Brian Johnson
Contributor

Connecting Postgres to Active Directory for Authentication

August 21, 2019

PostgreSQL is an open-source database system that is a popular choice for managing data and building applications.  While primarily geared towards developers, PostgreSQL is also designed to help system administrators safely and robustly store information in databases.  And because many networks use Active Directory to manage users and their resource permissions, it makes sense to tie PostgreSQL into this authentication

Read more
Brian Johnson
Contributor

Physical Facility Access Policy Best Practices | A SOC 2 Primer

August 12, 2019

Physical security is not just a concern for large companies. A small business also needs an established physical security policy to protect their physical assets and provide their employees with a sense of protection and safety. In this policy, you will define the controls, monitoring, and removal of physical access to your company’s facilities. Here are five practices for writing

Read more
Brian Johnson
Contributor

SOC 2 Terminology Glossary

July 3, 2019

SOC 2 compliance, like so many things related to IT and security, is chock full of terms and acronyms to learn.  If you are just getting started with SOC 2, it’s helpful to get familiar with this alphabet soup ahead of time so you can move your compliance efforts forward with confidence.  Below is a SOC 2 terminology glossary to

Read more
Brian Johnson
Contributor

Writing Your Security Incident Response Policy

June 27, 2019

This article will point you to the core concepts within the SIRP so that you understand the purpose of this policy before writing your own. The Security Incident Response Policy (SIRP) establishes that your organization has the necessary controls to detect security vulnerabilities and incidents, as well as the processes and procedures to resolve them.  The tricky thing about this

Read more
Brian Johnson
Contributor

Practical Tips to Improve Data Center Security and Compliance

March 26, 2019

In this post, we’ll answer the following questions:How do I know what rules and regulations I need to follow when protecting my data and data center? Where should I host my secure data center infrastructure (on-prem vs. colocation facilities vs. cloud vs. hybrid solution)? How do I plan for - and recover from - a physical data center failure?

Read more
Brian Johnson
Contributor

How to Write Your Software Development Lifecycle Policy

March 19, 2019

With headline-grabbing software vulnerabilities becoming more and more prevalent, now is the time to tighten up your development practices into a well-written SDLC policy. This particular information security policy will help your development teams standardize on coding tools and practices, as well as get everybody on the same page from a security standpoint. And come the time when you do have a incident, you will be able to demonstrate to your customers that you do indeed take their security seriously - it’s not just lip service.

Read more
Brian Johnson
Contributor

System Changes Policy 101

March 12, 2019

In the world of SOC 2, the general rule is to write a policy, procedure or log entry for just about everything that happens in your environment. This is especially important when it comes to system changes, as auditors want to see that you have detailed logs of what’s happening in your environment, that the changes are properly documented and communicated across your organization, and that you can effectively debug problems after a change is made. All of these requirements and expectations are defined in your system changes policy.

Read more
Brian Johnson
Contributor

How to Write a Disaster Recovery Policy

March 5, 2019

As you prepare your company to endure and recover from a disaster, two primary information technology policies should be in place: business continuity and disaster recovery. These two policies help you plan for – and recover from – adverse events, but the difference lies in the goals of each policy: business continuity focuses on returning your business to normalcy, while disaster recovery details the minimum necessary functions for your business to survive.

Read more