Chaos engineering

Chaos Engineering: What is it? Should You Use it?

Incident Response Plans (IRP) are an extremely important element of dealing with security incidents. Traditionally, an IRP has been when an organization creates a scenario on paper and performs a walkthrough of the incident with key members of the incident response team to determine whether everyone understands what to do in the event an incident […]

Information security roles & responsibilities

What are the Roles and Responsibilities of Information Security?

Information security is a hot topic and receives frequent headlines due to the weekly—if not daily—security breaches that occur on a global scale. At Linford & Co, we work with service providers on a regular basis to evaluate aspects of their information security by independently testing the design and operating effectiveness of their controls.

Business Associate Vendor/Third Party Risk Management Solutions for HIPAA Compliance

If my company is not a healthcare provider, what do we need to do to demonstrate proper vendor due diligence required by HIPAA/HITECH? Many times, this question is posed to audit firms and consulting firms when a client receives a security questionnaire from a potential or existing healthcare customer they provide services. This article will […]

Enhancing Your Enterprise Security — Do These 5 Things Now

What is Enterprise Security? Enterprise security is the process by which an organization protects its information assets (data, servers, workstations, storage, networking, applications, etc.) from infringement of confidentiality, integrity, or availability. It includes policies and procedures which provide guidance on the who, what, why, and how to implement the protection mechanism for an organization’s information […]

What is data security

What is Data Security?

Data security refers to the controls implemented by a company to protect its data from unauthorized access and corruption. A good control environment around data security isn’t built on trust, it’s built on controls that are operating effectively allowing verification and adequate oversight. The implementation of mature data security protocol and measures by which individuals […]

Types of controls

Types of Controls & What Are Internal Controls?

Internal controls are essential process steps that allow for one to determine or confirm whether certain requirements are being done per a certain expectation, law, or policy. Additionally, internal controls allow auditors to perform tests to gain assurance that a process is designed and operating properly. In this post, we will discuss what internal controls […]