber Essentials framework.
How do you choose a GRC tool? Ask these 9 questions
How do you choose a GRC tool? Look for solutions that integrate features for compliance, sensitive data discovery, and risk mitigation, so you can to do all three more effectively.
Cyber Threat Trends in 2024: Common Patterns Seen in Key Industry Reports
In this post, we collate key findings from some of the big cybersecurity reports published this year to zero in on the biggest cyber threats in 2024, and identify approaches to defense that worked. This is the first in a three-part series.
The CIS Guide to Defining Reasonable Cybersecurity
The guide provides practical and specific guidance to organizations seeking to develop a cybersecurity program that satisfies the general standard of reasonable cybersecurity
Governance, Risk and Compliance (GRC) for Cybersecurity Practitioners
What has propelled GRC to the forefront of present-day cyber and business strategies? An overview of GRC and next-gen GRC tools for cyber leaders.
Understanding Shadow IT: Risks, Detection and Best Practices
Shadow IT – the use of technology and cloud apps without the knowledge of the IT department – can be a major risk for organizations today. Learn how to detect and manage the risk.
CYRISMA’s GRC and Compliance Assessment Module is Expanding!
The GRC Module and new compliance assessment features will allow you to track ALL controls included in the covered regulatory standards and best practice frameworks. Find compliance gaps, generate reports, run scans to get closer to compliance.
Understanding Internal and External Vulnerability Scans
This guide explores internal & external vulnerability scans, detailing what they are, when to use them & best practices for conducting them.
Common CVE Types – What they mean and how they can impact your business
What are some common vulnerability descriptors and types, and how can they impact your organization? From RCEs to buffer overflows – learn about some common CVE types in our latest blog post.
What’s new in the CIS Critical Controls Version 8.1?
What’s new in the CIS Controls v8.1? A new Governance security function, new asset classes including the Documentation asset type, enhanced clarity and alignment with NIST CSF 2.0.