Information Technology

HITRUST Updates: CSFBASICs, HITRUST CSF v8.1, HITRUST CSF v9

On March 1, 2017, HITRUST announced its roadmap for 2017, which included improvements to the HITRUST CSF and a renewed focus on smaller healthcare organizations. The roadmap focuses on combating cyber threats and information risks while advancing protection standards regarding healthcare data through CSFBASICs, HITRUST CSF v8.1, HITRUST CSF v9,…

Read More

Outline of Guidance for PCI DSS Scoping and Network Segmentation

In order to clarify scoping and network segmentation principles in PCI DSS, the PCI SSC has released additional guidance in order to help organizations identify what systems are considered in scope for PCI DSS assessments. This guidance was developed by industry experts and the PCI SSC Board of Advisors in…

Read More

Phishing 201: What are the Different Types of Phishing Attacks?

In our initial blog, Phishing 101, we covered the basics of phishing, including what phishing is and how to prevent it. Today, we will cover the different types of phishing attacks that your organization could be vulnerable to. Types of Phishing Deceptive phishing Deceptive phishing is the most common…

Read More

Social Engineering 101: What is Phishing and How do I Prevent It?

What is Phishing? Phishing is a series of communications that are sent in order to deceive individuals to provide sensitive information. Phishing can take the form of email messages, website forms, or phone calls and can be designed to reveal different information.  This information can take the form of: Credit…

Read More

3 Security Trends that will Continue in 2017

With the ushering in of another new year, I find myself acting nostalgic, wondering where the previous year went and of course pondering the year ahead. Here are three security and commerce trends which will continue in 2017. Healthcare Data Breach According to the Privacy Rights Clearinghouse, healthcare data breaches…

Read More

FedRAMP vs. FISMA: Choosing the Right Standard for Your Federal Clients

When pursuing federal clients or servicing existing federal clients, there are a number of unique compliance needs due to the sensitivity of the federal information. Standards such as FedRAMP and FISMA exist to create consistent security standards for organizations seeking federal agency clientele. FISMA, or the Federal Information Security Management…

Read More

What are the differences between ISAE 3402 and SSAE 16?

The preferred reports for service organizations with direct impact on internal controls over financial reporting of their clients are the SSAE 16 (Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, was issued by the Auditing Standards Board of the American Institute of Certified…

Read More

FISMA Certification: Understanding Low, Moderate and High-Impact Systems

FISMA, or the Federal Information Security Management Act of 2002, assesses the controls outlined in NIST 800-53. You can review those requirements in Figure 1, below. One of the benefits of FISMA is that it provides different implementation options depending on the levels of potential impact for an organization or…

Read More

10 Ways to Protect Your Information When Shopping Online

When the holiday season comes around, everyone is in the spirit of giving back and joining in on the festivities. This usually spurs an increase in spending and holiday shopping, most of which happens online. According to comScore and UPS’ online shopping survey, shoppers are now making 51% of…

Read More

Visa Global Registry of Service Providers: Are you on the list?

Visa has released new tools and changes, which add value to service providers who store, process, or transmit cardholder data on behalf of merchants or other entities. For years, Visa has offered service providers the Visa Global Registry of Service Providers, a prestigious list of entities which meet certain…

Read More