Author Archives: Chris Cronin

VULNERABILITY SCANS AND RISK ASSESSMENTS: KNOW YOUR AUDIENCE

By Chris Cronin, ISO 27001 Auditor, Partner Cybersecurity is no longer a concern for just internal IT. All levels of the organization today should have a keen awareness and involvement when it comes to cybersecurity.  That level of engagement should start at the top within the corporate boardroom

We Just Gave Away Our Cyber Security Intellectual Property. It was the right thing to do.

Why a Chicago-Based Cybersecurity Firm Just Released its Prized IP.  By Chris Cronin, ISO 27001 Auditor, Partner

HIPAA vs HITECH vs OMNIBUS. THE DEFINITIVE CHRONOLOGY.

By Chris Cronin, ISO 27001 Auditor, Partner HIPAA is a confusing regulation. Since its enactment on August 21, 1996, it has covered topics as diverse as insurance coverage of unemployed people, efficiency of health care administration, data security, and more recently the improvement of healthcare outcomes. HIPAA has had the complicated history of regulatory revisions, clarifications, […]

HOW TO KNOW IF YOUR SECURITY DEVICES ARE HIPAA COMPLIANT

By Chris Cronin, ISO 27001 Auditor, Partner Would you be surprised to learn that there is no HIPAA requirement that tells organizations to use a firewall? How about an intrusion detection system (IDS)? Nope. And no requirements for a data loss prevention tool (DLP) either, or a proxy server, or even a security information and event […]

OVER-SECURING PHI: A DANGEROUS HIPAA VIOLATION

By Chris Cronin, ISO 27001 Auditor, Partner Over-securing protected health information (PHI) means protecting the security of PHI so much that patient care or medical research becomes compromised. It may seem strange to hear this from a security firm. After all, security is where HALOCK makes its living. But if your security controls take priority over […]

PRIVACY VS SECURITY – WHAT’S THE DIFFERENCE?

By Chris Cronin, ISO 27001 Auditor, PartnerThe ever-increasing demands from laws and regulations to protect personal information comes with confusion about what exactly our protection responsibilities are. One source of that confusion is in the use of the terms “privacy” and “security.” While “privacy” and “security” are both common terms used in laws, regulations, and security […]

WHAT KIND OF SECURITY ASSESSMENT DO I NEED?

What kind of security assessment do I need? It’s a question we at HALOCK Security Labs hear all the time. Every regulation and information security standard in existence tells us that we must undergo some kind of regular assessment. But the security field has not been consistent in advising what kinds of assessments fit which purpose […]

THE FTC IS TELLING US THAT PCI DSS CERTIFICATION IS NOT ENOUGH. NOW WHAT?

As part of its enduring interest in LifeLock, Inc., the Federal Trade Commission issued the following statement on December 17, 2015, “PCI DSS certification is insufficient in and of itself to establish the existence of reasonable security protections … the existence of a PCI DSS certification is an important consideration in, but by no means […]

THE JP MORGAN CHASE HACKER INDICTMENTS EXEMPLIFY HOW BACKWARD THE INFOSEC SPACE IS

Cybersecurity audits mean nothing to hackers. And in fact, neither do short-sighted privacy regulations. Hackers have been showing us this for years. And not just because they find ways to exploit systems before you have a chance to lock them down. It’s more than that. Hackers find value in your systems and data that you […]

WHAT IS HIPAA?

HALOCK is deep in the regulatory compliance and security field, so we sometimes take for granted that words common to us, like “HIPAA,” are still not clearly understood. So let’s take a moment to lay out the basics of HIPAA. For deeper coverage into the HIPAA Security Rule, take the “master class” here.

1 2 3 4