NIST Privacy Framework: Privacy Protective Practices

The National Institute of Standards and Technology (NIST) has developed a comprehensive privacy framework that can help organizations assess and improve their privacy practices. The framework consists of three main components: the core, the profiles, and the implementation tiers. In this blog post, we will focus on the privacy protective practices, which are the specific … Continue reading NIST Privacy Framework: Privacy Protective Practices →

NIST Privacy Framework: Foundational Privacy Principles

The National Institute of Standards and Technology (NIST) has developed a comprehensive privacy framework that can help organizations assess and improve their privacy practices. The framework consists of three main components: the core, the profiles, and the implementation tiers. In this blog post, we will focus on the foundational privacy principles, which are the fundamental … Continue reading NIST Privacy Framework: Foundational Privacy Principles →

NIST Privacy Framework: Core

The National Institute of Standards and Technology (NIST) has developed a comprehensive privacy framework that can help organizations assess and improve their privacy practices. The framework consists of three main components: the core, the profiles, and the implementation tiers. In this blog post, we will focus on the core, which is the foundation of the … Continue reading NIST Privacy Framework: Core →

Threat Emulation Training: Where to Start

Written by: Sean D. Goodwin , CISA, QSA, PCIP, CISSP, CCSP, GSEC, GCIH, GCIA, GCWN, GCCC, GCUX, GCPM, GDAT, GSE Our recent blog posts have covered a variety of topics related to threat emulation, including: The benefits of threat emulation. The important factors that differentiate threat emulation from penetration testing. Understanding how to leverage these tests to implement controls … Continue reading Threat Emulation Training: Where to Start →

Threat Emulation vs. Penetration Testing: Understanding the Differences

This was originally posted as an Insight from Wolf & Company, P.C. Threat emulation (also referred to as adversary simulation) is an advanced form of testing where the attack tools, techniques, and procedures (TTPs) utilized are based on documented, real-world criminal actions. These tests are best suited for environments and organizations that have the basics covered … Continue reading Threat Emulation vs. Penetration Testing: Understanding the Differences →