HITRUST 101

HITRUST 101: Assessment Content, Part 1

, ,
A high-level overview of HITRUST Domains 1-5, what to expect to be tested on, and what you can do to best prepare your organization for HITRUST Certification.
Information Security News Roundup: September 2017

Information Security News Roundup: September 2017

,
A summary of important current events in the Information Security world that you should know about.
Business impact analysis

Prepare for Impact: Why you should perform a Business Impact Analysis.

,
When a true disaster occurs we need to understand which systems are the most critical to continuing and restoring business operations. This is where performing a Business Impact Analysis (BIA) is essential.
BCP vs DRP

Why a Business Continuity Plan is Essential to Disaster Recovery.

,
So where IS the line differentiating between a Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP)? The fact is, there is a lot of overlap between the two terms; however, there are significant differences as well.
Cover Image.HITRUST

HITRUST 101: Is HITRUST Right for You?

,
In the last HITRUST 101 post, we examined the scoring methodology for a HITRUST assessment. In this post, we will go back to basics and take a deep dive into the why of HITRUST and determine if it is something that your organization should pursue.
Chief Security Officer Foundation

What Makes a Good Chief Security Officer?

,
The news from Equifax on Friday (9/15) states “the Chief Information Officer and Chief Security Officer are retiring”.  Somebody’s got to pay, and here are your first two scapegoats.  Will it stop with these two, or is the CEO (Richard Smith) job at risk too?  We can only speculate. I’m more interested in answering the question; what makes a good CSO/CISO or a good information security professional/expert?
equifax

An Information Security Expert's Take On The Equifax Breach

,
Logically, we approach investigations holistically from four different perspectives; the company itself, what was in place for prevention, what was in place for detection, and how well is the response handled? My take on the Equifax breach revolves around these four perspectives. 
information security life cycle not project

Information Security Life Cycle, not Information Security Projects

Information security is a living, breathing process that’s ongoing, it’s a life cycle.  Without a life-cycle approach to information security and its management, organizations typically treat information security as just another project.
Cover Image.HITRUST

HITRUST 101: Scoring Basics

,
HITRUST is a huge security program that centers around the assessments. While most of our clients do take the option to work with us on their Self-Assessment, it is entirely possible to complete it yourself. However, there are some risks associated with this. Read more to find out what these risks are.
Disaster Recovery

Is My Organization Big Enough to Need a Disaster Recovery Plan?

Regardless of how large or small your organization is, there are important questions you need to ask and steps that need to be established before building your Disaster Recovery Plan.
PCI

Three Things Every IT Department Head Should Know About PCI

As part of a dynamic IT team you might not have heard of PCI (yet); however, if your company is setup to take credit cards payments for services and products PCI can potentially affect you and your IT area.  Here are the top 3 things for you to know about PCI:
Define Social Engineering

Let's Define Social Engineering

This is the first post in a series designed to give you an inside view of what goes into working in social engineering. I hope that you will find these stories entertaining and educational, and enjoy reading them as much as I have enjoyed experiencing them.