(270) 506-5140 CONTACT US
Login

Venminder Blog

Dec 31, 1969 by

Lisa-Mae Hill, CTPRP

Lisa-Mae Hill, CTPRP
Lisa-Mae is an experienced cybersecurity analyst with experience in both the private and public sectors. She has held the role of Subject Matter Expert and Information System Security Officer for a government based contractor and has extensive experience in Certification & Accreditation, CIS Critical Control Implementation and Auditing, Security Assessments and cybersecurity Policy. She has a Bachelor’s degree in Information Technology Management from State University of New York Delhi paired with many hours of additional cybersecurity and industry related training. She is also a Certified Third Party Risk Professional (CTPRP).
Find me on:

Recent Posts

SOC Reports

Vendor SOC 1, 2 or 3 – Understanding the Differences

Feb 12, 2019

If you’re a regulated organization, you likely already understand that you should be asking many of your vendors for a SOC reportespecially your critical or high risk vendors.  

Read More

Cybersecurity

3 Actions You Can Do to Avoid Vendor Breaches

Jan 23, 2019

Unfortunately, a reality that we’re living in is that it’s likely that a breach will happen at some point. So, it’s important to prevent and be prepared.

Read More

Best Practices

Vendor Data Breach Notifications: Are You One of the Many Organizations Left in the Dark?

Oct 30, 2018

A few years ago, the New York Department of Financial Services (NYDFS) released survey results giving us more insight regarding many bank’s cybersecurity preparedness. The NYDFS surveyed 40 [...]

Read More

SOC Reports

What's the Significance of a Vendor's Bridge Letter?

Oct 16, 2018

A bridge letter, also known as a gap letter, is made available by the service organization (your vendor) to cover a period of time between the reporting period end date of the SOC report and the [...]

Read More

SOC Reports

How, Why and When to Request a SOC Report from Your Vendors

Oct 10, 2018

Requesting a SOC report from your vendor is an important step to validate that the proper controls are in place at that company, and if not, to give you the opportunity to request your vendor [...]

Read More

Information Security

3 Information Security Principles to Use within Your Vendor Management Program

Sep 25, 2018

With the increase in cybersecurity breaches, it’s critical to monitor and fully understand your vendor’s information security posture in order to protect the company from unnecessary risk. There [...]

Read More

Best Practices

SSAE 18: The Full Overview for Vendor Management

Sep 11, 2018

The purpose for the creation of the SSAE 18, in May 2017, was to clarify the auditing standards and to reduce duplication within similar standards covering examinations, reviews and agreed-upon [...]

Read More

Business Continuity / Disaster Recovery

Does Your Critical Vendor Have an Effective BCP Plan?

Jul 3, 2018

Business continuity planning allows for businesses to ensure that their key operations, products and services continue to be delivered either in full or at a predetermined level of availability. [...]

Read More

Cybersecurity

Importance of Complementary User Entity Controls for Vendor Relationships

Jun 20, 2018

Complementary User Entity Controls (CUECs), also known as User Control Considerations (UCCs), are controls that the vendor has included within its system and rely on the user entity (you) to [...]

Read More

Best Practices

Altaba Inc/Yahoo SEC Enforcement Action Reminds to Know Vendor Response Plan

May 22, 2018

A few weeks ago, on April 24, 2018, the Securities and Exchange Commission (SEC) fined Altaba, Inc., aka Yahoo, $35 million for a massive data breach that impacted around 50 million users in 2014

Read More

Cybersecurity

4 Important Areas of Vendor Cybersecurity to Understand

Mar 14, 2018

We know your organization is more than likely investing in their cybersecurity program to take precautions and prevent unnecessary breaches, but are your third and fourth party vendors?

It’s [...]

Read More

Cybersecurity

10 Vendor Cybersecurity Tips

Nov 8, 2017

As part of your vendor due diligence, you should be spending time on cybersecurity. To help you out, I've got 10 tips

Read More

Cybersecurity

Include Vendor Cybersecurity into Your Cybersecurity Plans

Oct 11, 2017

October being National Cybersecurity Awareness Month reminds us to take a look at vendor cybersecurity.

Read More

Written by

Follow
Subscribe--Bg.jpg

Subscribe to the Venminder Blog