THE HIPAA ‘DIRTY DOZEN’ – FIND OUT ABOUT THE MOST COMMON HIPAA VIOLATIONSBy Tod Ferran, CISSP, QSA Time and time again we see many common HIPAA issues arise in both large and small entities. We’ve compiled a list of the most common HIPAA issues that can lead to violations that we see in the field […]
Proven Ways to Combat Ransomware. Ransomware stole a lot of headlines in 2016 and rightfully so. Every type of organization was afflicted by its intrusion this past year, even healthcare. With revenues of over $18 million dollars in 2015, it’s a safe bet that Ransomware isn’t going anywhere in 2017. That’s because it is highly […]
CREATE A REALLY STRONG PASSWORD: A PEN TESTER’S PERSPECTIVE. Attackers have figured out how to crack even what you and I think are the toughest passwords. HALOCK pen testers almost always find passwords as a weak spot in every investigation. With so much at stake, it’s a wonder why password safety still isn’t being […]
If you are a Level 1 or Level 2 merchant, complying with the Payment Card Industry Data Security Standard (PCI DSS) continues to get more complicated. The stakes have never been higher for large organizations that process payments. With major data breaches constantly in the headlines like Target, Home Depot, JP Morgan Chase and countless […]
Author: Terry Kurzynski, ISO 27001 Auditor, CISSP, CISA, PCI QSA The information security community is abuzz with the news of Code Spaces closing its doors after having all of its client’s data erased by an attacker who gained access to their environment. Code Spaces offered their clients a “code repository” service – think Subversion-as-a-Service – and […]
The Target® Breach in November 2013 lives infamously in our memories and has served as a pivot point for all businesses with regard to third party vendor management (TPRM). After all, who could have imagined that the giant retailer would have been breached through a seemingly insignificant third party that didn’t seem to have direct […]
While preparing for a keynote talk at CAMP IT that is rapidly coming up I was struggling to find the main point of my talk. I had been puzzling for several weeks, asking myself what single message I wanted to leave my audience with. I’ve been speaking for some time now about information security and […]
Download a printable version of the cyber security awareness tips poster HERE
Reasonable and Appropriate Data Security – An interesting case that the FTC filed recently (June 26, 2012) against a well-known hotel chain. (Names omitted for the purposes of this blog.) Notice the similarities to the PCI DSS requirements.
Does Security Interfere with Business? In a mad dash toward security compliance or to plug known vulnerabilities, IT professionals have a tendency to implement security controls without thinking through what could go wrong with them.