Secure Controls Framework (SCF)
May 30, 2022
Centraleyes Resource Center
- Yair Solow Featured on Bugy's Founder Interviews
- Centraleyes Chosen as Global Top 5 Startups of the Year - Interview
- Centraleyes on Cyber Ghost: Interview with Yair Solow
- Spotlight Q&A with Centraleyes at Safety Detectives
- Centraleyes Expands Automated Risk Register To Cover All Enterprise Risk
- New Centraleyes 4th Generation Release Officially Goes Live
- Yair Solow Featured on VPN Mentor
- Yair Solow on CNN
- CyGov Signs a Strategic Agreement with R3 (Spanish)
- Centraleyes Welcomes Co-Founder of Optiv, Dan Burns, to Its Board of Directors
- Centraleyes Continues to Expand Its Global Network of Strategic Partners with UK-based ITC Secure
- Centraleyes Introduces First Automated Risk Register
- Yair Solow Featured on Website Planet
- Trevor Failor named head of sales at CyGov
- CyGov is rebranding its platform as Centraleyes
- Cybersecurity Company Cygov Partners With Risk Management Company Foresight
- CyGov agrees strategic partnership with top 200 MSSP Cybriant
- Cyber Resilience Resource for Businesses Re-Deploying Remotely
- The Four New Pillars of Corporate Protection Yair Solow on InfoSecurity Magazine
- CyGov selected by SixThirty as Top Cyber Security Startup
- Europe's Top Cyber Security Startups
- CyGov Interviewed by MediaSet
- Eli Ben Meir's article in Security Intelligence
- Yair Solow on i24 News
- CyGov Selected by WorldBank
- Eli Ben Meir OpEd in the Houston Chronicle
- Yair Solow and Eli Ben Meir Present at the SparkLabs Demoday 8
- Enhance Your Cyber Maturity With ITSM Integration and Automated Remediation
- Ensure Your Ongoing Compliance With Automatic Framework Reassessment Tasks
- Stay in the Know With a Full Activity Log of Your Assessment Collection
- Add a New Entity to Perform Your Assessment in 10 Seconds
- Quantify Financial Risk With Centraleyes Platform Primary Loss Calculator
- Cover Your Entire Environment With Centraleyes's Risk Application Assessments
- Communicate Cyber Risk With Your Executives in an Intuitive, Beautifully Visualized Board Reporting
- Stay on Top of Your Vendors' Cyber History With In-Depth External Scans
- Automate the Creation and Maintenance of a Risk Register, Saving Hours on Manual Work
- Add a New Framework and Distribute Assessments in Your Organization
- View Your Organization's Risk Scoring Through the NIST Tiering Lens
- Most Intuitive Way for Compliance With the Framework Navigation Tool
- Always Prepared for the Next Task With Automated Remediation
- Effective Team Work With Drag-and-Drop Control Assignment
- Get Real-Time Critical Alerts That are Specifically Relevant to You
- MSSPs Can Manage Multiple Clients Under One Platform
- Onboard a New Vendor in Just 30 Seconds
- Turn Hours of Work Into Seconds with Centraleyes Vendor Risk Profile
- Always Informed with Centraleyes Domain Benchmarking
- Cybersecurity in Sports: A New Arena for Risk Management
- Boeing's Sky-High Ransomware Refusal
- What was Behind the Change Healthcare Breach that Shook the Healthcare Industry?
- Cisco Raises Concerns Over Surge in Brute-Force Attacks Targeting VPN and Web Services
- Bipartisan Proposal Sparks Hope for American Privacy Rights Act
- Microsoft Responsible for Made-in-China Hack that Targeted US Officials
- AI Gets an Endorsement from Coalition
- NIST NVD "Under Construction"
- TutaCrypt to Thwart 'Harvest Now, Decrypt Later' Attacks
- 9.8/10 Severity Flaw in Team City- Patch Now!
- Blackcat Claims Responsibility for the UnitedHealth Change Breach
- US Gov's Cyber Survival Guide for Water Utilities
- Safeguarding Elections Amidst the Deepfake Deluge
- Faking the Figures (and the Faces): Deepfake Financial Frauds
- Trello Got a Scrape
- Advisory Issued for Androxgh0st Malware
- X Marks the Spot: Mandiant and SEC's Security Sway on Twitter
- Quantum Quandary: Navigating the Path to Unbreakable Encryption
- Chameleon Android Banking Trojan Morphs with Advanced Tactics, Expands Targets
- Ubiquiti Resolves User Access Bug
- The U.S. Needs a Better AI Plan
- Navigating the Cyber Currents: Ensuring a Watertight Critical Infrastructure
- Dollar Tree Breach: Supplier Roots Sprout Risks
- Applying Digital Pressure to Stop the “Citrix Bleed”
- 30-Year-Old Medical Protocol Making Headlines
- 88 Million Americans Affected in 2023 By Healthcare Data Breaches
- Critical Atlassian Flaw Has a Simple Fix
- D.C. Voter Data Leak: What We Know So Far
- Centraleyes Leads the Way with Full PCI DSS 4.0 Compliance Support on its Innovative Platform
- Will the Real Admin Please Step Up?
