Identifying the key steps to becoming NIST compliant means determining whether you want to be NIST 800-52 or NIST 800-171 compliant.
The HIPAA Physical Safeguards risk review focuses on storing electronic Protected Health Information (ePHI). While the Security Rule focuses on security requirements and the technical safeguards focus on the technology, the physical safeguards focus on facilities and hardware protection. Healthcare providers, covered entities, and business associates must undergo audits to prove regulatory compliance so that they can assure new customers of their security posture. Beginning the road to HIPAA compliance requires assessing security risk and mitigation controls. A HIPAA Physical Safeguards Risk Assessment Checklist What is HIPAA? HIPAA was enacted in 1996 to protect information as people moved from one job to another. The US Department of Health and Human Services (HHS) additionally passed the Privacy Rule in 2003, defining Protected Health Information (PHI) as “any information held by…
Insight On Evolving Practices: Secure Controls Framework (SCF) Hackers share information on attack methods with other hackers, so why shouldn’t the good guys share information on how to best protect an organization? That concept led a coalition of cybersecurity and privacy experts to take action and make a difference. The result is the Secure Controls Framework (SCF). The SCF is focused on helping companies become and stay compliant with a vast array of cybersecurity and privacy requirements. The glue that ties Governance, Risk and Compliance (GRC) together is a uniform set of controls. The goal of the SCF is to provide a free solution to businesses that addresses cybersecurity and privacy control guidance to cover the strategic, operational and tactical…
The ONC Security Risk Assessment Tool incorporates 205 pages with 156 questions. This checklist helps organizations organize basic technology safeguards controls.
The NIST Security Risk Assessment Tool incorporates 205 pages with 156 questions. This checklist helps organizations organize basic controls.
ISO standards 9001, 31000, and 27001 provide customer confidence in an organization's quality, management, and control over information technology.
COSO and COBIT 5 dovetail to ease IT governance concerns for organizations complying with SOX 404 financial reporting requirements
Creating asset manager baselines means understanding what a SOC 1 report is and how to use it effectively in managing the quality of service providers.