Tentacle Blog

From security to equality, learn more about the things we value
Strengthening Third Party Risk Management for Fintech Partners
Published: 03-04-24
Security
In this post, we'll explore in-depth best practices for financial institutions to effectively oversee risks when engaging fintech partners...
Third-Party Due Diligence: Managing Risk in the Extended Business Network
Published: 03-04-24
Security
With digital transformation radically expanding business networks, third-party due diligence has never been more critical for managing enterprise risk...
Understanding Third-Party Risk: A Guide for Security Teams
Published: 03-04-24
Security
Third-party risk refers to any cybersecurity, privacy, or regulatory exposure originating from outside vendors that have access to your systems and data...
Streamline Your Cybersecurity Compliance Process in 5 Steps
Published: 02-26-24
Security
Follow these best practices to continuously monitor compliance, quickly remediate gaps, eliminate redundancy in assessments and auditing, while keeping key stakeholders informed...
Automated Security Risk Assessments 101: Your All-In-One Guide
Published: 02-26-24
Security
An automated security risk assessment utilizes software tools and algorithms instead of manual processes to identify, analyze and evaluate potential security threats and vulnerabilities...
The Essential Guide to Audit Readiness Assessment
Published: 02-26-24
Security
While audits can seem daunting, being audit-ready is achievable with the right preparation and tools. This guide will walk through best practices for audit readiness assessment...
Navigating the Foundations of Information Security Management
Published: 02-12-24
Security
Information security management is the process of protecting an organization's data and assets against potential threats to ensure confidentiality, integrity, and availability...
The Complete Guide to Developing an Information Security Policy
Published: 02-12-24
Security
This comprehensive document outlines rules, guidelines, and procedures for protecting sensitive data and technology infrastructure...
Building an Effective Information Security Program: The Ultimate Guide
Published: 02-12-24
Security
This guide breaks down the key components of building an effective information security program in simple, actionable steps...
How MSPs Can Leverage AI
Published: 01-11-24
Security
This blog explores how AI is transforming the managed services industry and the tangible benefits MSPs stand to gain...
Comprehensive Cybersecurity Best Practices for Managed Service Providers (MSPs)
Published: 01-11-24
Security
As cyber threats grow more advanced and regulatory obligations more complex, MSPs must implement robust security practices to safeguard operations...
Scale Your MSP with Compliance as a Service (CaaS)
Published: 01-11-24
Security
CaaS is driving growth in the MSP market by meeting rapidly changing client demands and expectations for comprehensive services from a single provider...
PCI 4.0: Stronger Password Requirements for Improved Data Security
Published: 12-18-23
Security
The release of PCI DSS version 4.0 brings stronger password protections for safeguarding cardholder data. Compliance with the updated requirements aims to reduce data breaches stemming from weak or compromised credentials...
What You Need to Know About PCI 4.0 Requirements
Published: 12-18-23
Security
In this article we break down exactly what comprises PCI DSS 4.0, new obligations around access controls and monitoring, and how businesses can prepare for future adoption...
Key Changes in PCI DSS 4.0: What You Need to Know
Published: 12-18-23
Security
This blog post will outline the motivation behind the update, explain the implementation timeframes, summarize key changes, and describe what PCI DSS 4.0 means for merchants and service providers...
How to Conduct a GDPR Compliance Audit: An In-Depth Guide for Businesses
Published: 12-04-23
Security
A GDPR compliance audit is a systematic, independent assessment and review of an organization’s data policies, procedures, and practices. It determines the extent to which these adhere to the requirements and principles of the GDPR...
GDPR Compliance: A Beginner's Guide for Small Businesses
Published: 12-04-23
Security
Although created for the EU, the GDPR has global implications as it applies to all companies that offer goods or services to EU data subjects, regardless of the company’s location. This means small businesses in the US and beyond need to comply if they have EU customers...
The Complete Guide to GDPR Compliance Certification
Published: 12-04-23
Security
Obtaining GDPR compliance certification demonstrates to customers and regulatory authorities that your organization takes data protection seriously. This guide covers everything you need to know about GDPR compliance and certification...
The FTC Safeguards Rule: What Auto Dealers Need to Know to Stay Compliant
Published: 11-20-23
Security
We’ll look at the core components of an information security program, as well as best practices for staying compliant under the new regulations. Whether you’re a small used car lot or a large auto group, you’ll learn key steps to take now...
FTC Safeguards Rule Checklist: How to Comply
Published: 11-20-23
Security
A new “finders” provision also captures companies that connect consumers to financial products and services for a fee. If your organization deals with sensitive consumer financial information, it’s important to review the updated Safeguards Rule to ensure compliance...
