by Jeremy Sporn | Mar 16, 2018 | ISMS Consulting
“Covered Entities” that have not yet submitted a certification of compliance for the New York Department of Financial Services’ NYDFS 500 Cybersecurity Regulation (also known as 23 NYCRR 500) received a none-too-gentle “reminder” earlier this month that they need to...
by Chris Banta | Dec 13, 2017 | InfoSec Strategies
We see plenty of organizations that are compliant—but not secure. Yet rarely, if ever, do we find an organization to be secure but not in compliance. Cybersecurity regulators care about compliance, but hackers are opportunistic and the slightest risk can lead to a...
by Jeremy Sporn | Nov 30, 2017 | ISMS Consulting
The Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) is steadily gaining traction in the healthcare industry, with major players like Anthem, Highmark, Humana and UnitedHealth Group requiring their business associates (BAs) to obtain HISTUST...
by Michael Walsh | Oct 3, 2017 | ISMS Consulting
When most people think of audits in general, they’re imagining mundane, cookie-cutter affairs that are about as interesting as watching goldfish. Yet I’ve never had two cybersecurity audits that followed the same path. There’s always some kink in the road. And it’s...
by Jeremy Sporn | Sep 22, 2017 | InfoSec Strategies
What Happened? We now know the Equifax data breach, which impacts almost 60% of the US adult population, was preceded by another breach or series of breaches of unknown magnitude back in March. We also know the July mega breach exploited a flaw in third-party code...