NetDiligence Cyber Risk Summit: What is Reasonable Cyber Security? The panel provided an overview of the risk-based analysis process that substantiates the method, and presented the legal, regulatory, and security best-practice history that informs the method. Each participant presented why the method successfully substantiates the term “reasonable” in their work and provided anecdotes that illustrate […]
Organizations are facing a lot of change with remote work set ups – in both physical location and operational shifts. Especially challenged are businesses that manage credit card information electronically and over the phone. These new working conditions unearth new risks for sensitive data. Social distancing can also bring about more social engineering attempts. According […]
HALOCK Security Labs led the Cyber Security forum for the South Carolina Primary Health Care Association (SCPHCA). Managing consultants, Tod Ferran, CISSP, QSA, ISO 27001 Lead Auditor, and Glenn A. Stout, Ph.D., CISSP, CISM, GSEC, PMP presented on hot topics.
This two-hour workshop will demonstrate how to conduct a risk assessment – from beginning to end – using CIS’ new risk assessment method. A brief introduction to CIS RAM’s foundations will be followed by example walk-throughs of developing criteria for assessing and accepting risk, for evaluating current controls for risk acceptability, and for modeling safeguards […]
In April of 2013 the Office of Civil Rights, the branch of the Department of Health and Human Services that oversees compliance with the HIPAA Security Rule, started releasing analysis from their pilot audit of Security Rule compliance. In 2012, OCR and their audit partner KPMG set out to assess 115 organizations: hospitals, insurance companies, […]
The United States is an exceptional country in many ways, not least of which is that we don’t like doing what governments tell us to do. It’s in our moral fiber to rebel. One telling example of this was expressed in a historical article comparing US railroads to European railroads in the nineteenth century. What […]
ISO 27001 is the formal set of specifications against which organizations may seek certification of their Information Security Management System. The intent is to bring information security under management control and to instill process into an organization. While most companies have an IT and / or an information security department, best practices of an Information Security […]