What is NIST 800-66?

Securing protected health information (PHI) is one of the paramount cybersecurity concerns of many organizations, both inside and outside the healthcare industry. This information, if released to unauthorized parties, could lead to significant personal harm to patients that organizations must avoid at all costs.  The Healthcare Insurance Portability and Accessibility Act (HIPAA) governs the protection… Read More

The HIPAA Security Rule and Risk Management

The Healthcare Insurance Portability and Accountability Act (HIPAA) is one of the more complex regulations in the U.S., due in no small part to the complicated and open-ended nature of the law.  What should companies do? In this case, covered organizations are turning to risk-based assessments to help them support their security approaches.  Here, we… Read More

What is IRS 1075?

The federal government has strict and comprehensive regulations on how agencies handle constituents’ personal information. This is just as true for tax information. The IRS leans on established guidelines associated with federal security to dictate regulations for agencies that handle tax information and, by and large, treats that information as a sensitive and critical part… Read More

What is SOX 404 Compliance?

Corporate compliance is a major undertaking for a few reasons–IT systems become complex, work forces grow to hundreds of individuals with different levels of access to information and public corporations must file difficult financial and security attestations annually to prevent fraud.  One of the essential forms of financial and IT compliance for publicly-traded companies in… Read More

What Does a PCI DSS Audit Look Like?

PCI compliance is a hot topic these days. While payment processing seemed like the domain of large enterprises and retailers, the expansion of cloud-based processing and online storefronts have blurred the lines between processors, merchants and secure, compliant systems.  Many organizations seek their PCI compliance certification to cover their bases with payment processing and data… Read More

What Are SOC 3 Reports?

The Service Organization Control (SOC) standard is a well-known, but often misunderstood, approach to cybersecurity. It’s not mandatory, it has several methods, and some attestations involve different types of reports and assessments.  Sometimes, the most difficult challenge is understanding the breakdown between reports. While SOC 2 is the most well-known and deployed assessment on the… Read More