Legal Services

What to Expect from PCI DSS 3.2

Earlier this year, we wrote about how to prepare for PCI DSS 3.2. Now, organizations should begin to implement changes with the PCI DSS 3.2 official release. These standards should be adopted as soon as is possible, as version 3.1 will expire on October 31,…

Read More

Phase 2 of the HIPAA Audit Program Launches

Author: Gene Geiger, CPA, CISSP, CCSK, QSA, PCIP, ISO 27k LA, and Partner at A-LIGN. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced Phase 2 of the HIPAA Audit Program. Every covered entity and business associate will be eligible to be…

Read More

ISO 27001: The Four Most Common Post-Certification Pitfalls

Author: Gene Geiger, CPA, CISSP, CCSK, QSA, PCIP, ISO 27k LA, and Partner at A-LIGN. Becoming ISO 27001 certified is a rigorous process for most organizations but the work should not stop after receiving the sought after certification. We want to ensure that your organization does not fall…

Read More

Preparing for PCI DSS 3.2 in 2016

  Author: Dustin Rich, CISSP, (ISC)2, CISA, ISACA, PCI QSA, PA QSA, MCSE, CCNA, CCA, and Managing Consultant at A-LIGN. This update, which will likely take place of the previously anticipated Q4 2016 update, will include changes that aim to take into account…

Read More

Illusion of Insignificance: Cybersecurity and the Small Business

Author: Stuart Rorer, Senior Consultant at A-LIGN. “Big Box Store ABC Has Been Hacked, Customer Card Information Exposed!” “E-Commerce Giant Acme Inc., Suffers Cyber Intrusion” Headlines like these are appearing each day, most of which seem to apply to big box stores…

Read More

More Passwords, More Problems: A Look into Biometric Authentication

What’s your password? Studies show that you likely use more than 15 different passwords, but more than half of you admit to using a weak password. So how do companies fare with inconsistent password usage and standardization? Even companies with incredible security practices can become vulnerable due to a forgetful employee who…

Read More

2015 Data Breaches – The Year In Review

Author: Greg Johnson, Vice President of Business Development at A-LIGN. Data breach was alive and well in 2015 with some of the largest breaches in history occurring last year. The Office of Personnel Management (OPM), or in other words our Federal Government, was hacked to the tune of 21.5 million…

Read More

The Do’s and Don’ts of Bridge Letters (SSAE 16 Reporting)

You finally received your SOC 1/SSAE 16 report, only to realize that your coverage does not cover the entire year. So what happens in the remaining months of the year beyond the coverage of the report? Is it necessary that you receive another report to cover the remainder of the…

Read More

CFPB, the Automotive Industry, Technological Services and Beyond

Who needs to be prepared for the CFPB exam and who does it affect? The Consumer Financial Protection Bureau (CFPB) Exam is an extensive audit to supervise consumer finance markets including: Banks Credit unions Financial agencies Debt collection agencies However, financial institutions are not the only ones that need to…

Read More

It’s Time For An Upgrade: Switching from ISO 27001:2005 to 2013

As a reminder a new version of ISO 27001 has been issued and the deadline for updating your company’s ISO 27001 program from 2005 to 2013 is quickly approaching.  There are some significant changes to ISO 27001 in the newest 2013 edition.  Utilizing the guidelines in ISO…

Read More