- Straightening Out the curl Vulnerability
- Vague in the Hague: Who Is Behind the ICC Data Breach?
- Forever 21 Discloses Data Breach Impacting Over Half a Million
- FBI on a Wild Duck Hunt after Qakbot
- The Enemy Within: Tesla’s Data Breach Was an “Inside Job”
- NIST CSF is Getting a Makeover
- Russia Prime Suspect for UK Electoral Commission Cyber Attack
- Storm-0558 Isn’t Over Yet
- Google-Owned VirusTotal Data Leak: Result of Human Error
- Made-In-China Hack Infiltrates the US Government
- How to Build a Successful GRC Program to Help Reduce Your Risk Posture
- How to Stay Secure and Compliant in a World of Regulatory turmoil
- Don’t Keep Your Head in the Clouds – How to Protect Yourself from Virtual Risk
- Flash Webinar: How to Know When it's Time to Build a Risk Management Program
- Enhancing Cyber Risk Management Through the Power of Automation - Boutique Webinar
- Flash Webinar: From Technical to Business Risk - How to Communicate With Your Board
- Flash Webinar: What You Can Learn From the SolarWinds Attack to Lower Your Chances of Being Breached
- Flash Webinar: Supply Chain, 3rd-Party Vendors and the Silent Assassin Among Them
- Flash Webinar: Cyber Risk Management - it Doesn't Have to Be So Painful
- Best Security Questionnaire Automation Software - Top Features To Look For
- How to Manage IAM Compliance and Audits
- Importance of AI Governance Standards for GRC
- What is AI Governance? Principles, Types, and Benefits Explained
- The Essential Role of Virtual Compliance Officers in Modern Business
- AI Regulation in Finance: Steering the Future with Consumer Protection at the Helm
- Navigating AI Regulations in the Insurance Sector: A Comprehensive Guide
- Manual vs Automated Risk Management: What You Need to Know
- FISMA vs. FedRAMP in Government Cybersecurity
- The Ultimate Guide to Excelling in Your External Audit: 5 Proven Strategies
- Digital Risk Types Demystified: A Strategic Insight into Online Threats
- FISMA Compliance: A Complete Guide to Navigating Low, Moderate, and High Levels
- Understanding the Different Types of Audit Evidence
- Data Loss Prevention: Best Practices for Secure Data Management
- What is Maryland’s Online Data Privacy Protection Act?
- Enhancing Security and Reducing Costs with Advanced Zero Trust Implementation
- Navigating Legal Challenges of Generative AI for the Board: A Strategic Guide
- Exploring the Cost of a Data Breach and Its Implications
- Best 5 Privacy Management Tools for 2024
- Introduction to ISO 42001 and Its Impact on AI Development
- The Best SIEM Tools To Consider in 2024
- The 11 Best GRC Tools for 2024
- 8 Best Compliance Automation Tools: How to Choose
- The Best 10 Vendor Risk Management Tools
- Best 8 Vulnerability Management Tools for 2024
- Protecting Patient Data Post-Change Healthcare Breach
- Ensuring Business Resilience: Integrating Incident Response and Disaster Recovery Plans
- Understanding the Key Updates in NIST Cybersecurity Framework 2.0
- What's in the NIST Privacy Framework 1.1?
