(270) 506-5140 CONTACT US
Login

Venminder Blog

Dec 31, 1969 by

Lisa-Mae Hill, CTPRP

Lisa-Mae Hill, CTPRP
Lisa-Mae is an experienced cybersecurity analyst with experience in both the private and public sectors. She has held the role of Subject Matter Expert and Information System Security Officer for a government based contractor and has extensive experience in Certification & Accreditation, CIS Critical Control Implementation and Auditing, Security Assessments and cybersecurity Policy. She has a Bachelor’s degree in Information Technology Management from State University of New York Delhi paired with many hours of additional cybersecurity and industry related training. She is also a Certified Third Party Risk Professional (CTPRP).
Find me on:

Recent Posts

Cybersecurity

Vendor SOC for Cybersecurity: Do You Need to Request One?

Oct 29, 2019

With increased scrutiny and regulations surrounding cybersecurity, it's a topic that is “talk of the industry.” Developed by the American Institute of Certified Public Accountants (AICPA), the SOC [...]

Read More

Cybersecurity

6 Vendor Cybersecurity Red Flags

Oct 23, 2019

A cybersecurity plan helps protect organizations from potential vulnerabilities. A vulnerability can be a data breach, phishing attack or another form of system exposure. It’s important to [...]

Read More

Cybersecurity

Vendor Information Security Policy: What Should Be Included

Oct 22, 2019

Strong information security is crucial to safeguarding your organization and customer data. Information security always keeps confidentiality, integrity and availability at the core. This means [...]

Read More

Cybersecurity

4 Best Practices to Reduce Third Party Cybersecurity Risk

Oct 9, 2019

When you outsource to a third party, cybersecurity risk is a huge possibility. The confidentiality of your organization’s and customer’s data is on the verge of being exposed daily as your third [...]

Read More

Cybersecurity

Importance of Complementary User Entity Controls for Vendor Relationships

Jul 29, 2019

Complementary User Entity Controls (CUECs), also known as User Control Considerations (UCCs), are controls that the vendor has included within its system and rely on the user entity (you) to [...]

Read More

Cybersecurity

What to Do When Your Vendor Is Susceptible to Cybersecurity and Data Incidents

Jul 17, 2019

In today’s tech environment, it’s common to outsource a product or service to a vendor who specializes in that area. Typically, it makes the most economical sense for a business, too. But what [...]

Read More

SOC Reports

Vendor SOC 1, 2 or 3 – Understanding the Differences

Feb 12, 2019

If you’re a regulated organization, you likely already understand that you should be asking many of your vendors for a SOC reportespecially your critical or high risk vendors.  

Read More

Cybersecurity

3 Actions You Can Do to Avoid Vendor Breaches

Jan 23, 2019

Unfortunately, a reality that we’re living in is that it’s likely that a breach will happen at some point. So, it’s important to prevent and be prepared.

Read More

Best Practices

Vendor Data Breach Notifications: Are You One of the Many Organizations Left in the Dark?

Oct 30, 2018

A few years ago, the New York Department of Financial Services (NYDFS) released survey results giving us more insight regarding many bank’s cybersecurity preparedness. The NYDFS surveyed 40 [...]

Read More

SOC Reports

What's the Significance of a Vendor's Bridge Letter?

Oct 16, 2018

A bridge letter, also known as a gap letter, is made available by the service organization (your vendor) to cover a period of time between the reporting period end date of the SOC report and the [...]

Read More

SOC Reports

How, Why and When to Request a SOC Report from Your Vendors

Oct 10, 2018

Requesting a SOC report from your vendor is an important step to validate that the proper controls are in place at that company, and if not, to give you the opportunity to request your vendor [...]

Read More

Information Security

3 Information Security Principles to Use within Your Vendor Management Program

Sep 25, 2018

With the increase in cybersecurity breaches, it’s critical to monitor and fully understand your vendor’s information security posture in order to protect the company from unnecessary risk. There [...]

Read More

Best Practices

SSAE 18: The Full Overview for Vendor Management

Sep 11, 2018

The purpose for the creation of the SSAE 18, in May 2017, was to clarify the auditing standards and to reduce duplication within similar standards covering examinations, reviews and agreed-upon [...]

Read More

Business Continuity / Disaster Recovery

Does Your Critical Vendor Have an Effective BCP Plan?

Jul 3, 2018

Business continuity planning allows for businesses to ensure that their key operations, products and services continue to be delivered either in full or at a predetermined level of availability. [...]

Read More

Best Practices

Altaba Inc/Yahoo SEC Enforcement Action Reminds to Know Vendor Response Plan

May 22, 2018

A few weeks ago, on April 24, 2018, the Securities and Exchange Commission (SEC) fined Altaba, Inc., aka Yahoo, $35 million for a massive data breach that impacted around 50 million users in 2014

Read More

Cybersecurity

4 Important Areas of Vendor Cybersecurity to Understand

Mar 14, 2018

We know your organization is more than likely investing in their cybersecurity program to take precautions and prevent unnecessary breaches, but are your third and fourth party vendors?

It’s [...]

Read More

Cybersecurity

10 Vendor Cybersecurity Tips

Nov 8, 2017

As part of your vendor due diligence, you should be spending time on cybersecurity. To help you out, I've got 10 tips

Read More

Cybersecurity

Include Vendor Cybersecurity into Your Cybersecurity Plans

Oct 11, 2017

October being National Cybersecurity Awareness Month reminds us to take a look at vendor cybersecurity.

Read More

Written by

Follow
Subscribe--Bg.jpg

Subscribe to the Venminder Blog