H. Todd once said, “if you have no destination, any road will get you there”. How can you pick a road to somewhere when you don’t know where you are going? How do you get “there” when you don’t know or don’t care where “there” is? Or more specifically, having a direction. Where are you going? Until you can answer that question, you can’t say that any one route is better than another. Any road will …
The Payment Card Industry – Data Security Standard or PCI-DSS is a set of standards created to help organizations provide a secure environment for cardholder data. PCI-DSS compliance is not an easy task for any organization, but it is especially hard for small businesses and enterprises. The problem with PCI-DSS is that it requires a lot of time and effort without giving much in return – which means that the costs are high. The PCI-DSS …
RMF: The Basics The risk management framework (RMF) is designed to help organizations understand the risks to their information and information systems and manage those risks in order to maintain their security. The RMF helps organizations identify, assess, protect and monitor their information and information systems. It also helps organizations determine how well they are managing risk. NIST provides a variety of resources for implementing the RMF including guidance on developing an authorization to operate (ATO) process, …
In this post, we will discuss how organizations can grow with cyber security compliance. In a world where data breaches and cyber attacks are happening every day, it is essential for organizations to take the necessary steps to protect their data and information from these threats. To do so, they must implement a cybersecurity compliance program that is tailored to their needs. This program should cover all the areas of their business, from IT infrastructure …
In enacting HIPAA, Congress mandated the establishment of Federal standards for the privacy of individually identifiable health information. When it comes to personal information that moves across hospitals, doctors’ offices, insurers or third party payers, and State lines, our country has relied on a patchwork of Federal and State laws. Under the patchwork of laws existing prior to adoption of HIPAA and the Privacy Rule, personal health information could be distributed—without either notice or authorization—for …
