Tag Archives: risk

NIST Cyber Security Risk Management Conference – Reasonable Risk

NIST Cyber Security Risk Management Conference – Reasonable Risk. Our partner, Chris Cronin will be speaking with  Phyllis Lee of the CIS (Center for Internet Security).

VULNERABILITY N+1

VULNERABILITY N+1. AUTHOR: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR As Americans, we love lists.  That fact is self-evident when browsing our favorite blog sites, as many blogs start out with catchy headlines like, “The Top 5 ______ (fill in the blank).”  The love of lists is rooted deeply in our culture. We loved the […]

Are Your Security Devices HIPAA Compliant?

By Chris Cronin, ISO 27001 Auditor, Partner Would you be surprised to learn that there is no HIPAA requirement that tells organizations to use a firewall? How about an intrusion detection system (IDS)? Nope. And no requirements for a data loss prevention tool (DLP) either, or a proxy server, or even a security information and event […]

OVER-SECURING PHI: A DANGEROUS HIPAA VIOLATION | What is reasonable?

By Chris Cronin, ISO 27001 Auditor, Partner Over-securing protected health information (PHI) means protecting the security of PHI so much that patient care or medical research becomes compromised. It may seem strange to hear this from a cyber security firm. After all, security is where HALOCK makes its living. But if your security controls take priority […]

WHAT IS HIPAA?

HALOCK is deep in the regulatory compliance and security field, so we sometimes take for granted that words common to us, like “HIPAA,” are still not clearly understood. So let’s take a moment to lay out the basics of HIPAA. 

REDUCING RISKS THROUGH COMPENSATION: HOW TO INSTITUTIONALIZE RISK MANAGEMENT IN EMPLOYEE INCENTIVE COMPENSATION PLANS

REDUCING RISKS THROUGH COMPENSATION. Has your organization been struggling to achieve its compliance goals? Whether your organization is new to risk management or you’ve been struggling with compliance for some time, making compliance a part of every employee’s compensation plan is a smart strategy. This can get everyone in your organization thinking about information security […]

THE FEDERAL TRADE COMMISSION IS COMING TO GET YOU

Author: Chris Cronin, ISO 27001 Auditor The Third Circuit Court of Appeals announced on Monday, August 24, 2015 that the Federal Trade Commission is acting within its authority when it takes action against companies for poor data security practices. Take heed. You may be doing exactly what the FTC is complaining about.