Brian Johnson

Security Engineer / Podcaster, is the president of 7 Minute Security, an information security consultancy in the Minneapolis area. Brian spends most of his days helping companies defend their networks.

Since 2004, Brian has also run the blog/podcast called 7 Minute Security, where he shares what he has learned about information security into short, 7-minute chunks.

Expertise

Security, SOC 2, Policy, Integrations, Auditing, Onboarding, ISO 27001, HIPAA, NIST

Latest blog posts from Brian

Defining Your IT Vendor Management Policy

As you work through the rigorous SOC 2 requirements, it is easy to get tunnel vision because so much of your work focuses on protecting your customers and their information. But what about the vendors you work with? Do you have a third-party IT vendor management strategy to address the risks they bring to your organization?

5 Password Policy Best Practices You Can Implement

Passwords are one of the most common targets for hackers, so it’s imperative that your company enforces a strong password policy. This policy will not only define the requirements of the password itself but the procedure your organization will use to select and securely manage passwords.

The Differences Between SOC 1 vs SOC 2

Confusing a SOC 1 vs SOC 2 audit is easy. While both compliance frameworks attest to the controls used within your organization, the frameworks differ in focus. SOC 1 looks at your organization’s financial reporting, while SOC 2 focuses on how you secure and protect customer data. This blog post will focus on exploring the differences between SOC 1 vs SOC 2.

4 Steps To Work Remotely While Maintaining Security | Remote Access Policy

The purpose of a Remote Access Policy is to keep your employees productive from anywhere without sacrificing security.

Workstation Security Policy Best Practices

In the workstation security policy, you will define rules intended to reduce the risk of data loss/exposure through workstations.

Encryption Policy Best Practices | TLS vs SSL

You wouldn’t leave the house without making sure your doors and windows were locked, and that any valuables were hidden or secured in a safe. That way, if you were robbed, the burglar would have a difficult time accessing your most precious assets. In the same way, you need to make sure your organization’s critical data is well protected.

4 Things to Consider When Writing a Data Center Security Policy

Should you host data on-premise or in the cloud? Who is responsible for security? The company who owns the data, the cloud provider, or both?

Best Practices When Writing Your Access Onboarding & Termination Policy

It's easy to focus on cybersecurity threats like social engineering and phishing. However, internal threats, such as human error and disgruntled employees, can be just as dangerous - and are often overlooked. A mature onboarding and termination policy that leverages least privilege access is essential to preventing a data breach.