In June 2023, the US. The Department of Health and Human Services (HHS) reached an agreement with Yakima Valley Memorial Hospital over a significant breach of privacy and security rules. Specifically, HHS found that several security guards had inappropriately accessed the private records of up to 419 patients. This settlement demonstrated administrative and internal security… Read More
Not all technology is created equal, even if it all seems to serve the same function. Information Technology (IT) and Operational Technology (OT) are two particular strains of digital systems that, while seemingly similar, serve radically similar functions for an organization. That being said, IT and OT are merging due in no small part to… Read More
As we navigate through 2023, the digital frontier continues to expand, bringing forth numerous novel opportunities and, regrettably, a myriad of cybersecurity threats. These cyber threats are not simply an IT concern; they have profound implications for business continuity, customer trust, and national security. Understanding these risks and their evolution is the first step in… Read More
The General Data Protection Regulation (GDPR) is one of the strongest security and privacy frameworks in operation in the world. Of this regulation, Article 32 stands out among its numerous guidelines as it deals explicitly with the “security of processing” of personal data. This piece aims to demystify GDPR Article 32, breaking down its requirements… Read More
Organizations are tasked with navigating many rules, regulations, and potential risks in an increasingly complex business landscape. As they do so, the importance of a robust Governance, Risk, and Compliance (GRC) strategy becomes apparent. This trifecta acts as a guiding beacon, setting a course for businesses to follow, ensuring they operate within the bounds of… Read More
In the interconnected world of digital health information, safeguarding Protected Health Information is paramount. Healthcare providers must legally follow the Health Insurance Portability and Accountability Act (HIPAA) to protect patient privacy and maintain trust, and this compliance includes understanding what it means to identify and deal with security incidents. Among these, the concepts of security… Read More
With modern computing increasingly moving into a mobile paradigm of remote workers, laptops, and smart devices, the threat to security in various industries is only increasing. This is no more true than in healthcare, where HIPAA breaches related to mobile devices are becoming more common. This article will discuss the HIPAA security rule, how it… Read More
It has become increasingly important for financial institutions to adopt robust security measures to safeguard their client’s assets and personal data. To address this challenge, FINDA has established a comprehensive set of rules to enhance its member firms’ cybersecurity posture. However, there isn’t a set-in-stone framework for specific security measures. Instead, FINRA consists of obligations… Read More
As cloud computing continues gaining popularity, organizations increasingly turn to cloud services to store and process their data. However, with this increased reliance on cloud services comes a heightened risk of data breaches and cyber attacks, making cloud security a critical concern for businesses of all sizes. To address these concerns, the International Organization for… Read More
A Managed Service Provider (MSP) provides their clients with a wide range of IT services, including network management, software support, and hardware maintenance. However, as cyber threats evolve, MSPs are increasingly expected to provide comprehensive security solutions to their clients. This can be a significant challenge, as they may need more specialized expertise, tools, and… Read More
Quantum computing has long been a theoretical idea with limited practical application. The only usable quantum computers were only available to cutting-edge researchers supported by massive corporations or government-funded universities. As time has passed, however, these researchers have begun to make massive strides in making quantum computing realizable in a way that could impact modern… Read More
Multi-cloud environments are becoming increasingly common. Multi-clouds leverage the flexibility of public cloud connectivity across several providers to help organizations remain scalable and flexible. While multi-cloud offers numerous benefits, it also presents unique security challenges that must be addressed to ensure the security of applications and data hosted in the cloud. In this article, we… Read More
StateRAMP guidelines include network security standards from NIST 800-53, with specific requirements for implementing those guidelines based on the application and data processing. Implementing boundary controls is one of the more relevant and sometimes challenging aspects of compliance network security. Here, we will dig into how StateRAMP (and FedRAMP, to some extent) approach subnetworks and… Read More
As the old saying goes, the weakest link in any security system is the user. This isn’t an insult but rather a commentary on the impossibility of eliminating every vulnerability in a system that humans have to use daily. In terms of actually mitigating direct security threats associated with users, however, there can be no… Read More
Businesses undergoing ISO certification are probably aware of the 27000 series and its focus on comprehensive cybersecurity. What many organizations don’t know, however, is that the series itself provides guidelines for risk managers to better implement Information Security Management Systems (the core process of ISO 27001) following best risk management practices.
When we discuss cybersecurity, it’s most often done in the context of audits, assessments, or certifications. However, specific systems and components require more stringent testing standards, ensuring that the technology functions correctly and securely after construction or during ongoing operational use. To support the testing and assurance of these components, the National Institutes of Standards… Read More
Regarding cybersecurity and compliance, there is a massive benefit in having a deep field of providers and offerings that can serve large federal customers alongside smaller offerings that can serve the state, local, and municipal customers. It’s essential, however, to ensure that maintaining a competitive marketplace doesn’t compromise security. This means helping small or young… Read More
StateRAMP is now nearly two years old, and the small project is quickly becoming a mainstay in the security industry. State and local governments are looking for a solid cybersecurity framework that they can use to vet and certify cloud providers that they may work with. In this article, we’ll talk about the basics of… Read More
When thinking about cybersecurity, many stakeholders outside the industry will rarely consider the physical systems supporting digital information. And yet, almost any security framework worth its salt will have some provision for securing physical systems and environments. PCI DSS 4.0 is no different, and the ninth requirement is dedicated to just this topic. This article… Read More
One of the cornerstones of cybersecurity has been the protection of software. These applications have been installed on local machines or workstations for most of the computing history. Hackers would use different approaches to gain access to these machines using corrupted software or other means. In modern times, the proliferation of web applications and Software-as-a-Service… Read More
In the earliest days of what could be considered cybersecurity, the primary threats were malicious programs that would operate against the wishes of the machine and its operator. These programs, referred to as viruses, served as the progenitors of what we generally refer to in modern parlance as malicious software or “malware.” Because the long… Read More
PCI DSS compliance is verifying that your systems, those that handle personal and cardholder information, meet all the expectations of the 12 requirements of the standard. These requirements describe security and privacy controls to protect against modern threats and vulnerabilities and call for both attention to implementing controls and maintaining long-term best practices. The best… Read More
Blockchain, blockchain, blockchain. It seems like you can’t throw a rock without hitting someone discussing the potential for blockchain technology. And, for the most part, this is driven by consumer interest in technologies and the potential for innovation in the web 3.0 world we live in. While the consumer market is having a so-so engagement… Read More
Companies attempting to navigate the complex world of private and public cybersecurity might get confused about what they should focus on. The truth is that you can’t adopt them all… but you can focus on the regulations that directly impact how you do business. Here, we’ll discuss two of the most prevalent security frameworks–FedRAMP and… Read More