Specific HITRUST requirements are available through HITRUST’s MyCSF portal and will include various implementations of foundational security measures and controls depending on your organization and the type of HITRUST assessment you are performing.
An example of insecure credit card number storage comes from one of our PCI assessors, where a company explained how they processed their credit cards.
Overview of key changes in the CIS controls update. See what’s new in the CIS Controls (v8) and how this free resource can help maximize your security.
The NIST cybersecurity framework can help guide small-to-medium sized organizations improve their cybersecurity posture.
Criminals have countless methods and types of phishing emails to trick email users.
How do you block access to your systems (and sensitive data) from hackers in the outside world?
System logs are part of HIPAA compliance and specifically mentioned in two different requirements.
Log management and regular log review could help identify malicious attacks on your system.
Merchants must “address all known security vulnerabilities and [be] consistent with industry-accepted system hardening standards.”
Learn how to help your employees be better prepared to fight against social engineering tactics.
If you’re a service provider, you may have some different PCI requirements based on what level you are.
The biggest difference between SAQ A and SAQ A-EP is based on how cardholder data is handled.
There are some key changes to the PCI DSS 4.0 SAQ questionnaires you will want to be aware of.
You will need to be compliant with PCI DSS 4.0 by March 31, 2025. We recommend starting your transition to 4.0 by reading the documents that explain the new PCI standard, including the executive summary, which has a lot of good information in it.
Lack of budget is a plague that affects risk and compliance officers at health organizations of all sizes. This post will give you the information you need to more accurately plan your HIPAA budget.
Why do you need to comply with PCI if you’ve already taken care of HIPAA?
My stance on patient sign-in sheets is that unless there is a valid business reason for having them, don’t do it.
Is it your responsibility to ensure that your clinic is HIPAA compliant?
Whether you’re a CIO, the head of IT, or in a non-security-related position, if your data security practices are unclear, your company is at a greater risk to a data breach.
Performing an SAQ A version 4.0 Self-Assessment: Several new requirements, both existing in version 3.2.1 of the standard and some newly created for version 4.0, have been added to increase the security of outsourced ecommerce environments.
Data breaches can be devastating. Here are 5 steps that will help you manage a healthcare data breach.
There are two website prefixes: One shows the site you are on is secure (HTTPS), and the other does not (HTTP).
Tokenization is used for securing sensitive data, such as a credit card number, by exchanging it for non-sensitive data - a token.
.svg)
