847.221.0200  Main Office

Halock Blog

Darrell Issa Just Learned the Difference Between Compliance and Security. Let’s Hope for a Payoff. »

Darrell Issa’s House Committee on Oversight and Government Reform has been busy looking into the security of the healthcare.gov website and its connected systems. If you watched the hearing on CSPAN on January 16th, you would have seen the House committee questioning the CISOs of the Department of Health and Human Services … Read More »

As of March 1 Your Vendor Contracts Were Supposed to be Updated. Were they? »

The Massachusetts law 201 CMR 17.00 that forces US organizations to protect the PII of Massachusetts residents went into its final enforcement phase on March 1, 2012. By that date, no exceptions, businesses that send Massachusetts-based PII to service providers needed to require in providers’ contracts that they will also abide by the law.
U.S. legislators … Read More »

Benefits of ISO 27001 Certification »

ISO 27001 is the formal set of specifications against which organizations may seek certification of their Information Security Management System. The intent is to bring information security under management control and to instill process into an organization. While most companies have an IT and / or an information security department, best practices of an Information Security … Read More »

Data Classification »

Determining what constitutes “sensitive data” is usually not a difficult thing for most people.  For me personally, it would be my social security #, my account information – banking, credit card information.  And, sadly as the years go by, my birthdate is getting to be more sensitive…
For organizations to identify their sensitive data again is … Read More »