Clik here to view.
Creating Well-Defined Information Security Policies
In a previous post, we addressed the critical elements to address in information security policies. Now, let’s consider an effective approach to creating well-defined policies. The creation of...
View ArticleClik here to view.
HIPAA Rules 101
Implementing a Simplified Approach to HIPAA Compliance The standards and procedures established under HIPAA aim to protect patient health information for privacy and safety reasons. However,...
View ArticleClik here to view.
What Cyber Security Risk Concerns You Most?
The Top 5 Areas of Cyber Security Risk When it comes to effective cyber security risk management, knowing what can hurt your organization is key. In today’s world of complex threats, most organizations...
View ArticleClik here to view.
The WannaCry Ransomware Issue
PCI DSS principles to mitigate the spread of ransomware The recent, and still highly impactful, discovery of a new malware variant named “WannaCry” is a hot topic in the news right now. This new...
View ArticleClik here to view.
What’s In Scope for PCI?
Common issues we see with scoping PCI assessments As a QSA, I am commonly asked what is in scope for a PCI assessment. One would think this would be an easy question to answer. The obvious answer is...
View ArticleClik here to view.
What Is Cardholder Data Under PCI?
A common misunderstanding many organizations and IT professionals have is thinking that cardholder data is limited to the Primary Account Number (PAN) and the (Card Verification Value) CVV codes found...
View ArticleClik here to view.
Attention US Companies: The GDPR Is Coming!
When does the GDPR apply to US based companies? There has been much buzz circulating about the upcoming General Data Protection Regulation (GDPR). Yet, many organizations are still trying to figure out...
View ArticleClik here to view.
The Equifax data breach, PCI, and you
How adhering to PCI-DSS principles could have prevented a data breach The series of breaches recently publicly disclosed by Equifax could have been prevented by following PCI DSS guidelines. PCI DSS...
View ArticleFinding Regulatory Synergies Within the HITRUST Framework
HITRUST certification can support compliance with many other healthcare related regulations. Currently there are many regulatory obligations placed on healthcare security and privacy officers. The...
View ArticleUnderstanding HITRUST’s Role in Healthcare
HITRUST addresses challenges within Healthcare As the most widely adopted framework within the healthcare industry, the Health Information Trust Alliance (HITRUST) was created to provide a...
View ArticleGDPR Workshop Reflections & Takeaways
“It was the best of times it was the…” No really – it was great! What an exciting opportunity we had at CompliancePoint last week as we hosted our workshop in Atlanta, “Navigating the GDPR.” As...
View ArticleGDPR & IKEA
How does the GDPR compare to IKEA? Well they’re both European for starters, and while IKEA is #trendy, GDPR is #trending. With the work I’ve done with clients utilizing our consulting services for GDPR...
View ArticleGDPR – Idenfifying your risks
As the GDPR enforcement date is upon us, many companies are shifting into panic mode trying to really understand not only what the GDPR means to their company operationally, but also where their true...
View ArticleRisk Analysis vs Gap Analysis – Knowing the Difference is Important
As a Certified HITRUST Assessor and career healthcare compliance and security specialist, I was very pleased to see OCR’s April Cybersecurity newsletter highlighting the differentiation between a HIPAA...
View ArticleSocial Engineering – How to Protect Yourself and Your Company
Social Engineering is a low-tech method used for gaining access to resources whether they are physical, technical, monetary, or informational (e.g. trade secrets, confidential). Phishing is one...
View ArticleICO issues £500,000 fine against Facebook for Cambridge Analytica scandal
To give a little background, in March of this year, an exposé published in the Guardian and New York Times revealed that the personal data of 87 million Facebook users, 1 million of which were UK...
View ArticleWhat do Canada’s New Data Breach Reporting Requirements mean for US-Based...
On November 1st the data breach reporting requirements under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) went into effect. US companies should be aware of these...
View ArticleGoogle Fined €50 Million for GDPR Violations: What Does This Mean and What to...
What Happened? France’s Supervisory Authority (CNIL) has fined Google $56.8 millions Euros for what the data protection watchdog believes is a violation by the multinational tech company on EU’s...
View ArticleWhat Current GDPR Fines Mean for US Businesses
Clearly US businesses are not immune to privacy regulation in Europe. If there was any doubt, look to Google’s fine yesterday under the GDPR. The largest fine yet to be imposed is being levied against...
View ArticleWhy Vendor Due Diligence is Critical to Your Information Security
The Consequences of Choosing the Wrong Vendor To stand out in today’s hyper competitive environment, a company must set itself apart from its competition by providing the most value to its customers in...
View Article
