Audits and compliance are just part of doing business for financial organizations. Clients and partners must know that they can trust you to manage their critical information, keep it secure, and maintain its confidentiality. Frameworks like Systems and Organization Controls, or SOC, help organizations meet these expectations in a standardized way. While SOC 2 is… Read More
Many enterprises are looking for ways to increase their security and to protect their interests. As the world of cybersecurity, legal risk and operational challenges become more and more complex, checklist compliance regulations just aren’t going to cut it. That’s why governments and private organizations are increasingly turning to risk management as a tool for… Read More
SOC 2 is one of the most well-known and well-respected compliance frameworks for businesses wanting to show partners and clients that they take security seriously. With the help of expert auditors and supportive security professionals, SOC 2 can quickly become a standard part of doing business in nearly any industry. Organizations attempting to meet SOC… Read More
The unveiling of CMMC 2.0 last November raised a lot of questions, but also brought a lot of relief. The streamlining of security around Controlled Unclassified Information (CUI) will help defense agencies and contractors better secure their systems without burdening them with operational overhead. This is crucial for organizations who want to support these agencies… Read More
Lazarus Alliance Partnering Provides Audit & Compliance and Regulatory Support You have customers working with you today who need or demand additional support for their own compliance, risk, governance, and cybersecurity programs. Maybe your firm is a Public Accounting Firm and your clients work with you on taxation, but they also require a SOC 1… Read More
One of our country’s more important assets is its information. The U.S. IT infrastructure carries private information covering things like financial information, private information, defense and military information or information that is critical to the operation of government agencies. Some information is classified, and some, while not deemed sensitive enough to classify, are protected as… Read More
CMMC certification is rolling out in RFPs in the defense and federal security compliance space. This framework promotes a uniform approach to security to protect important, unclassified data that passes through third-party vendors working with federal agencies. To ensure that companies meet their compliance requirements, CMMC leverages outside certified assessors to serve as a third-party… Read More
Thousands of companies, and an increasing number of government agencies, are relying on managed service providers for products like cloud storage, security administration, and productivity technologies. This has put tech experts in the profitable and challenging position of providing innovative products to support their clients.
The need for a business continuity plan is becoming more critical as businesses adjust to disruptions caused by the coronavirus. A virus in and of itself can’t shut your company’s systems, operations, or services down, but it can impact how a business functions. It’s not often that businesses face a pandemic. Still, natural disasters, human-made… Read More
Last year, the Wi-Fi Alliance announced the launch of the WPA3 WiFi security standard, which was developed to eliminate a number of security problems with WPA2. One of the major defense measures in WPA3 is the Simultaneous Authentication of Equals (SAE) handshake, which replaced the Pre-Shared Key (PSK) used in WPA2. Also known as “Dragonfly,”… Read More
Last year, the FBI reported that incidents of business email compromise (BEC), also known as spear phishing, CEO fraud, and invoice fraud, had been reported in all 50 states and 150 countries, with global losses exceeding $12 billion. BEC scams are continuing to explode in popularity among cyber criminals, with attacks increasing by 476% between… Read More
HBO has had a rough summer, and things are getting progressively worse for the cable titan. The HBO hacks began in late June, when an individual hacker or group calling themselves “Mr. Smith” dumped several episodes of an upcoming HBO series and the script to an upcoming Game of Thrones episode online. Mr. Smith claimed… Read More
Anthem – yes, that Anthem – has been hacked again. About a month after the beleaguered health insurer agreed to fork over a record-setting $115 million to settle a class action lawsuit related to its massive 2015 breach, it was breached again, or rather, one of its third-party vendors was. The 2017 Anthem breach involved… Read More
Who should be held responsible when a company’s systems get breached? Historically, the CIO, the CISO, or both have shouldered the lion’s share of data breach responsibility; well over half of security decision-makers expect to lose their jobs if a hack happens at their organizations. However, breaches don’t happen in vacuums, and CIOs and CISOs… Read More
Over the past year, the healthcare industry has been battered by an epidemic of ransomware attacks. The problem has become so ubiquitous that it is making its way into works of fiction: A ransomware attack on a hospital in a major city is the focus of an upcoming episode of the NBC drama Chicago Med.… Read More
As compliance costs skyrocket, standards grow increasingly complex, and the cyber threat environment evolves, organizations are turning to RegTech solutions to automate their compliance processes and improve their overall cybersecurity posture. Compliance with regulatory and industry standards, such as HIPAA, PCI DSS, FedRAMP, and SSAE 16 SOC reporting, are a burdensome yet necessary part of… Read More
Consumers love shopping online and are abandoning malls for mobile shopping apps in droves. However, online shopping environments offer multiple opportunities for hackers to steal payment card data. Even worse, as more brick-and-mortar stores implement card chip technology to defeat skimmers and other forms of POS system fraud, thieves are gravitating toward card-not-present (CNP) ecommerce… Read More
Defeating Cyber Security Deficits with a 1-2 Punch Steve Morgan, a professional acquaintance who writes about cybersecurity for Forbes, published One Million Cybersecurity Job Openings In 2016 and revealed some jaw-dropping statistics concerning the growing deficit in hiring qualified cybersecurity employees. To make matters worse, this chasm is exacerbated by the explosion of corporate breaches… Read More
2015 State-by-State Data Breach Charts The following standard definitions of Personal Information and Breach of Security (based on the definition commonly used by most states) are used for ease of reference, and any variations from the common definition are noted: Personal Information: An individual’s first name or first initial and last name plus… Read More
The stunning reality is that the majority of retailers accepting credit cards are still vulnerable to the newest threat to accepting credit cards from consumers. Lazarus Alliance has been years ahead with proactive cybersecurity services. Researchers from the Cisco Security Solutions team have dubbed the latest malware to attack point-of-sales (POS) systems PoSeidon. Compromised POS… Read More