Available Guides
The HIPAA Security Rule: A Practical Compliance Guide
A plain-language walkthrough of what the HIPAA Security Rule actually requires, how OCR interprets the required vs. addressable distinction, what a compliant risk analysis looks like, and the documentation that auditors expect to find. Written for compliance officers, privacy officers, and IT leaders at covered entities and business associates who need to understand the substance of the rule, not just its structure.
Request Guide
Ransomware Defense: Before, During, and After an Attack
A practical guide to building ransomware defenses that actually work: covering network segmentation, backup architecture, detection capabilities, and incident response procedures: alongside what to do in the first 72 hours of an active ransomware incident and how to manage recovery when backup infrastructure has been compromised. Based on lessons from real ransomware response engagements across healthcare, government, and education.
Request Guide
AI-Powered Attacks: What Security Teams Need to Know Now
How AI is being used to attack organizations today: AI-generated spear-phishing, deepfake social engineering, autonomous agent-based intrusion, and AI-assisted vulnerability exploitation: and what defenses are effective against each technique. Written for security teams who need to understand what they are actually facing rather than a theoretical overview of what AI attacks might eventually look like.
Request Guide
Building a Penetration Testing Program: A Guide for Security Leaders
What a well-scoped penetration test actually looks like, how to brief a testing firm so they find what matters rather than what is easy to find, what to do with findings once you have them, and how to build a recurring testing cadence that improves security over time rather than producing annual reports that no one acts on. Covers network, application, and social engineering testing scope decisions.
Request Guide
PCI DSS v4.0: What Changed and What It Means for Your Business
A focused review of the material changes in PCI DSS v4.0 that became fully effective in 2025, including the customized approach, targeted risk analysis requirements, new authentication requirements, and changes to the scoping and testing requirements. Written for compliance managers, IT directors, and QSA customers who need to understand what the updated standard requires without reading the full 360-page document.
Request Guide
Virtual CISO: When to Hire One, What to Expect, and How to Get Value
A practical guide to understanding when a Virtual CISO engagement makes sense versus when a full-time hire is the right answer, what a well-structured vCISO engagement looks like, how to set expectations with your board and executive team, and how to evaluate whether your vCISO is delivering genuine security program improvement rather than just advisory reports. Includes a vCISO onboarding framework and board reporting template.
Request GuideResources
Company
Contact
- US: 4752 Euclid Rd Suite 11,
Virginia Beach, VA 23462 - India: Orchard Street, Sector 61,
Gurgaon, Haryana - Phone: (301) 825-5518
- info@garrisonone.com