- The 5 C’s of Audit Reporting
- Cloud Compliance Frameworks: Ensuring Data Security and Regulatory Adherence in the Digital Age
- Generative AI Governance: Balancing Innovation and Ethical Responsibility
- Overview of AI Regulations and Regulatory Proposals of 2023
- Risk and Regulation: A Strategic Guide to Compliance Risk Assessment
- Understanding the ISO 27001 Statement of Applicability in Cybersecurity
- 5 Benefits of Identity and Access Management
- Unveiling the Threat Landscape: Exploring the Security Risks of Cloud Computing
- Future of Compliance: 2024's Essential Cybersecurity Insights
- What Do You Do if You Have a Third-Party Data Breach
- 7 Steps to Measure ERM Performance
- Cyber Leaders of the World: Chris Lockery, CISO at Help at Home
- Cyber Leaders of the World: Michael Anderson, CISO at the Dallas Independent School District
- Cyber Leaders of the World: Timothy Spear, Co-Founder and CTO of Whonome
- Cyber Leaders of the World: Marc Johnson, CISO at Impact Advisors
- Cyber Leaders of the World: Craig Williams, CISO at Secure Data Technologies
- Cyber Leaders of the World: Bill Genovese, CIO Advisory Partner at Kyndryl
- Cyber Leaders of the World: Dr. Brian Callahan, Graduate Program Director & Lecturer at ITWS@RPI, and CISO at PECE
- Cyber Leaders of the World: Chris Grundemann, Research Category Lead for Security and Risk at GigaOm
- Cyber Leaders of the World: Barak Blima, CISO at CHEQ
- Cyber Leaders of the World: Tony Velleca, CEO at CyberProof and CISO at UST
- Cyber Leaders of the World: Rob Black, CEO and Founder of Fractional CISO
- Cyber Leaders of the World: Zachary Lewis, CISO at the University of Health Sciences and Pharmacy in St. Louis
- Cyber Leaders of the World: Dan Wilkins, CISO at the State of Arizona
- Cyber Leaders of the World: Sagar Narasimha, CISO at Amagi
- Cyber Leaders of the World: Seema Sharma, Global Head of Information Security & Data Privacy at Servify
- Cyber Leaders of the World: Shay Siksik, VP of Customer Experience at XM Cyber
- Cyber Leaders of the World: Raz Karmi, CISO at SimilarWeb
- Authorization to Operate (ATO)
- StateRAMP
- Segregation of Duties
- PCI Penetration Testing
- Due Diligence Questionnaire
- Key Risk Indicator
- AI Policy
- TISAX
- COPPA
- AI Risk Management
- AI Auditing
- Data Exfiltration
- Data Sovereignty
- Control Objectives for Information and Related Technologies (COBIT)
- Audit Management Software
- Vendor Framework
- AI Governance
- AI Transparency
- Internal Penetration Testing
- Cybersecurity Automation
- GDPR Compliance Risk Assessment
- Audit Fatigue
- Compliance Operations
- Risk Management Automation
- Corporate Sustainability Reporting Directive
- Man-in-the-Middle Attack
- Digital Rights Management
- Content Disarm and Reconstruction
- Calculated Risk
- Data Residency
- Asset Risk Management
- Identity Security
- Risk Modeling
- CISO Board Report
- Risk Communication
- SOC 2 Bridge Letter
- Audit Documentation
- Enterprise Risk Management (ERM)
- Compliance Gap Analysis
- Security Misconfiguration
- What are the different types of compliance management tools?
- How long does SOC 2 compliance take?
- What are the Differences Between Internal and External Penetration Testing?
- What is the difference between proactive and reactive risk management?
- Why is a data retention policy important?
- What is the operational risk management process?
- How to implement the COSO framework?
- How do you perform a cyber security risk assessment?
- How to develop an enterprise risk management framework?
- How do you respond to a security questionnaire?
- What are the main steps in the threat modeling process?
- What exactly is considered PHI according to HIPAA?
- What does the PCI Compliance Auditor Look At?
- How to Detect and Prevent Data Leakage?
- What are the Challenges Associated with Cloud Security Management?
- How Many Techniques Are There in MITRE Att&ck?
- What Are the Benefits of Conducting a Risk Assessment?
- What are the categories of controls in ISO 27001?
- How Does ABAC Differ From Other Access Control Models?
- What Does a Compliance Management System Look Like?
- What Are the NIST CSF Implementation Tiers?
- What is the Purpose of Compliance Attestation?
- How do I become NIST 800-171 compliant?
- Why are the three rules of HIPAA necessary?
- What are the seven categories of risk?
- What are the Six Types of Vulnerability Scanning?
- Which are the most important compliance frameworks?
- How do you implement GRC automation?
- How Can I Measure the ROI of Implementing a Compliance Solution?
- How do you determine whether HIPAA violations need to be reported?
- What are the three major threats to cybersecurity today?
- How Do You Manage Compliance Risk?
- How Does a GRC platform handle data privacy and security?
- How Often Should Supplier Risk Assessments Be Conducted?
- How is a SOC 2 Report Structured?
- What Are the Major Risk Factors in Cyber Security?
- How Do You Read a Risk Matrix Table?
- What is the Risk Rating Matrix Used For?
- What are the Benefits of Risk Assessment Software?
- How does the CMMC differ from NIST?
