Information Technology

How SOC Audits Can Help Save on Errors & Omissions Insurance

As many companies look to reduce costs, one cost that continues to rise as the company grows is Errors and Omissions (E/O) insurance premiums. Both company liability and personal liability of the board of directors and owners is a topic that continues to be a focus of litigation. One of the ways a company can demonstrate they have sound controls over their control environment (which includes the tone at the top, board of directors’ participation, management oversight, etc) is to have a SOC audit conducted by a third-party auditing firm such as A-LIGN. 

Read More

The New Standard: PCI DSS 3.1

On April 15, 2015, The PCI Security Standards Council published the PCI DSS Version 3.1.  Within the update, there were 3 types of changes that were noted.  They included: Clarifications: Clarifies the intents of the requirements.  Additional Guidance: Explanations with the purpose of providing further information on the requirements. Evolving Requirement: Changes to the requirements to keep up with emerging threats and updates within the market.

Read More

The Connected World: A Look At Mobile Security?

Smartphones are a truly extraordinary technology.  Like an electronic Swiss Armor Knife, they are seemingly magical devices that provide a ton of services in the palms of our hands.  Each day, it seems, a new feature emerges enabling them to do even more.  Using a smartphone a person can video conference, navigate through the perils of rush hour traffic, and download a new recipe for beef stroganoff, just hopefully not at the same time!

Read More

SOC Vendor Due Diligence for Title Agencies

The American Land Title Association (ALTA) Best Practices Framework has been developed to assist lenders in satisfying their responsibility to manage third party vendors. ALTA members advocate a safe and efficient transfer of real estate and have high standards when searching land title records and preparing insurance documents. To provide the best possible chance of avoiding land title problems, risk should be eliminated prior to insuring. As such, effective safeguards should be in place.

Read More

The State of Cybersecurity: How to Prepare For 2015

2014 was a cybersecurity eye opener for all individuals using technology.  The public and many corporations had to personally face the repercussions of the cybersecurity weaknesses throughout all technology.  The whole world was watching this year as cyber-attacks hit one after the other, arguably the worst cybersecurity incident happening in November to Sony Pictures Entertainment.  Not as popular but certainly as devastating, Heartbleed was part of the worst vulnerabilities made public and possibly the worst vulnerability ever released.

Read More

FedRAMP Releases Updated Logo & FedRAMP Forward

  FedRAMPSM has released their newly redesigned logo in coordination with the release of “FedRAMP Forward: 2 Year Priorities.”  FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.  

Read More

Countdown to PCI DSS 3.0 : Lessons Learned from Early Adopters

As most of us know, the PCI DSS assessment effectively moved from version 2.0 to 3.0 at the beginning of 2014.  The new 3.0 version raises security standards to help organizations focus more on the actual payment security aspect rather than the compliance itself.  Having performed many PCI DSS 3.0 assessments this year, we want to share what we’ve learned from working with these early adopter clients.

Read More

Hacking The Holidays: Protect Your Credit Card Information

Unfortunately, the Grinch is not the only one out there wishing to steal Christmas.  While the holidays generally encompass a time of joy and giving, it can also bring with its share of troubles.  It is during these times that people will most often let their guard down.  In the search for the best deal, or perfect gift, people will often overlook or forget about Internet safety precautions.

Read More

It’s Time For An Upgrade: Transitioning Your Current ISMS From ISO 27001:2005 To ISO 27001:2013

A new version of ISO 27001 has been issued and if it’s your job to upgrade your company’s ISO 27001 program from 2005 to 2013, we’re here to help.   The standard was revised for a number of reasons including addressing new technology, to comply with the ISO/IEC directive and make compliance simpler for organization that are certified with more than one management system.  So now that you know he why, let’s look at the how. The first thing you’ll want to look at is the deadlines and make a timeline for transition, which will depend on the current state of your ISMS.  The deadlines for transition are as follows:

Read More

Understanding the PCI Security Standards Council’s Information Supplement on Third-Party Security Assurance

By: Vincent Booker, Senior Consultant at A-LIGN Understanding the PCI Security Standards Council’s Information Supplement on Third-Party Security Assurance: What You Should Be Asking Based on the New Requirements and Guidance. Third-Party Security Assurance As companies expand their reliance on third-party services providers (“TPSP”s) to store, process, or transmit cardholder…

Read More