Breach Disclosure

How To Handle Breach Disclosure The Right Way

,
It’s not a matter of IF your organization will be breached but WHEN. How your organization handles their response to a breach (known as Incident Response) makes a HUGE difference. Here are a few examples of breach disclosure done the right way.
HITRUST 101

HITRUST 101: Assessment Content, Part 3

,
A high-level overview of HITRUST Domains 11-15, what to expect to be tested on, and what you can do to best prepare your program for HITRUST Certification.
HITRUST 101

HITRUST 101: Assessment Content, Part 2

,
A high-level overview of HITRUST Domains 6-10, what to expect to be tested on, and what you can do to best prepare your program for HITRUST Certification.
information security news roundup october 2017

Information Security News Roundup: October 2017

,
A summary of important current events in the Information Security world from the month of October that you should know about.
HITRUST 101

HITRUST 101: Assessment Content, Part 1

, ,
A high-level overview of HITRUST Domains 1-5, what to expect to be tested on, and what you can do to best prepare your organization for HITRUST Certification.
Information Security News Roundup: September 2017

Information Security News Roundup: September 2017

,
A summary of important current events in the Information Security world that you should know about.
Business impact analysis

Prepare for Impact: Why you should perform a Business Impact Analysis.

,
When a true disaster occurs we need to understand which systems are the most critical to continuing and restoring business operations. This is where performing a Business Impact Analysis (BIA) is essential.
BCP vs DRP

Why a Business Continuity Plan is Essential to Disaster Recovery.

,
So where IS the line differentiating between a Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP)? The fact is, there is a lot of overlap between the two terms; however, there are significant differences as well.
Cover Image.HITRUST

HITRUST 101: Is HITRUST Right for You?

,
In the last HITRUST 101 post, we examined the scoring methodology for a HITRUST assessment. In this post, we will go back to basics and take a deep dive into the why of HITRUST and determine if it is something that your organization should pursue.
Chief Security Officer Foundation

What Makes a Good Chief Security Officer?

,
The news from Equifax on Friday (9/15) states “the Chief Information Officer and Chief Security Officer are retiring”.  Somebody’s got to pay, and here are your first two scapegoats.  Will it stop with these two, or is the CEO (Richard Smith) job at risk too?  We can only speculate. I’m more interested in answering the question; what makes a good CSO/CISO or a good information security professional/expert?
equifax

An Information Security Expert's Take On The Equifax Breach

,
Logically, we approach investigations holistically from four different perspectives; the company itself, what was in place for prevention, what was in place for detection, and how well is the response handled? My take on the Equifax breach revolves around these four perspectives. 
information security life cycle not project

Information Security Life Cycle, not Information Security Projects

Information security is a living, breathing process that’s ongoing, it’s a life cycle.  Without a life-cycle approach to information security and its management, organizations typically treat information security as just another project.