Containers and the concept of containerization has been growing rapidly over the last couple of years, and many organizations are struggling to keep up with the new technology and keeping their systems secure. If you and your organization are considering trying to use or moving to containers, many of your current security processes and procedures […]
In previous postings we have talked about HITRUST certification and compliance requirements, understanding the HITRUST certification process, and scoring HITRUST CSF controls, but one question we hear constantly is, “What is the benefit of getting HITRUST certified?” Security Concerns in Healthcare & How to Alleviate Them Over the past few years, healthcare organizations have seen […]
According to ISACA’s State of Cyber Security 2017, 65% of organizations have a chief information security officer (CISO). Also in that study, only 50% of organizations have an increasing security budget. For many small and mid-sized organizations, budgets are already tight, and hiring a full-time CISO may seem like a luxury. So how does an […]
Have you ever heard of Edward Snowden? How about the semi-recent Waymo/Levandowski saga? These are both examples of insider attacks. While these are high profile examples, there are also hundreds, thousands, dare I say millions more out there that are not reported on in mainstream media. When talking to a lot of security professionals, a […]
A recent settlement between the US Department of Health and Human Services’ Office of Civil Rights (OCR) and an orthopedic clinic highlights the importance of executing a HIPAA business associate agreement with appropriate third party services providers.
Given the very public Equifax breach, there is no better time than now for you and your organization to review (or create) your patch management process to make sure that it is being followed, gaps are identified and filled, and everyone is working to secure the environment. To give you an update in case you […]
Compliance with the requirements of the HIPAA Security Rule starts with understanding how it is constructed. The HIPAA Security Rule is part of the overall HIPAA Privacy and Security Rule and is comprised of standards and implementation specifications. Each Security Rule standard is a requirement: a covered entity must comply with all of the standards […]
Mobile devices are everywhere, according to Pew Research, around 77% of all Americans own a smartphone and more and more people are relying on mobile devices for both work and play. With the mass adoption of mobile devices, companies are becoming increasingly reliant on a mobile workforce because mobile devices offer the capability for companies […]
In May 2018, the European Union will begin enforcing the General Data Protection Regulation or GDPR. If you have not heard of this before, consider this an introduction, because as we get closer to May 2018, there will be more and more discussions about data privacy and protection and what GDPR compliance is and how […]
The Public Company Accounting Oversight Board (PCAOB) is a regulatory board reporting to the SEC who oversees the audits of public companies. Congress created the PCAOB in 2002 with the Sarbanes-Oxley Act (SOX) in response to a series of accounting scandals, notably Enron and Worldcom, to tighten controls on the auditing industry.