- Last Resources
FFIEC
June 14, 2021
PCI DSS
June 14, 2021
GDPR
June 14, 2021
SOC 2 Type II
June 14, 2021
NY SHIELD Act
June 14, 2021
OWASP ASVS
June 14, 2021
ISO 27001
June 14, 2021
CIS Controls
June 14, 2021
ISO 27701
June 14, 2021
NIST CSF
May 18, 2021
How to Manage IAM Compliance and Audits
May 20, 2024
Resources | News & Updates
You’ve Been Hacked: Roskomnadzor
Ukrainian anonymous hacking group, appropriately called Anonymous, announced over Twitter this week that they had breached and…
Using the Shed Light: Twitter vs. Russia
Defending and respecting the user’s voice is one of Twitter’s core values, according to their website. This…
Centraleyes Announces the Addition of PIPL its Framework Library
Centraleyes is happy to announce the addition of the Personal Information Privacy Law (PIPL) of China to…
Next-gen Botnets
It’s the plague of frogs- but not as you know it. First spotted in August 2020, “FritzFrog”…
Centraleyes Updates Newly Released CMMC 2.0 in its Framework Library
Centraleyes is excited to announce the upgrade of the new CMMC version 2.0 in its extensive framework…
Centraleyes Maps the Nevada Revised Statutes to its Control Inventory
Centraleyes is proud to announce the addition of the Nevada Revised Statutes (NRS), Chapter 603A to its…
Russian Hackers Infiltrate Ukrainian Organizations via Spear-Phishing
The world is watching with bated breath as Russia lines up its army along the borders of…
Centraleyes Adds the Ransomware Readiness Assessment Model to its Framework Library
Centraleyes is excited to announce the addition of the Ransomware Readiness Assessment (RRA) Model to its expanding…
The British are Coming- with SOX!
The UK’s corporate landscape begins the 2-year countdown to prepare for new governance, audit and reporting requirement:…
RCE Alert: Managing Vulnerabilities
Two critical bugs discovered in Control Web Panel means that an unauthenticated attacker can gain remote code…
When Imitation Isn’t the Best Form of Flattery
There is an exclusive top ten list that NO company wants to find themselves on: the Top…
Ransomware Shuts Down US Prison
Ransomware is always consequential to the company experiencing the attack, but in this case, the staff and…
Y2K22 Surprise!
Microsoft Exchange users were surprised when emails could not be delivered on January 1st, 2022. MEServers from…
DuckDuckGo For It!
Everyone is talking about DuckDuckGo, the search engine that has experienced enormous growth in 2021 and performs…
Securing from the Inside Out
Take your mind off of Log4j momentarily and consider a vastly different vulnerability. Garret Metal detectors, a…
Demystifying The Internet Meltdown: Log4j
The Log4Shell bug has taken the world by storm putting some of the biggest companies at risk…
Patching Backward to Move Forward: Top 6 Tips for Patch Management
These patches were released months ago, so how can threat actors continue to exploit the same vulnerabilities…
Phishing From Within
IKEA has been in the limelight this week as the target of a creative phishing campaign. Internal…
Critical Infrastructure targets take extra precautions this Thanksgiving
Another holiday weekend, another reason to be cyber vigilant! CISA and the FBI released a warning ahead…
300+ WordPress Sites Held Ransom By Fake Ransomware
Over 300 WordPress sites were attacked with fake encryption notices, informing them they must pay 0.1 bitcoin…
At Least Nine Global Entities Across Critical Sectors Have Been Exploited Via a Known CVE
Back in September, the Zoho MachineEngine ADSelfService Plus reported a critical vulnerability that would allow remote attackers…
Your Company is Under Intense Pressure. And That’s Exactly When They’ll Strike.
Ransomware actors are choosing their targets based on time-sensitive financial events, like mergers or acquisitions and ends…
You Haven’t Heard Of Groove Ransomware? Let’s Hope It Stays That Way
Not everyone was happy with the law enforcement’s take down of the REvil ransomware group last week.…
Claiming Unemployment? Watch Out!
The FBI put out a warning this week of spoofed websites offering unemployment benefits that harvest sensitive…
Lightning Never Strikes Twice? Ransomware Does
Back in September, leading medical technology company Olympus was hit with a ransomware attack on its EMEA’s…
“Do Your Part… Be Cyber Smart!” CISA
Cybersecurity Awareness is at an all-time high and has never been more meaningful! As the NCSA kicks…
OWASP Celebrated Their 20th Anniversary Last Week By Releasing a Brand New List Of Critical Security Risks For Web Apps
The OWASP Top 10 is the ultimate guide to the threats and remediations that companies should address,…
Hackers Continue To Target Critical US Infrastructure and Seek To Disrupt Supply Chains, But Are We Handing Them Access On A Silver Platter?
NEW Cooperative, an Iowa-based farm service provider, was hit with a ransomware attack in recent days. BlackMatter…
REvil Ransomware Returns And Continues To Attack And Leak Data
Guess who’s back in town? After wildly exploiting the zero-day Kaseya vulnerability back in July, and demanding…
CISA and The FBI Reveal An Interesting Warning Regarding Ransomware
Based on data from recent actor tactics, techniques, and procedures (TTPs), they report that ransomware attacks are…
