Blog

Searching for a way to simplify your HIPAA risk analysis? The ONC/OCR tool can help--we explain how, as well as how to use it so that you satisfy the HIPAA security rule more easily.

Not sure about transferring your ISO certificate? We detail the requirements for a transfer and several factors you should consider before making this decision so you can be sure this move is for you.

Considering FedRAMP but not sure what it'll take to achieve? We break down 3 aspects of what you'll need to provide during the process so that you can assess if you're ready & prepare to move forward.

Debating implementing manual or automated controls, but not sure which is right? We delve into the pros and cons of each, as well as how to design an internal control no matter what type it is.

In honor of Adoption Awareness Month, Schellman's own Mathieu Legendre recounts how he first met his infant son and offers solidarity to all the prospective parents still on their adoption journeys.

Schellman has appointed our first CPTO, Roopa Sudheendra, who will lead the expansion of our product development team. Welcome, Roopa!

Malicious actors can still leverage XSS payloads to perform CSRF-type attacks to great effect. Learn how this threat works and how you can demonstrate its potential impact during penetration testing.

Seeking to better sell your blockchain offering? Learn how obtaining a SOC report can help build trust with markets, further legitimize this technology, and open new doors for your service.

With Election Day upon us again, here's an overview of voting-related security threats the U.S. faces—some more often mentioned than others—and what defenses we can employ to defend against them.

Some consider readiness assessments a skippable step in compliance, but we lay out how valuable this extra piece can be to your overall compliance goals.

Schellman continues to strengthen its commitment to DEI through this pledge by CEO Avani Desai. Read more about how this latest move furthers the firm's initiatives to create an inclusive workplace.

National Cybersecurity Awareness Month has now come to a close. Today, on Halloween, we present 3 cyber threats you should be aware of year-round and resources for protecting yourself against them.

Need a real way to bypass antivirus/endpoint detection (AV/EDRs)? We explored entropy, and here we lay out how you too can use it to help in bypassing security tools during testing.

Designing your SOC 1 control objectives is a critical part of your assessment. We provide starting points, criteria, and examples to help you simplify this important process.

ISO 27001:2022 is now published. Find out 4 things you need to know about this significant update and what it means for your potential or current ISO 27001 certification.