September 21, 2020 •
Early on in my security career, while studying for my CISSP certification, the author of the book I was reading presented a concept of how to treat risk once it is known. Management has the choice of treating, accepting, deferring, or denying the risks that are found or identified. While most all security frameworks require […]
September 17, 2020 •
This week was an exciting one for us here at ControlScan, because we officially announced the general availability of ControlScan MDR Essential. A new tier of our Managed Detection and Response (MDR) product suite, MDR Essential is aimed at cost-conscious small and mid-sized businesses (SMBs) and the channel partners that serve them.
Active Monitoring • Endpoint Security
September 8, 2020 •
As we refine our remote work arrangements, our arsenal of communication devices—and our digital footprint—grows. Unfortunately, all these communication tools create additional IT vulnerabilities and make our businesses a more prominent target for cyber attackers to exploit. In this post I’ll share common ways in which an attacker bypasses network, software and physical controls in today’s extended workplace environment.
September 2, 2020 •
Who would have ever thought that in 2020, we would have had to execute a disaster recovery plan because of a pandemic on an international scale? I am sure most organizations planned for the technology aspect of an outage as well as the ability to meet SLAs and recovery point expectations. But did you plan for the loss of your staff?
Business Continuity • Coronavirus
August 18, 2020 •
Any parent with more than one child understands that maturity does not necessarily have a direct relationship with age. Every person is unique in their maturation process and matures at their own pace. (And anyone with teen and pre-teen boys may be asking, “What is maturity and how can my boys get some?”)
The same can be applied to your business.
August 14, 2020 •
I must admit that when I sat down to write this blog post I felt a bit silly writing out the title “The Million Dollar Laptop.” This is not a post about a wildly overpriced and new, barely changed, or updated piece of tech that Apple is releasing, or some exorbitant gaming laptop that you are hoping to purchase to play Fortnite or Minecraft. No, this is about the simple neglect of a lost device. Neglect that cost a healthcare organization $1,040,000.00.
Compliance • Risk Management
July 14, 2020 •
In the world of healthcare, like any business environment, there is an important difference between being secure and being compliant. Sure, healthcare data security and HIPAA compliance share similarities, but one does not equal the other. Here’s how to build healthcare data security into your HIPAA compliance.
Compliance • Vulnerability Management
July 8, 2020 •
There is a fine line being walked in the merchant acquiring and payments space. As both the primary players and the smaller providers know, merchants’ security threat landscape continues to shift and expand at a rapid pace. Guiding merchants down the path of implementing security protocols to protect the merchant, and mitigating breach risk for the processor, can be challenging. We see acquirers meeting this challenge through what I call a “scalpel approach.”
Payment Security • PCI Compliance • Risk Management