CIS Controls 7 CIS RAM
CIS RAM (Center for Internet Security® Risk Assessment Method) was developed by HALOCK Security Labs in partnership with CIS. HALOCK had been providing CIS RAM methods for several years with a positive response from legal authorities, regulators, attorneys, business executives, and technical leaders. (more…)
11 Insights into Cyber Insurance and How It Concerns Your Business
There’s digital gold in your data storage units, computers, networks, and clouds. There is also a large portion of your reputational capital, liability of multiple kinds, and quite possibly the economic viability of your enterprise. With all this at stake, protection against IT incidents and accidents is a priority. However, data backups and IT security measures can only handle so much. Cyber security insurance can (more…)
OVER-SECURING PHI: A DANGEROUS HIPAA VIOLATION | What is reasonable?
Over-securing protected health information (PHI) means protecting the security of PHI so much that patient care or medical research becomes compromised. It may seem strange to hear this from a cyber security firm. After all, security is where HALOCK makes its living. But if your security controls take priority over your medical mission, then you’re doing HIPAA wrong.
PRIVACY VS SECURITY – WHAT’S THE DIFFERENCE?
The ever-increasing demands from laws and regulations to protect personal information comes with confusion about what exactly our protection responsibilities are. One source of that confusion is in the use of the terms “privacy” and “security.” While “privacy” and “security” are both common terms used in laws, regulations, and security standards, they mean very different things and they are managed very differently. In (more…)
Risk Acceptance Levels: Managing the Lower Limits of Security Costs
Last week I presented a topic here at Halock’s blog site on the Hand Rule, also known as the “Calculus of Negligence.” The basic message of the post was that we can use information risk assessments to help us keep our security costs to a reasonable (more…)
If HIPAA Compliance Seems Too Hard … Then You’re Doing it Wrong. Here are the Basics of Doing it Right.
In April of 2013 the Office of Civil Rights, the branch of the Department of Health and Human Services that oversees compliance with the HIPAA Security Rule, started releasing analysis from their (more…)
Reasonable and Appropriate Data Security
Reasonable and Appropriate Data Security – An interesting case that the FTC filed recently (June 26, 2012) against a well-known hotel chain. (Names omitted for the purposes of this blog.) Notice the similarities to the PCI DSS requirements. (more…)
Mobile Device Security
Mobile devices have become an important aspect of our personal and professional lives. In today’s networked world, we increasingly rely on mobile devices to access sensitive data on corporate networks. While the benefits of mobile devices is continually expanding, so are the risks. (more…)
Network Security Engineering Services
One of the things that makes HALOCK a hybrid services firm is our unique practice groups, plus we bring to the table skill sets ranging from governance and strategy, PCI QSA knowledge, assessments and compliance, security solutions, and very seasoned network security engineering services. (more…)
