Risk Management & Compliance.

Oct 26th, 2020 - New innovations enable organizations to ensure integrity, resilience and brand reputation with the industry first integrated risk platform that is intelligent by design San Jose, CA (October 26, 2020) – MetricStream, the independent market leader in enterprise cloud applications for Governance, Risk, and Compliance (GRC), today announced the release of the latest version of its M7 Integrated Risk platform, with multiple innovations that will enable customers to adopt simple, agile and intelligent approaches to proactively address the changing workforce, risk, regulatory, and ... [Read More]

Oct 26th, 2020 - Shred-it announced the release of its 10th Anniversary Edition Data Protection Report (formerly known as "The Security Tracker: State of the Industry Report"), which outlines data security risks threatening U.S. enterprises and small businesses. The findings are based on a survey conducted by Ipsos, shedding light on trends in data protection practices and the risks American businesses, organizations, and consumers face related to keeping their data secure.   According to the report, nearly half (43%; up 21% from 2017) of C-suite executives (C-suites) and 12% (up 7% from 2017) of small ... [Read More]

Oct 25th, 2020 - The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that was established to transform the security landscape of the healthcare industry. Businesses that are found guilty of a breach or violation of HIPAA rules will have to face repercussions. Part of the HIPAA law includes the HIPAA Breach Notification Rule, which […]…  The post HIPAA Breach Notification - What you need to know appeared first on The State of Security . *** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors . Read the ... [Read More]

Oct 23rd, 2020 - The assessment methodology provided by DoD includes, for the first time, a scoring component. The highest score is 110, which reflects full implementation of all 110 controls in NIST 800-171. If a requirement is not fully implemented, the score is reduced – in some cases by more than the single point given for its implementation.  (Yes, it’s possible, at least theoretically, to have a negative score!)  Partial implementation is generally not credited, although some requirements do include built-in scoring for partial implementation. There are a number of complexities in the scoring that ... [Read More]

Oct 23rd, 2020 - Share this article on: LuxSci, the Massachusetts-based provider of HIPAA-compliant email communications services, has announced it has achieved HITRUST CSF Certification. The HITRUST Common Security Framework (CSF) is a comprehensive, certifiable framework for organizations that create, access, store, or transmit sensitive and regulated data.  The HITRUST CSF consists of a prescriptive set of scalable controls that confirm to multiple regulations and standards, including those of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and the ISO/IEC 27000-series. ... [Read More]

Oct 22nd, 2020 - Risk management has never been more important, especially at a time when data breaches continue to increase. There are numerous high-profile examples involving the theft of employee data. Identity fraud cases exceed 10 million annually, but that’s just the tip of the iceberg. More than 4 billion records were breached in the first half of 2019 alone. By September, that number had nearly doubled , reaching 7.9 billion for the first nine months of the year. To mitigate the risk of future cyber incidents, HR teams need to feel confident that their processes and the providers they work with ... [Read More]

Oct 22nd, 2020 - Agility is crucial for IT to keep pace with the business. To get there, CIOs should focus on two key building blocks. The path to agility often runs directly through the CIO’s office. Responsible for digital projects that grow competitiveness, as well as driving the organization’s transition to enterprise-wide agility, CIOs must adopt change within their departments and help the business become an agile enterprise. To achieve these goals, CIOs must facilitate both an agile culture and agile technology automation supported by a digital business technology platform that can adapt to quickly ... [Read More]

Oct 21st, 2020 - Is telehealth a security risk? Easy answer: yes, it is a risk… just as much as any other web accessed private data is. However, that doesn’t mean we shouldn’t take advantage of what telehealth or telemedicine offers us, especially so in this COVID pandemic we are facing. The Security Risks of Telehealth First, let’s discuss how telehealth is a security risk. Any time you are putting your personally identifiable information (PII) or personal health information (PHI) into a system, whether public or private, you are risking that information being stolen or corrupted. However, this ... [Read More]

Oct 21st, 2020 - Industry experts continue to raise serious concerns about the way forward for the Defense Department’s cybersecurity maturity model certification (CMMC) program. A technology industry representative told reporters yesterday that the interim rule DoD published in September didn’t offer enough clarity about the certification process, the costs to become certified and whether there will be reciprocity with other cyber standards. Comments on the interim rule are due Nov. 30 and so far more than despite repeated attempts by industry and others to raise these problems. “The interim rule in ... [Read More]

Oct 21st, 2020 - Introduction The Verizon Data Breach Investigations Report, or the Verizon Data Breach Report, is an annual report intended for information security professionals. It summarizes 3,950 confirmed data breaches and is a collection of work from 81 contributors spanning 81 countries and has grown more than a little bit since last year’s twelfth edition.  Navigating this year’s Verizon Data Breach Report may be a bit confusing, as its format has changed. Fortunately, this article will do the legwork for you! It will offer a summary of the Verizon Data Breach Report as well as key findings that ... [Read More]