Tag Archives: HIPAA

REDUCING RISKS THROUGH COMPENSATION: HOW TO INSTITUTIONALIZE RISK MANAGEMENT IN EMPLOYEE INCENTIVE COMPENSATION PLANS

REDUCING RISKS THROUGH COMPENSATION. Has your organization been struggling to achieve its compliance goals? Whether your organization is new to risk management or you’ve been struggling with compliance for some time, making compliance a part of every employee’s compensation plan is a smart strategy. This can get everyone in your organization thinking about information security […]

THE FEDERAL TRADE COMMISSION IS COMING TO GET YOU

Author: Chris Cronin, ISO 27001 Auditor The Third Circuit Court of Appeals announced on Monday, August 24, 2015 that the Federal Trade Commission is acting within its authority when it takes action against companies for poor data security practices. Take heed. You may be doing exactly what the FTC is complaining about.

PREPARING FOR YOUR DATA BREACH

PREPARING FOR YOUR DATA BREACH. Author: Chris Cronin, ISO 27001 AuditorMost InfoSec professionals don’t want to think about becoming the next victim of a major data breach to make the headlines. And yet when faced with another major data breach it is a time when Executive Management and security teams reflect on their own insecurities. The […]

Network Penetration Testing: What’s the Ideal Frequency to Conduct Pen Tests?

Some companies test once a year.  Some test several times a year.  So what frequency is correct for your organization?  Well that all depends on how frequently your environment changes and other unique factors affecting your organization. When determining how often to conduct network penetration tests, consider the following:

Some Mortgage Lenders May Be Putting Sensitive Financial Data At Risk, Finds HALOCK

FOR IMMEDIATE RELEASE HALOCK Investigation finds that over 70% of mortgage lenders may be putting sensitive financial data at risk through their application processes Schaumburg, IL, January 29, 2014: Cybersecurity firm HALOCK Security Labs found many of the nation’s large and small mortgage lenders allow for information sharing practices that may put applicants’ personal and […]

Expecting the Unexpected, Removing Fear From a Security Incident

Once again another company is on the heels of a massive data breach where intellectual property, customer records, private information, you-name-it, has been compromised, a security incident. The recent news of Adobe Systemsi where a malicious entity stole intellectual property and accessed millions of credit card numbers is another case where “if there is a […]

While Technological Security Risks Are a Possibility, Management Security Risks are a Certainty

Most of my information security focus these past few years has concentrated on management and governance, but this was not always the case. I came into this profession as a technologist and manager who focused on team building, turn-arounds and doing a lot with few resources. But as my career moved from technology operations to security […]

The Hand Rule: Managing the Upper Limits of Security Costs

While presenting a talk at CAMP IT last week I got into a number of conversations with attendees about the Hand Rule. At HALOCK Security Labs we talk about the Hand Rule a lot. Also known as the Calculus of Negligence, it is a way that an organization can mathematically estimate what a “reasonable” investment […]

We Need a Risk Management Tipping Point

While preparing for a keynote talk at CAMP IT that is rapidly coming up I was struggling to find the main point of my talk. I had been puzzling for several weeks, asking myself what single message I wanted to leave my audience with. I’ve been speaking for some time now about information security and […]