FTC Safeguards Rule: The Role and Opportunity for MSPs
Published: 11-20-23
Security
The FTC Safeguards Rule requires financial institutions to have reasonable data security safeguards in place to protect the confidentiality and security of customer information...
Creating a HIPAA Audit Checklist
Published: 11-14-23
Security
Developing a robust HIPAA audit checklist is a critical step for healthcare organizations to ensure compliance with the Privacy, Security, Breach Notification and other rules...
HIPAA Compliance for Dental Offices: A Complete Guide
Published: 11-14-23
Security
All healthcare providers that meet HIPAA's definition of a covered entity, including most dental practices, must comply with the HIPAA regulations...
The Ultimate HIPAA Compliance Checklist for Healthcare Organizations
Published: 11-14-23
Security
This comprehensive HIPAA compliance checklist breaks down the key elements healthcare entities need to have in place to protect patient privacy and health data...
Real-World Use Cases of the NIST AI Risk Management Framework
Published: 11-06-23
Security
As AI becomes more prevalent, organizations need robust governance frameworks to ensure these systems are trustworthy, ethical, and aligned with organizational values...
Leveraging the NIST AI RMF Playbook for Trustworthy AI
Published: 11-06-23
Security
This comprehensive guide provides suggested actions aligned with the four core functions of the NIST AI RMF: Govern, Map, Measure, and Manage...
Comprehensive Overview of NIST Artificial Intelligence Risk Management Framework
Published: 11-06-23
Security
Artificial intelligence (AI) technologies are transforming society, industry, and the economy. However, they also present unique risks that require thoughtful management...
Who Does PCI DSS Apply To? An Extensive Guide
Published: 11-01-23
Security
In this comprehensive guide, we’ll cover everything you need to know about who needs to comply with PCI DSS and why it matters...
The Complete Guide to PCI DSS Audits: Requirements, Process and Best Practices for Success
Published: 11-01-23
Security
PCI DSS audits thoroughly inspect the policies, procedures, and systems that merchants or service providers have in place to secure payment card information and transactions...
The Complete PCI DSS Compliance Checklist With All 12 Requirements
Published: 11-01-23
Security
This comprehensive PCI DSS compliance checklist covers everything you need to know to achieve and maintain compliance...
Who Needs CMMC Certification?
Published: 10-30-23
Security
Cybersecurity is more important than ever for organizations that handle sensitive data. This is especially true for contractors working with the U.S. Department of Defense (DoD)...
The Complete CMMC Compliance Checklist: An In-Depth Guide for DoD Contractors
Published: 10-30-23
Security
Developed by the DoD, CMMC is a unified cybersecurity standard designed to verify that contractors have adequate cybersecurity practices to protect sensitive defense information...
CMMC vs NIST 800-171: A Comparison of Two Cybersecurity Frameworks for Federal Contractors
Published: 10-30-23
Security
As cyber threats become more sophisticated, federal agencies are increasingly concerned about protecting sensitive information from unauthorized access or disclosure...
NIST 800-171 vs NIST 800-53: A Comparison of Information Security Standards
Published: 10-16-23
Security
Both frameworks provide flexibility along with stringent security to help safeguard government missions. Leverage all the guidance NIST standards have to offer to keep federal data secure and expand business opportunities...
NIST 800-171 Compliance Checklist & Prep
Published: 10-16-23
Security
Controlled Unclassified Information (CUI) is a crucial term within NIST 800-171. It refers to information that is not classified but requires protection...
Understanding NIST 800-171: A Deep Dive Into Cybersecurity Standards
Published: 10-16-23
Security
NIST 800-171 stands as the cornerstone of the federal government's commitment to safeguarding Controlled Unclassified Information (CUI)...
A Comprehensive Guide to SOC 2 Controls List
Published: 10-11-23
Security
These controls are structured around a framework that includes policies, communication protocols, procedural guidelines, and vigilant monitoring...
SOC 2 Compliance Checklist: A Complete Handbook
Published: 10-11-23
Security
In this article, we'll break down how to prepare for a SOC 2 audit and provide you with a handy checklist to make sure you're on the right track...
ISO 27001 vs SOC 2: What’s the Difference?
Published: 10-11-23
Security
While they share a common objective – safeguarding sensitive data – these frameworks diverge significantly in their methodologies and areas of applicability...
Exploring ISO 27001 Audits: Types, Importance, and Execution Tactics
Published: 10-02-23
Security
These audits not only confirm adherence to the ISO/IEC 27001 standard but also assess the effectiveness of an organization's Information Security Management System (ISMS)...
