How do you secure data on mobile devices? Physical security and mobile device policies are good at protecting the device itself, but another way to protect the data on the device is mobile encryption.
To discover your PCI scope and what must be included for yourPCI compliance, you need to identify anything that processes, stores, or transmits cardholder data, and then evaluate what people and systems are communicating with your systems.
Specific HITRUST requirements are available through HITRUST’s MyCSF portal and will include various implementations of foundational security measures and controls depending on your organization and the type of HITRUST assessment you are performing.
An example of insecure credit card number storage comes from one of our PCI assessors, where a company explained how they processed their credit cards.
What is a Managed Firewall and Do You Need One?
Overview of key changes in the CIS controls update. See what’s new in the CIS Controls (v8) and how this free resource can help maximize your security.
The NIST cybersecurity framework can help guide small-to-medium sized organizations improve their cybersecurity posture.
Criminals have countless methods and types of phishing emails to trick email users.
How do you block access to your systems (and sensitive data) from hackers in the outside world?
System logs are part of HIPAA compliance and specifically mentioned in two different requirements.
Log management and regular log review could help identify malicious attacks on your system.
Merchants must “address all known security vulnerabilities and [be] consistent with industry-accepted system hardening standards.”
Learn how to help your employees be better prepared to fight against social engineering tactics.
The biggest difference between SAQ A and SAQ A-EP is based on how cardholder data is handled.
There are some key changes to the PCI DSS 4.0 SAQ questionnaires you will want to be aware of.
You will need to be compliant with PCI DSS 4.0 by March 31, 2025. We recommend starting your transition to 4.0 by reading the documents that explain the new PCI standard, including the executive summary, which has a lot of good information in it.
Lack of budget is a plague that affects risk and compliance officers at health organizations of all sizes. This post will give you the information you need to more accurately plan your HIPAA budget.
Why do you need to comply with PCI if you’ve already taken care of HIPAA?
My stance on patient sign-in sheets is that unless there is a valid business reason for having them, don’t do it.
Is it your responsibility to ensure that your clinic is HIPAA compliant?
Whether you’re a CIO, the head of IT, or in a non-security-related position, if your data security practices are unclear, your company is at a greater risk to a data breach.
Performing an SAQ A version 4.0 Self-Assessment: Several new requirements, both existing in version 3.2.1 of the standard and some newly created for version 4.0, have been added to increase the security of outsourced ecommerce environments.
There are two website prefixes: One shows the site you are on is secure (HTTPS), and the other does not (HTTP).
This blog will cover the three types of HITRUST CSF certifications. It will also cover what you can expect to achieve upon completion of each type of assessment and general guidelines of which assessment is best for your organization.
.svg)