Risk & Compliance News.

Jun 11th, 2021 - The Cloud Security Alliance (CSA) on Thursday released new guidance for health care delivery organizations (HDOs) that aims to provide processes and controls needed to ensure the privacy and security of cloud-based telehealth patient information. Developed by the CSA’s Health Information Management Working Group , the Telehealth Risk Management During the pandemic, the rules governing telehealth changed dramatically, prompting HDOs to quickly update and revise their governance and risk ... [Read More]

Jun 11th, 2021 - Risk Quantification doesn’t have to be a heavily complicated exercise – you can jump into risk quantification without jumping into the deep waters of complex statistical models. re you ready for risk quantification? Follow this decision tree to understand if you’re ready for risk quantification today – or if not, what actions you can take to enhance insights today that will support risk quantification in the future. Use this infographic to: Identify how you score risk today Qualify what ... [Read More]

Jun 11th, 2021 - “Explaining CMMC to my colleagues is harder than explaining Bitcoin to my grandmother.” That’s the comment that caught the attention of Matthew Travis, CEO, CMMC Accreditation Body , and gave him the pull to discuss CMMC opportunities and challenges at day three of the NCMS Seminar, an annual training event for security professionals. The Cybersecurity Maturity Model Certification (CMMC) was designed to provide increased IT assurance across the DoD. The CMMC puts teeth into requirements ... [Read More]

Jun 11th, 2021 - Prior to the U.S. government ’s National Archives and Records Administration’s (NARA) implementation of the Controlled Unclassified Information ( CUI ) protection framework, government agencies employed ad hoc agency-specific policies, procedures and markings to safeguard and control all information that did not meet the criteria required for classification. The rule was designed to primarily safeguard sensitive government data that had not been designated confidential or secret while it ... [Read More]

Jun 9th, 2021 - Healthcare organizations experience constant tension between two priorities: improving patient care, and controlling costs. To find the proper balance and focus on both of these priorities, healthcare organizations have to focus on providing positive experiences, managing resources, and innovating technology. At the same time, a myriad cyber-related threats plague healthcare organizations, with few of greater concern than ransomware. For a healthcare organization, the ramifications of a ... [Read More]

Jun 8th, 2021 - Verizon's Chris Novak Discusses Highlights From 2021 Breach Investigations Report Ransomware attacks have evolved over the years as attackers have come out with new strategies for digital extortion, says Chris Novak, global director of the Threat Research Advisory Center at Verizon Business Group. "We are now starting to see third-party extortion. This is where they [hackers] hold your system hostage, steal your data, not only ask you to pay ransom but go through your data and ask your ... [Read More]

Jun 7th, 2021 - As a security leader, you feel confident in your organization’s security stance. Your team worked hard to build a culture prioritizing security. Risk management is viewed as serious business, and your organization proudly displays SOC2 , ISO 27001 , and PCI-DSS while strictly adhering to privacy laws like GDPR . But what about the third parties in your supply chain ? Specifically, are the software vendors you’re using prioritizing security? Are they doing everything possible to keep their ... [Read More]

Jun 7th, 2021 - A year removed from the start of the COVID-19 pandemic, the long-term effects the shift in work culture will have on the compliance profession have become more apparent. The “ Cost of Compliance Report 2021 ” by Thomson Reuters Regulatory Intelligence reflects these changes. The annual report, which generated responses from more than 720 practitioners across financial services worldwide, details how compliance officers in the industry have adapted to the new normal at their workplaces and ... [Read More]

Jun 7th, 2021 - Right now, your company is likely working with dozens or hundreds of third-parties (e.g., SaaS vendors, cloud infrastructure, professional service firms) to handle all kinds of business processes. Some of them are in possession of your company’s IP and/or sensitive (and regulated) customer data. Do you know who these critical vendors are? Have you made sure that they’re really able to protect valuable information from sophisticated threat actors? Doing due diligence on your vendors — ... [Read More]

Jun 7th, 2021 - Is It Time We Retire the GRC Acronym? In 2008, SAP asked me to take a leadership position in speaking about GRC. I was ready for a change, as SAP had acquired my company (Business Objects, where I had led both internal audit and risk management as a vice president). While I had been offered an interesting opportunity in a risk management role with the company, I was less than enthusiastic about it. I had enjoyed speaking at IIA and other conferences and seminars over the years, and the idea of ... [Read More]