About Richard Rieben (Partner | CISSP, CCSFP, GSNA)

Globally, the advent of AI systems and technologies is leading massive innovations. For example: The AI market in the U.S. was valued at $50.16 billion in 2024 and is projected to grow at a compound annual growth rate (CAGR) of 28.30%, reaching $223.70 billion by 2030. In 2023, investments in generative AI surged to $25.2 […]

On March 11, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) introduced a new form for secure software development attestations. After working closely with various industry groups, a standard form was released to make certain software companies working with the federal government use basic secure development methods […]

Large Language Models (LLMs) and Generative AI are cutting-edge technologies in the field of artificial intelligence that are rapidly evolving in the business landscape. LLMs are a subset of Generative AI, focusing specifically on language-related tasks. While related, LLMs refer to AI systems capable of understanding and generating human-like text based on large datasets. Generative […]

Over the past several years, the concept of Zero Trust has transitioned from an industry buzzword to a pillar of information security. In this blog post, we will break down what zero trust means in the industry, what the pillars of zero trust are, and how zero trust concepts impact auditing activities and other factors […]

When we engage with clients who are just starting their HITRUST adoption and certification journey, one of the first steps is a readiness assessment. In this article, we will cover the following topics: The various forms of readiness assessments and their characteristics. Challenges organizations face when they are performing a readiness assessment. Success factors which […]

What is HITRUST Certification? Founded in 2007, HITRUST issues certifications to businesses and organizations that are independently assessed for compliance with its Common Security Framework (CSF). An organization can obtain HITRUST certification when all the required controls are fully implemented within the scoped environment. The HITRUST CSF is designed for use by a variety of […]

Our firm has been a HITRUST External Assessor Organization since 2017, and in that time we have successfully helped dozens of organizations obtain and maintain HITRUST certifications. We have identified common pitfalls and other barriers to success and we’ve also learned some keys to success. In this article, I’ll break down some of the most […]

After months of preparation, your organization successfully navigated a HITRUST-validated assessment and achieved HITRUST certification – but what comes next? This article will focus on some general practices and techniques that will allow your organization to continually improve the information security posture of the organization in an effort to maintain a state of readiness to […]

Healthcare is a complicated topic. When the term is raised, the altruists among us focus on helping their fellow man. But like any endeavor managed by people, there is a business aspect to it. The business of healthcare faces the same problems as other types of businesses. It must operate efficiently, securely, and offer something […]

“What is HITRUST?” is typically the first question asked by organizations exploring HITRUST for the first time. Formerly, HITRUST stood for Health Information Trust Alliance but several years ago it rebranded to simply HITRUST to align with changes to the “framework,” making it industry agnostic. Is HITRUST a Framework? HITRUST is far more than a […]