CIS Controls 7 CIS RAM
CIS RAM (Center for Internet Security® Risk Assessment Method) was developed by HALOCK Security Labs in partnership with CIS. HALOCK had been providing CIS RAM methods for several years with a positive response from legal authorities, regulators, attorneys, business executives, and technical leaders. (more…)
We Just Gave Away Our Cyber Security Intellectual Property. It was the right thing to do.
Why a Chicago-Based Cyber Security Firm Just Released its Prized IP.
By Chris Cronin, ISO 27001 Auditor, Partner (more…)
PCI Deadline is Fast Approaching on June 30, 2018
by Viviana Wesley PCI QSA, ISO 27001 Auditor – Managing Consultant, Governance & Compliance Services
Cyber security is a moving target. The technology and policies that kept users, devices and data safe at one time are eventually compromised at some point by the growing skills of cyber criminals and technology itself. This is one of the reasons security standards (more…)
Clarifying the new PCI DSS 3.2 Requirements for Service Providers
The process of securing cardholder data is a shared responsibility amongst multiple parties that play a role in the card transaction process. They include merchants, processors, acquirers, backup tape storage facilities, issuers and service providers just to name a few. All of these entities play a part in the far-reaching responsibility of protecting consumer data. The Payment Card Industry (more…)
11 Insights into Cyber Insurance and How It Concerns Your Business
There’s digital gold in your data storage units, computers, networks, and clouds. There is also a large portion of your reputational capital, liability of multiple kinds, and quite possibly the economic viability of your enterprise. With all this at stake, protection against IT incidents and accidents is a priority. However, data backups and IT security measures can only handle so much. Cyber security insurance can (more…)
Chronology of HIPAA, HITECH & the Omnibus Rule
HIPAA is a confusing regulation. Since its enactment on August 21, 1996, it has covered topics as diverse as insurance coverage of unemployed people, efficiency of health care administration, data security, and more recently the improvement of healthcare outcomes. HIPAA has had the complicated history of regulatory revisions, clarifications, and guidance documents from various agencies, and it is still largely misunderstood.
Are Your Security Devices HIPAA Compliant?
Would you be surprised to learn that there is no HIPAA requirement that tells organizations to use a firewall? How about an intrusion detection system (IDS)? Nope. And no requirements for a data loss prevention tool (DLP) either, or a proxy server, or even a security information and event management system (SIEM).
(more…)OVER-SECURING PHI: A DANGEROUS HIPAA VIOLATION | What is reasonable?
Over-securing protected health information (PHI) means protecting the security of PHI so much that patient care or medical research becomes compromised. It may seem strange to hear this from a cyber security firm. After all, security is where HALOCK makes its living. But if your security controls take priority over your medical mission, then you’re doing HIPAA wrong.
COMMON HIPAA VIOLATIONS THAT ARE EASY TO FIX
THE HIPAA ‘DIRTY DOZEN’ – FIND OUT ABOUT THE MOST COMMON HIPAA VIOLATIONS
Time and time again we see many common HIPAA issues arise in both large and small entities. We’ve compiled a list of the most common HIPAA issues that can lead to violations that we see in the field – and most are relatively easy to fix. (more…)
