GDPR is coming, not only winter

GDPR (EU General Data Protection Regulation)

The effective date - May 25th, 2018 - is coming soon!

The EU is putting this regulation in place to mandate that companies will protect personal information of EU citizens. Organizations that are not compliant with this regulation could face heavy fines. There are technical solutions like vulnerability management, patching, managed SIEM to help protect the data.  There are also processes and governance solutions based on best practices like ITSM, ISO27001, and NIST to better help mitigate risks and protect data.

Why do I care if my company is not located in the EU?


Read more: The EU General Data Protection Regulation (GDPR)

Cybersecurity comes to the Greater Cincinnati area
and Gratia is a proud sponsor of the event!


This year, Gratia is sponsoring one of the largest Cybersecurity symposiums in the Midwest, hosted by Northern Kentucky University. It is a one day event, packed with great presentations and most valuable breakout sessions.

If cybersecurity is a concern for your organization (and yes, it should be), please join us for the 10th Annual Cybersecurity Symposium, hosted on NKU’s campus on Fri, Oct 13th.

Early bird pricing of $199 (versus $250) runs thru mid Sept.  NKU is also running a buy 5, get 1 free promotion.
Here’s the link to register:

We are looking forward to meeting with you at the event - if you would like to schedule some time with our executives, please send us an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it. or give us a call at 513-800-0660.

Don’t become the next Equifax!

In case you have not heard about it, Equifax, the credit reporting agency, was hacked and lost 143 million customer data records to hackers. The data set included social security numbers, names, addresses, birth dates and credit card information.

How could that have happened?

Read more: Don't become the next Equifax!

sec 0002

In our last update, we outlined the attributes of a threat management approach (Prevention, Detection, Containment, and Removal), and briefly discussed the potential weak areas (People, Processes, and Technology).

Today, we want to introduce an approach based on Prevention.

Common endpoint protection solutions are typically focused on 1.) threat detection, 2.) threat containment, and 3.) threat removal.

Read more: Data security program – threat prevention

In our conversations and engagement with our customers, we learned that there is a lot of need to understand today’s buzzwords around endpoint protection, data protection, malware, ransomware and others. This short write-up covers some thoughts around the first phase “Prevention” in a good data security/protection approach for an organization. We will cover the other parts in later articles – not because they are less important, but simply to keep this first one short and interesting. As mentioned, your overall threat management should cover these areas:

Prevention – Implement processes and technologies to minimize the risk of malware or ransomware impacting your organization

Detection – Implement technologies that allow a quick and reliable detection of security incidents and a process for security incident management

Containment – Implement technical concepts to minimize the impact of a security incident

Removal / Recovery – Ensure that there are reliable means to recover data e.g. from regular backups.

Read more: Tips for your data security program




Cyber Security and ServiceNow

How to solve the relationship between security and IT. Check out the latest information about cyber security event/alert integration into the ServiceNow product line:

Read more: Cyber security and ServiceNow

Do you think it is a good idea saving money on Cybersecurity? Think again!

The true savings of cybersecurity          

p3.jpgWithin every industry competition continues to ramp up, driving down hard on margins. As a company leader, what do you focus your spending on…research and development, sales team, increasing operations, etc.?

Top of mind is rarely security, compliance or IT in general. It almost gets just enough attention and budget to seemingly keep afloat, and rarely not a penny more. Understandably, it’s hard to justify spending on a cost center that doesn’t directly increase net income…or so it may seem.

Read more: Saving money on Cybersecurity?

ITIL® Course Outline - ITIL V3 Foundations

ITIL® is a Registered Trade Mark of the AXELOS Limited

This is our three day course to provide knowledge of the ITIL® terminology, structure, and basic concepts and comprehension of the core principles of ITIL practices for service management.

The course includes all class materials and the examination (and related fees) that provides 2 credits that can count towards the ITIL Expert qualification. The examination is a pre-requisite for intermediate level examinations.

Read more: Our ITIL Foundation Training