Tentacle Blog

These audits not only confirm adherence to the ISO/IEC 27001 standard but also assess the effectiveness of an organization's Information Security Management System (ISMS)...

ISO 27001 controls are measures, policies, processes, and procedures that organizations must adopt to meet the security requirements set forth in the ISO 27001 standard...

ISO 27001 offers organizations a systematic and holistic approach to safeguarding their critical data, whether it's confidential customer information, financial records, or intellectual property...

This guide offers a comprehensive exploration of CSF categories, shedding light on their functions and providing a roadmap for your initial steps in their utilization...

Both NIST Cybersecurity Framework (NIST CSF) and NIST Special Publication 800-53 (NIST 800-53) serve the common goal of enhancing cybersecurity, however, they differ significantly in their approach and applicability...

The NIST Cybersecurity Framework was established in response to the growing need for a unified and robust cybersecurity approach in an age marked by relentless cyber threats...

Whether you represent a government agency, operate as a government contractor, or simply lead an organization looking to enhance its security protocols, this comprehensive guide is designed to assist you...

NIST SP 800-53 consists of 20 different control families, each focusing on specific aspects of cybersecurity. These families encompass a wide range of topics...

NIST 800-53 has a rich history dating back to its inception as a response to the escalating technological capabilities of national adversaries. Over the years, it has evolved to encompass a comprehensive set...

Before we dissect the particulars of CIS, NIST, and their comparisons, it's crucial to comprehend the overarching role of cybersecurity frameworks...

CIS compliance means adhering to the cybersecurity standards and guidelines set forth by this reputable institution...

At their core, the CIS Controls serve as actionable recommendations that organizations can leverage to identify, anticipate, and respond to digital threats effectively...

The primary objective of GITC and ITGC audits is to ensure that an organization's IT control environment is robust, compliant, and capable of mitigating cybersecurity risks...

Within the expansive landscape of GITC and ITGC controls, various critical areas stand out, each contributing to the comprehensive cybersecurity fabric...

ITGC and GITC ensures that data remains accurate, that systems are accessible only to authorized personnel, and that the risk of security breaches is minimized...

Multiple factors go into the self-service or full-service decision and it’s no different when we apply those models to the technologies we use to manage Information Security...

In today's interconnected world, cyber threats have become increasingly sophisticated, and attackers are often exploiting the weakest link in the security chain: human error...

When it comes to Cybersecurity and cyber attacks, ‘human error’ is consistently identified as a major contributing factor...

Two years ago, if someone would have asked me about the “security posture” of my workplace, they probably would have gotten a blank stare or I may have asked them to repeat the question...

When you break down all the ideas and suggestions that come your way, you will recognize some significant downsides in attempting to be everything to everyone. Overall diminished quality, tool fatigue, and inefficiencies in your approach to growing your product, to name a few...

In this list, we’ve researched and aggregated some of the most common types of cyber attacks to explore their characteristics and steps to prevention...

Deep learning neural networks (or more specifically “transformer models”), like the one powering our import tool at Tentacle, are able to not only begin to build a graph of words like the above example, they are also able to understand how those words might change...

I’ve been laser-focused on the information security space now for the last three years since launching Tentacle, though ideated on the Tentacle concept for many years prior while buried deep in security questionnaires...

For any IT leader using CIO.com’s resolution list as a guide, I’ve provided specific ways, when it comes to information security, that Tentacle will help achieve your (IT) resolution list for 2023...

I could not wrap up this blog series without at least taking some time to acknowledge and speak to the amount of effort that is truly required to pull off a proper information security program...

In Part 1 of “Altruism in Information Security” I shared my thoughts on how I find the concept of altruism to be woven into the fabric of the ideal Information Security program...

Altruism and Information Security; two terms not commonly used together - the first term not often used to describe the foundational philosophy of the latter...

Let’s start with the basics: a foundational definition of Information Security management is the process of developing, maintaining, and continuously improving processes...

The idea of formalized Information Security leveraging a security framework isn’t new. As study after study is released detailing the continuous increase of cyber security threats faced by all organizations...

Security posture is a measure of your organization’s overall security effectiveness. The term can be a little confusing, because it doesn’t just refer to how good your company is at...

The timing of when I started Tentacle, associated with what was really making the headlines in our society, and my previous lessons learned from YourCause, inspired me to launch this business...

There’s no getting around them - and if I’m honest - even my inner salesperson, driven by the speed of the sale, knows filling out security questionnaires is an essential component...

I jumped headfirst into the Information Security space as a result of being pummeled for years by the gross inefficiencies and...

Since starting Tentacle, I have been standing on my soap box preaching the absurdity of the state of today’s information security market...

Over the years, I have grown increasingly frustrated and disappointed with the approaches taken by the industry...

Data breaches, network software exploitation, utility shutdowns: even a cursory glance at headlines today is enough to send a shiver up the most confident executive’s spine...

In starting my last business (YourCause), I had assumed that once I was able to build our core product to a certain point...

From January to March, our Equality Learning Group held its first book club and read Caste by Isabelle Wilkerson...

This blog post is not intended to be my confessional or my therapeutic cleanse for the last 44 years, but rather my attempt to pass along a few lessons...

I am not here to endorse or criticize the outgoing administration, nor am I seeking to push my political views onto anybody who might read this. We all...