July 14, 2020 •
In the world of healthcare, like any business environment, there is an important difference between being secure and being compliant. Sure, healthcare data security and HIPAA compliance share similarities, but one does not equal the other. Here’s how to build healthcare data security into your HIPAA compliance.
Compliance • Vulnerability Management
July 8, 2020 •
There is a fine line being walked in the merchant acquiring and payments space. As both the primary players and the smaller providers know, merchants’ security threat landscape continues to shift and expand at a rapid pace. Guiding merchants down the path of implementing security protocols to protect the merchant, and mitigating breach risk for the processor, can be challenging. We see acquirers meeting this challenge through what I call a “scalpel approach.”
Payment Security • PCI Compliance • Risk Management
May 17, 2020 •
It struck me recently that there are interesting parallels for a business trying to deal with all the shots coming out of COVID-19, both early on and over time. They were fast and furious at the beginning; I am sure we all agree. But what does the small business threat landscape look like now?
Coronavirus • Information Security
May 13, 2020 •
Individuals in the security industry often comment that the foundation of any company’s security program is its policy and procedures. I am not saying they are incorrect; however, I do not believe they see the big picture. Policy and procedures look to address risk, but they do not define it. Therefore, the foundation of any security program is formed by the activities around risk identification.
May 1, 2020 •
We can learn a lot from the same protective measures that are working to defeat this insidious coronavirus enemy. The parallels are striking between the social and professional measures that are swiftly becoming business-as-usual, and the security measures that should have been business-as-usual all along. Now may be the perfect time to remind ourselves of a few.
Coronavirus • Endpoint Security
April 1, 2020 •
What happens in social distancing situations like the one we are in now, when security assessments such as PCI, HIPAA, risk analysis, and many more require an onsite visit to your in-scope locations? Events such as COVID-19 create a need to become more agile in order to maintain business as usual while shifting the paradigm of working in person.
Compliance • Coronavirus • Security Assessments
March 25, 2020 •
Today’s news cycle is all about the impact that coronavirus/COVID-19 has been having within the world’s economy and health and welfare of most all individuals. I am sure you are prepared to handle the loss of a server or recover lost data, but what about your staff? Does your business continuity planning include the loss of people as part of your operational resources? If not, it should!
Business Continuity • Coronavirus
March 23, 2020 •
While quantum capabilities are still a few years out, it’s important to be thinking about their future impacts to our crypto systems today. How will we prepare and upfit our systems to meet the challenge of tomorrow’s adversaries? There are four important things we need to be thinking about when building crypto-agility into our applications and systems for the coming quantum era.
Encryption • PCI Compliance