Navigating ISO 27001 Controls: An In-Depth Overview
Published: 10-02-03
Security
ISO 27001 controls are measures, policies, processes, and procedures that organizations must adopt to meet the security requirements set forth in the ISO 27001 standard...
ISO 27001 Compliance Checklist: Simplified Implementation Guide
Published: 10-02-23
Security
ISO 27001 offers organizations a systematic and holistic approach to safeguarding their critical data, whether it's confidential customer information, financial records, or intellectual property...
An In-Depth Overview of NIST CSF Categories
Published: 09-25-23
Security
This guide offers a comprehensive exploration of CSF categories, shedding light on their functions and providing a roadmap for your initial steps in their utilization...
NIST CSF vs. NIST 800-53: A Comparative Analysis
Published: 09-25-23
Security
Both NIST Cybersecurity Framework (NIST CSF) and NIST Special Publication 800-53 (NIST 800-53) serve the common goal of enhancing cybersecurity, however, they differ significantly in their approach and applicability...
What is NIST CSF? A Comprehensive Guide to the NIST Cybersecurity Framework
Published: 09-25-23
Security
The NIST Cybersecurity Framework was established in response to the growing need for a unified and robust cybersecurity approach in an age marked by relentless cyber threats...
NIST SP 800-53 Compliance Checklist: Ensuring Data Security and Regulatory Adherence
Published: 09-18-23
Security
Whether you represent a government agency, operate as a government contractor, or simply lead an organization looking to enhance its security protocols, this comprehensive guide is designed to assist you...
Exploring the 20 NIST SP 800-53 Control Families
Published: 09-18-23
Security
NIST SP 800-53 consists of 20 different control families, each focusing on specific aspects of cybersecurity. These families encompass a wide range of topics...
What is NIST SP 800-53?: Understanding the Standard and Tips for Compliance
Published: 09-18-23
Security
NIST 800-53 has a rich history dating back to its inception as a response to the escalating technological capabilities of national adversaries. Over the years, it has evolved to encompass a comprehensive set...
CIS vs. NIST: A Comprehensive Comparison
Published: 09-13-23
Security
Before we dissect the particulars of CIS, NIST, and their comparisons, it's crucial to comprehend the overarching role of cybersecurity frameworks...
What is CIS Compliance and What Role Do CIS Benchmarks Play?
Published: 09-13-23
Security
CIS compliance means adhering to the cybersecurity standards and guidelines set forth by this reputable institution...
What Are CIS Critical Security Controls? A Comprehensive Guide to the 18 Controls
Published: 09-13-23
Security
At their core, the CIS Controls serve as actionable recommendations that organizations can leverage to identify, anticipate, and respond to digital threats effectively...
Demystifying General IT Controls (GITC) and IT General Controls (ITGC) Audits
Published: 09-12-23
Security
The primary objective of GITC and ITGC audits is to ensure that an organization's IT control environment is robust, compliant, and capable of mitigating cybersecurity risks...
Exploring the Controls Within General IT Controls (GITC) and IT General Controls (ITGC)
Published: 09-12-23
Security
Within the expansive landscape of GITC and ITGC controls, various critical areas stand out, each contributing to the comprehensive cybersecurity fabric...
Understanding General IT Controls (GITC) and IT General Controls (ITGC)
Published: 09-12-23
Security
ITGC and GITC ensures that data remains accurate, that systems are accessible only to authorized personnel, and that the risk of security breaches is minimized...
Bridging the InfoSec Gap: What If Self-Service could be Full-Service?
Published: 09-11-23
Security
Multiple factors go into the self-service or full-service decision and it’s no different when we apply those models to the technologies we use to manage Information Security...
Tangled Webs of Deception: Scary Cybersecurity Scenarios and the Dark Art of Social Engineering
Published: 08-07-23
Security
In today's interconnected world, cyber threats have become increasingly sophisticated, and attackers are often exploiting the weakest link in the security chain: human error...
Tentacle 10: The Human Element of Cyber Attacks and Steps For Prevention
Published: 07-19-23
Security
When it comes to Cybersecurity and cyber attacks, ‘human error’ is consistently identified as a major contributing factor...
Who’s With Me? An Invitation To Do More - Together
Published: 06-20-23
Security
Two years ago, if someone would have asked me about the “security posture” of my workplace, they probably would have gotten a blank stare or I may have asked them to repeat the question...
Embracing Integrations: Pivoting Development Strategies for Long-Term Success
Published: 05-31-23
General
When you break down all the ideas and suggestions that come your way, you will recognize some significant downsides in attempting to be everything to everyone. Overall diminished quality, tool fatigue, and inefficiencies in your approach to growing your product, to name a few...
