Title industry

SOC Vendor Due Diligence for Title Agencies

The American Land Title Association (ALTA) Best Practices Framework has been developed to assist lenders in satisfying their responsibility to manage third party vendors. ALTA members advocate a safe and efficient transfer of real estate and have high standards when searching land title records and preparing insurance documents. To provide the best possible chance of avoiding land title problems, risk should be eliminated prior to insuring. As such, effective safeguards should be in place.

Read More

The State of Cybersecurity: How to Prepare For 2015

2014 was a cybersecurity eye opener for all individuals using technology.  The public and many corporations had to personally face the repercussions of the cybersecurity weaknesses throughout all technology.  The whole world was watching this year as cyber-attacks hit one after the other, arguably the worst cybersecurity incident happening in November to Sony Pictures Entertainment.  Not as popular but certainly as devastating, Heartbleed was part of the worst vulnerabilities made public and possibly the worst vulnerability ever released.

Read More

Hacking The Holidays: Protect Your Credit Card Information

Unfortunately, the Grinch is not the only one out there wishing to steal Christmas.  While the holidays generally encompass a time of joy and giving, it can also bring with its share of troubles.  It is during these times that people will most often let their guard down.  In the search for the best deal, or perfect gift, people will often overlook or forget about Internet safety precautions.

Read More

How to Differentiate Your Title Agency for Success in a Dynamic Market

By: Blaise Wabo, Senior Consultant at A-LIGN In 2012 the Consumer Financial Protection Bureau (CFPB) released a bulletin related to service providers’ oversight, in which they expect supervised banks and nonbanks (lenders) to oversee their business relationships with service providers in a manner that ensures compliance with Federal consumer financial…

Read More

3 Step Guide on How To Avoid Data Breaches Through Soft Targets

By: Chris Berberich, Senior Consultant and Penetration Tester at A-LIGN In the real world of budgets and limited personnel, prioritizing security resources is a must. For the majority of companies who depend on IT resources, prioritizing information security resources is based on the significance of an asset to their overall…

Read More

7 New COSO Updates that Impact Your SSAE 16 Report

By: Scott Price, Managing Partner of A-LIGN The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released an updated version of its “Internal Control – Integrated Framework” in May, 2013. The changes are a progressive move to align its framework with today’s business operating environment, much like the change from SAS 70 to SOC 1/SSAE 16. As technology and business practices evolve, organizations need updated guidance on how and what to address in their internal controls.

Read More

Accredited vs Unaccredited ISO 27001 Certification – Does it Matter?

By: Gene Geiger, Partner of A-LIGN Security and Compliance Services ISO 27001, published by the International Organization for Standardization, is a comprehensive information security standard that defines processes and controls that should be in place for the information security management system (“ISMS”) to protect the sensitive data and technology in your environment. Once these processes and controls are implemented and the ISMS is up and running you are ready to have those processes and controls audited by an outside security company. The certification audit is performed by a certification body (“CB”), like A-LIGN, to assess the conformity of your ISMS with the documented standard. 

Read More

What Everyone Should Take Away from the Recent Retail Breaches

By: Gene Geiger, Partner of A-LIGN Recent Retail Breaches – What Should You Do When news of the Target breach was announced, in the middle of the holiday shopping season, it made headlines and re-kindled the debate on payment card data security and more specifically, the effectiveness of the PCI Data Security Standard (“PCI DSS”), which was established to protect payment card data. This debate has only intensified as news of breaches at other major retailers has surfaced. So what went wrong? How were millions of records exposed? You don’t have to go very far to find the finger pointing and criticism of everyone involved, including Target, the PCI Security Standards Council (“PCI SSC”) and the core infrastructure used in the payment card industry. These discussions will continue and additional guidance may be produced, but at the end of the day, the clients I speak with want to know one thing “What should we do?” Outlined below are some thoughts I would like to share on how to increase the security in your environment.

Read More