IT Audit & Compliance Blog

The HIPAA Security Rule places so much emphasis on the importance of risk analysis that it is positioned as the first requirement of HIPAA compliance. Yet, as we conduct HIPAA compliance gap assessments for organizations, it is rare to find that a formal IT Risk Assessment has been completed, and rarer still to find that […]

In previous articles, we’ve covered what HITRUST is and how to get HITRUST certified, but one very frequent question is, “What’s the difference between HIPAA vs HITRUST?” While they both relate to information security, and HITRUST initially began as part of HIPAA, they’re very different concepts. Let’s dive in. What Is the Difference Between HIPAA […]

A backdoor was recently discovered in a critical open-source utility used by the two major Linux distributions which, had it gone undetected, could have caused immense damage. The people or entity behind the backdoor patiently waited years to create the right circumstances before inserting the vulnerability. Larger questions have been raised about securing software supply […]

At Linford & Company, we fully understand that there are all sizes of companies that complete the kind of audits we do, which include SOC 1 (f. SSAE 16), SOC 2, HIPAA and royalty audits.

In November 2021, the Department of Defense (DoD) announced Cybersecurity Maturity Model Certification (CMMC) 2.0, a program meant to assess an organization’s cybersecurity program maturity. The CMMC program is designed to achieve the following goals: “Safeguard sensitive information to enable and protect the warfighter” “Enforce Defense Industrial Base (DIB) cybersecurity standards to meet evolving threats” […]

Any time we make “first contact” with someone who needs a HITRUST assessment there are always 3 overarching questions, “What is this going to cost?”, “How hard is this going to be?”, and the question I will be covering in this article – “How long is this going to take?” In the past, before the […]

A common concern being expressed by the general public and the United States government is the state of cybersecurity and the strength of the country’s ability to protect itself against a cybersecurity attack from within and without the United States. In response to this concern, the Department of Defence (DOD) has been working on the […]

How do companies keep track of who’s supposed to see what information? What if a disgruntled ex-employee still had access to sensitive files? Or a hacker could easily impersonate the CEO? Identity and Access Management (IAM) is the answer, ensuring the right people (and only the right people) get access to the right systems and […]

Large Language Models (LLMs) and Generative AI are cutting-edge technologies in the field of artificial intelligence that are rapidly evolving in the business landscape. LLMs are a subset of Generative AI, focusing specifically on language-related tasks. While related, LLMs refer to AI systems capable of understanding and generating human-like text based on large datasets. Generative […]

I’m sure you have heard the saying “trust, but verify” which has been a common theme in the audit world. The new saying for cybersecurity goes “never trust, always verify,” and that is the core of zero trust security. One of our clients was in the process of setting up a new environment for their […]