compliance

Making Sense of HiTrust Certification

Proper handling, management, and storage of protected health information (PHI) and electronic protected health information (ePHI) are critical in the healthcare industry.The federal government and different regulatory bodies have dozens of guidelines on the handling and storage of patient health information. Failure to adhere to the requirements has various consequences, including substantial fines and even […]

Making Sense of HiTrust Certification Read More »

Guide – Scoping PCI DSS

Leave a Comment / Try This / Simon

Any business that accepts credit cards online for good or services rendered needs to comply with the Payment Card Industry Data Security Standard (PCI DSS).PCI DSS comprises of several guidelines that merchants must comply with to protect their customers’ credit card data. However, many companies struggle with security requirements. In most organizations, InfoSec managers are

Guide – Scoping PCI DSS Read More »

applications assessment cardholder data cardholder data environment compliance devices infrastructure networks pan payment card industry data security standard pci pci dss personally identifiable information security standards council self systems

Scoping a SOC2 Audit

Leave a Comment / Try This / Simon

In decades gone by, for service companies, conducting a Service Organization Control (SOC) 2 audit was considered more of a rite of passage that separated the biggest players in the market from the “others” category.“Wow, we have grown so prosperous that big and important clients now require that we do important things. We now need

Scoping a SOC2 Audit Read More »

audit availability compliance confidentiality cybersecurity internal controls privacy processing integrity readiness assessments reciprocity security service organization control trust services principles

What You Need to Know About Penetration Testing

Leave a Comment / Try This / Simon

If your organization frequently processes payment, then you’re obliged to comply with the Payment Card Industry Data Security (PCS DSS). This regulation protects the sensitive cardholder information. The PCI DSS has several prescriptive elements, and you must perform penetration testing and choose the methods that will undoubtedly show that you have sufficient controls to protect

What You Need to Know About Penetration Testing Read More »

application layer author bio automated tools black box assessment compliance critical systems grey pci dss penetration testing testing environment vulnerability scan white

Why Compliance is the Business Buzzword to Watch

Leave a Comment / Try This / Simon

As a business owner or manager, you need to be aware of the latest buzzwords and requirements which will ensure you grow and thrive as a company.One of the essential buzzwords in business is compliance. Compliance is the requirement for a company to adhere to specific laws and workplace rules. There are numerous areas of

Why Compliance is the Business Buzzword to Watch Read More »

business owner compliance consumer data cybercrime data data security regulations data theft discrimination e-learning google hacking laws manager new regulations privacy recruitment regulatory steps security user privacy workplace rules

KPIs for Measuring Compliance Effectiveness

Leave a Comment / Money, Try This / Simon

Key performance indicators (KPIs) were easier to measure in 1996 than they are today. All you needed is someone to review documents and award a score in a very short time. It was similar to telling the performance of a student just by looking at his grades.Today, the process has evolved with sophistication of information

KPIs for Measuring Compliance Effectiveness Read More »

business objectives compliance cybersecurity data protection data security governance information assets information security ken lynch metrics performance indicators reciprocity risk risk assessment risk management saas software