Tag Archives: security


THE HIPAA ‘DIRTY DOZEN’ – FIND OUT ABOUT THE MOST COMMON HIPAA VIOLATIONSBy Tod Ferran, CISSP, QSA Time and time again we see many common HIPAA issues arise in both large and small entities. We’ve compiled a list of the most common HIPAA issues that can lead to violations that we see in the field […]

Proven Ways to Combat Ransomware

Proven Ways to Combat Ransomware. Ransomware stole a lot of headlines in 2016 and rightfully so. Every type of organization was afflicted by its intrusion this past year, even healthcare. With revenues of over $18 million dollars in 2015, it’s a safe bet that Ransomware isn’t going anywhere in 2017. That’s because it is highly […]


  CREATE A REALLY STRONG PASSWORD: A PEN TESTER’S PERSPECTIVE. Attackers have figured out how to crack even what you and I think are the toughest passwords.  HALOCK pen testers almost always find passwords as a weak spot in every investigation. With so much at stake, it’s a wonder why password safety still isn’t being […]

How To Find The Right QSA

If you are a Level 1 or Level 2 merchant, complying with the Payment Card Industry Data Security Standard (PCI DSS) continues to get more complicated.  The stakes have never been higher for large organizations that process payments.  With major data breaches constantly in the headlines like Target, Home Depot, JP Morgan Chase and countless […]

Code Spaces Spaced Out On Data Security

Author: Terry Kurzynski, ISO 27001 Auditor, CISSP, CISA, PCI QSA The information security community is abuzz with the news of Code Spaces closing its doors after having all of its client’s data erased by an attacker who gained access to their environment. Code Spaces offered their clients a “code repository” service – think Subversion-as-a-Service – and […]

Vendor Risk Management Hype Extends Beyond Target®

The Target® Breach in November 2013 lives infamously in our memories and has served as a pivot point for all businesses with regard to third party vendor management (TPRM).  After all, who could have imagined that the giant retailer would have been breached through a seemingly insignificant third party that didn’t seem to have direct […]

We Need a Risk Management Tipping Point

While preparing for a keynote talk at CAMP IT that is rapidly coming up I was struggling to find the main point of my talk. I had been puzzling for several weeks, asking myself what single message I wanted to leave my audience with. I’ve been speaking for some time now about information security and […]