Reference Materials

Industry Insights
Real-world examples and articles written by leading security experts.
Cyber Security Summit Chicago Presentation - CIS RAM: This Math will Save You
Access the presentation file from the Cyber Security Summit Chicago session - CIS RAM: This Math Will Save You
SANS Security Leadership Poster 5 Keys for Building a Cybersecurity Program & CIS Controls
Multi-Factor Balancing Test: 8 Questions a Judge Will Ask You after a Data Breach

The 8 Questions a Judge Will Ask You after a Data Breach. Define your acceptable level of risk with a duty of care risk assessment.

HALOCK Article If HIPAA Seems Too Hard

In 2012, OCR and their audit partner KPMG set out to assess 115 organization and test a new HIPAA audit program, and to see what the current state of HIPAA compliance was.

HALOCK Article Ransomware

Staying ahead of security threats is no easy task. One threat that should definitely be on your radar is ransomware.

HALOCK Article A Judge Approved a Lawsuit Against Target

Business and legal journalists have been expressing disappointment at Judge Paul Magnuson’s decision to allow third party banks to sue Target Corp after their cardholder data breach.

Case Studies
Real-world examples and articles written by leading security experts.
HALOCK CASE STUDY Not All Vendors Are Created Equal A Case Study In Penetration Testing

A major university located in the Midwest was interested in comparing HALOCK’s penetration testing services to those of a competitor to see if there were any material differences.

HALOCK CASE STUDY ISO 27001 Is Good Security and Good Business

When a multi-state law firm decided that securing their highly sensitive information and information systems was critical to their success, they turned to ISO 27001.

Step-by-step guidance on compliance, security engineering and incident response concerns.
Duty of Care (DoCRA) Checklist

Determine if your risk assessment meets Duty of Care and is DoCRA compatible.

HIPAA Checklist

Whether you're implementing a new HIPAA security program or managing an existing program over time, it can be helpful to use a checklist to make sure you're covering all of the necessary steps.

HALOCK Incident Response Plan Checklist

Have an incident response plan in place before you experience an incident. Be sure that your IR plan includes the following 10 items to ensure the incident response progresses as smoothly as possible.

FastStart Vendor Risk Management Checklist

HALOCK’s FastStart Vendor Risk Management (VRM) Checklist allows organizations to initiate a formal VRM Program and get started immediately!

HALOCK 10 Must-Have Capabilities of Best-In-Class Pen Testing Providers

Keeping Security Awareness top-of-mind in your organization is crucial. Use this checklist as a reference to ensure that the proper practices in your organization are being met.

Purely educational, these tools walk you through key InfoSec topics you need to know, including PCI compliance, HIPAA security rule, penetration testing and more.
The Industry Risk Assessment Disconnect and the Solution
HALOCK Information Technology Risk Assessment
Is Your Organization Exercising “Due Care”?
The Guide to PCI DSS 3.1

PCI DSS 3.1 further clarifies the changes made in PCI DSS 3.0 by addressing 30 clarifications to existing requirements, four guidance points that serve to improve understanding of the requirements.

The Guide to PCI DSS 3.0

The changes in PCI Data Security Standard (PCI DSS) 3.0 focus on some of the most frequently seen threats and risks that have led to cardholder data breaches.

The Guide to PCI DSS 3.2

The PCI Security Standards Council (PCI SSC) in PCI DSS v3.2 is requiring that all versions of SSL and TSL version 1.0 must be disabled. In order to be PCI DSS compliant you must be utilizing TLS 1.1 at a minimum, (although TLS 1.2 is highly recommended). This mandate was originally slated for implementation by 2016 but due to the burdensome impact to organizations, the PCI SSC extended the timeline to June 30, 2018. The PCI DSS applies to all organizations receiving credit card payments for goods and/or services (merchants) and any third party service providers for PCI DSS merchants. This guide helps users through the new requirements.

Vulnerability Assessment Services Frequently Asked Questions

There is a great deal of information and misinformation in the marketplace with regard to exactly what penetration testing is and what you should expect from a penetration testing company.

The Best Guide to the HIPAA Security Rule You'll Ever Read

If you have some responsibility in your organization for complying with the HIPAA Security Rule, then this guide is for you.

A Quick View of Cybersecurity
Not so fast . . .
8 Questions a Judge Asks you after a Data Breach Infographic
Your Employees are Targets: Social Engineering Infographic
Healthcare & Data Breaches Infographic
Data Breaches & Marketplace Reputation Infographic
SOCIAL ENGINEERING: The Human Element Infographic