Receive articles and resources from the information risk management experts at FoxPointe.
This article was written by Ryan Bigelow, Director FoxPointe Solutions. It’s hard to believe that PCI DSS v4 (now 4.0.1) has already been out for three years. The standard was officially released to the public on March 31, 2022. With it came a transition period to allow organizations time to...
The European Union’s Digital Operational Resilience Act (DORA) officially went into effect on January 17, 2025, marking a significant step in strengthening the IT security and operational resilience of financial institutions. This regulation sets a new standard for banks, insurance companies, investment firms, and other financial entities, ensuring they can...
This article was written by Deb Bond, Consulting Manager. Data Privacy can be best defined as the protection of personal data from those who should not have access to it and the ability to individuals to determine who can access their personal information. AI’s Impact on Informational Privacy The use...
This article was written by James Normand, Security Analyst. As organizations operate and grow, so too does the amount of data that they’re responsible for. Properly managing and safeguarding organizational and customer data can help ensure compliance with GDPR, CCPA, GLBA, and regional laws. Failure to implement and maintain secure...
This article was written by Emily Mosack, Analyst. Insider threats pose a significant risk to organizations, involving individuals with access to critical systems and data. These threats can come from malicious insiders intent to cause harm, careless employees who unknowingly compromise security, or those whose credentials have been stolen by...
A SOC 3 report, also known as the Statement on Standards for Attestation Engagements (SSAE) 21, focuses on a service organization’s controls that are likely relevant to examining a user entity’s (customer’s) service commitments and system requirements. SOC 3 reports cover a service organization’s security, availability, processing integrity, confidentiality, and...
Based on Verizon’s 2024 Data Breach Investigations Report, the public administration, finance, professional, manufacturing, and education industries are the most popular targets for cyber criminals. The most common attacks occur through ransomware, phishing emails, desktop sharing, virtual private networks, and web applications. All of which have led to an increased...
The European Union’s General Data Protection Regulation (GDPR) sets a high standard in the world of global data privacy and security. Known for its strict requirements and robust enforcement, the GDPR poses a considerable challenge for companies within its reach. However, for businesses planning to expand into the United States,...
By Jessica Ramirez Artificial intelligence (AI) has been a trending topic that we have been exploring and discussing as it continues to rapidly advance technologically. One thing to keep in mind as AI advances, is how this impacts professional settings. An organization must understand the advantages and disadvantages that AI...
Outsourcing Cybersecurity Functions This article was written by Emily Mosack In today’s digital landscape, where cybersecurity threats are constantly evolving, organizations face the challenge of staying ahead of malicious actors while managing limited resources and expertise. One solution gaining momentum is outsourcing cybersecurity functions to specialized external providers. What is...