Tentacle 10: Common Types of Cyber Attacks and Steps for Prevention
Published: 05-24-23
Security
In this list, we’ve researched and aggregated some of the most common types of cyber attacks to explore their characteristics and steps to prevention...
Leveraging Large Language Models for Smarter Cybersecurity
Published: 05-15-23
Security
Deep learning neural networks (or more specifically “transformer models”), like the one powering our import tool at Tentacle, are able to not only begin to build a graph of words like the above example, they are also able to understand how those words might change...
The 5 Unanimous Needs InfoSec Professionals Are Hoping Technology Will Solve
Published: 04-03-23
Security
I’ve been laser-focused on the information security space now for the last three years since launching Tentacle, though ideated on the Tentacle concept for many years prior while buried deep in security questionnaires...
Don’t Let Those (IT) Resolutions Slip Just Yet: How Tentacle Helps Tackle InfoSec Priorities in 2023
Published: 02-07-23
Security
For any IT leader using CIO.com’s resolution list as a guide, I’ve provided specific ways, when it comes to information security, that Tentacle will help achieve your (IT) resolution list for 2023...
Altruism in Information Security, Part 3: Effort (and Sacrifice) in Execution
Published: 11-16-22
Security
I could not wrap up this blog series without at least taking some time to acknowledge and speak to the amount of effort that is truly required to pull off a proper information security program...
Altruism in Information Security, Part 2: Identifying Hurdles Along the Path
Published: 11-09-22
Security
In Part 1 of “Altruism in Information Security” I shared my thoughts on how I find the concept of altruism to be woven into the fabric of the ideal Information Security program...
Altruism in Information Security? (Part 1 of 3)
Published: 11-02-22
Security
Altruism and Information Security; two terms not commonly used together - the first term not often used to describe the foundational philosophy of the latter...
Information Security Management and the Connectivity Gap: Solving for the Missing Links in Enterprise Information Security
Published: 10-18-22
Security
Let’s start with the basics: a foundational definition of Information Security management is the process of developing, maintaining, and continuously improving processes...
Let The Framework Be Your Guide: Tips for Identifying the Right Security Framework
Published: 08-24-22
Security
The idea of formalized Information Security leveraging a security framework isn’t new. As study after study is released detailing the continuous increase of cyber security threats faced by all organizations...
Improve Your Security Posture With Centralized Management
Published: 05-31-22
Security
Security posture is a measure of your organization’s overall security effectiveness. The term can be a little confusing, because it doesn’t just refer to how good your company is at...
Milestones Hit & Lessons Learned
Published: 05-31-22
General
The timing of when I started Tentacle, associated with what was really making the headlines in our society, and my previous lessons learned from YourCause, inspired me to launch this business...
Removing the Sales Cycle Bottleneck: How to Win More Deals (FASTER!) With Security Questionnaire Automation
Published: 05-04-22
Security
There’s no getting around them - and if I’m honest - even my inner salesperson, driven by the speed of the sale, knows filling out security questionnaires is an essential component...
I'm Looking for the Brave
Published: 04-12-22
Security
I jumped headfirst into the Information Security space as a result of being pummeled for years by the gross inefficiencies and...
The parallels between running the Rim-2-Rim-2-Rim (Grand Canyon) and Security Assessments
Published: 12-06-21
Security
Since starting Tentacle, I have been standing on my soap box preaching the absurdity of the state of today’s information security market...
Is the InfoSec Risk Assessment Process Genuinely Disingenuous?
Published: 11-01-21
Security
Over the years, I have grown increasingly frustrated and disappointed with the approaches taken by the industry...
Performing an Effective IT Risk Assessment
Published: 08-02-21
Security
Data breaches, network software exploitation, utility shutdowns: even a cursory glance at headlines today is enough to send a shiver up the most confident executive’s spine...
Good On My Word: Fixing the Broken Information Security Assessment Process 10-years Later
Published: 06-28-21
Security
In starting my last business (YourCause), I had assumed that once I was able to build our core product to a certain point...
Equality Learning Group - Reflections on Caste
Published: 06-10-21
Equality
From January to March, our Equality Learning Group held its first book club and read Caste by Isabelle Wilkerson...
I would never admit sayin' this but...
Published: 02-16-21
Tentacle Voices
This blog post is not intended to be my confessional or my therapeutic cleanse for the last 44 years, but rather my attempt to pass along a few lessons...
The Last Administration Might Have Been More Powerful Than We’re Giving It Credit For...
Published: 01-25-21
Tentacle Voices
I am not here to endorse or criticize the outgoing administration, nor am I seeking to push my political views onto anybody who might read this. We all...
submit-question