Recent Posts

Dec 10, 2019 6:30:00 AM

Cyber 2020: The Year of Situational Awareness

Situational Awareness: words that were ingrained in my psyche during my years in the military. The phrase is simply defined as, “the perception of environmental elements and events with respect to time or space, the comprehension of their meaning, and the projection of their future status.” By gaining situational awareness, IT teams can begin to form an idea of how an environment should be securely maintained and how it will likely evolve in the near future. Additionally, enhanced situational awareness will likely allow organizations to see a more logical approach to anticipating the future trends in cybersecurity as a whole.

Topics: cybersecurity, ransomware

Nov 27, 2019 6:00:00 AM

12 Tips for Safe Online Shopping this Holiday Sale Season

As the Holiday Season presents itself once again, consumers take to smartphones, tablets, and laptops to research and buy gifts for family, friends, and loved ones. Online shopping proves to be a convenient alternative for consumers in our hurried societies; however, ecommerce also presents increased risk of financial fraud and identity theft.

Topics: online shopping

Nov 15, 2019 6:30:00 AM

Friday Brief: The End is Near, Windows 7 End of Support

This year, Microsoft announced End of Support for Windows 7 will begin on January 14, 2020. As we approach the new year, organizations still running Windows 7 should – if you haven’t already – prepare to transition to Windows 10. What does End of Support mean, exactly?

Topics: Software End of Support

Nov 1, 2019 6:30:00 AM

Friday Brief: How Contractors can Prepare for Upcoming CMMC Requirements

What is the CMMC? Earlier this year, the DoD announced a new standard for cybersecurity certification of its contractors and sub-contractors. The standard is known as Cybersecurity Maturity Model Certification and includes a five-tier approach to determining the adequacy and effectiveness of contractors’ controls and processes for protecting the department’s controlled unclassified information (CUI).

Topics: NIST 800-171

Jul 16, 2019 6:30:00 AM

XaaS, Part 1: Demystifying "The Cloud"

Laying the Foundation Cloud computing is here to stay, and businesses of all sizes are strategizing to catch up and keep up. In this multi-part series, we will demystify cloud computing by first defining what "the cloud" is. Future blog posts in this series will evaluate the unique advantages and challenges related to various cloud computing as a service - "aaS" models. 

Mar 28, 2019 9:30:00 AM

How HIPAA Compliance Efforts May Impact Your Overall Security Posture

HIPAA security and privacy rule requires many resources for an organization to be compliant. Resources can be time consuming and often create operational issues and financial burden for covered entities. Organizations often believe that there is one solution out there that will make achieve compliance or, more importantly, secure the organization.

Topics: HIPAA

Mar 7, 2019 9:00:00 AM

3 Data Governance Strategies for Financial Institutions

Read Time: 5 Minutes Data Governance is how we describe the processes and management of data in any given organization. This includes the processes around the protection and use of data. In our specific context today, we will be discussing data governance for a financial institution (FI).

Topics: Data Governance

Feb 21, 2019 6:30:00 AM

2018 SOC 2 Criteria and Positive Cybersecurity Impacts

How the AICPA’s 2018 SOC 2 Update can Positively Impact your Cybersecurity Model and Organization READ TIME: 2 minutes In January 2018, the AICPA released detailed guidance on its newest SOC 2 Common Criteria (based on COSO 2013 Framework for an entity-wide reporting level). The new framework officially went into effect December 15, 2018. Many organizations, including some of HORNE’s clients, were early adopters of the new framework and have already benefited greatly from its guidance.

Topics: SOC 2

Jan 24, 2019 9:30:00 AM

What's Missing from Your Security Strategy?

I have seen that there’s often a flaw in logic with organizations when it comes to cybersecurity. The market has been flooded with products and services that “AUTOMAGICALLY” take care of security and stop attackers. That’s right, “automagically.”

Jan 10, 2019 9:30:00 AM

HHS Finally Offers Cybersecurity Guidance to Healthcare Organizations

I’ve worked with healthcare organizations of all sizes for many years and questions are regularly asked about what the best controls framework is for building a cybersecurity program. Surprisingly, very little guidance related to cybersecurity has been provided by the government in the past years even though healthcare has been one of the prime targets of hackers.

Topics: Cyber Assurance Insights, HHS Guidance, NIST

Oct 31, 2018 9:30:00 AM

Cybersecurity Lessons from WWII Propaganda

In honor of National Cybersecurity Awareness Month, let's look at how principles from World War II propaganda can teach us valuable lessons in the way we treat cybersecurity today.

Topics: Executive Insights

Oct 24, 2018 9:30:00 AM

SOC for Cybersecurity: Providing Board Members the Keys to the Castle

Earlier this year, the AICPA’s Center for Audit Quality (CAQ) released their Cybersecurity Risk Management Oversight: A Tool for Board Members. In this document are questions to help direct a conversation to understand the relationship between cybersecurity risk oversight and disclosures.

Topics: SOC for Cybersecurity

Oct 17, 2018 8:56:00 AM

Six Considerations for Purchasing Cyber Insurance

In our most recent blog, Brad Pierce discussed what a cyber insurance policy is not. It is not a savior in the wake of a data breach. It is not a replacement for proactive, resilient security measures. What it is, however, is a component of an effective incident response strategy. In this post, I would like to take the time to discuss considerations organizations should take when purchasing a cyber insurance policy.

Sep 25, 2018 9:30:00 AM

Developing an Incident Response Strategy: Preparing for the "What Ifs"

When we think about the impact of an unexpected event, it can often leave us with varying emotions. In many cases, those emotions are not pleasant… such as panic and stress, feeling vulnerable or lacking control over the world around us.

Topics: incident response

Aug 16, 2018 9:30:00 AM

NIST Upcoming Mobile Application Security Recommendations

Turning Attention to Mobile Applications

Topics: Cyber Assurance Insights

Aug 9, 2018 9:30:00 AM

Lessons Learned from SOC for Cybersecurity Readiness Assessments

During 2017, the AICPA issued a formal framework to allow independent accounting firms to attest to the cybersecurity related posture for companies. In connection with this issuance, firms are able to help companies assess their current environment prior to the actual audit. The goal of this assessment is to allow companies to prepare for the audit to ensure their control environment is sufficient to pass the rigorous SOC for Cybersecurity audit. 

Jul 5, 2018 10:30:00 AM

Going Beyond HIPAA Compliance to Elevate Your Security Posture

Health Insurance Portability and Accountability Act (HIPAA) Security and Privacy ruling provides standards for required and addressable security and privacy standards around patient medical records and other health information for covered entities.

Topics: Cyber Assurance Insights

Jun 28, 2018 9:30:00 AM

NIST for Cybersecurity: What You Need to Know About the Framework v1.1 Update

At the end of April, NIST released the v1.1 update to its Cybersecurity Framework (‘CSF’). (See our introduction to the Framework through our most recent blog article.) HORNE had the opportunity to attend the NIST update webinar last month. Below is a summary of the the latest updates to be considered by your organization if you currently utilize or plan to utilize the Cybersecurity Framework.

Topics: Cyber Assurance Insights

Jun 26, 2018 9:30:00 AM

NIST for Cybersecurity: Understanding the Framework

NIST Cybersecurity Framework (CSF) Overview The NIST Cybersecurity Framework is a cybersecurity risk management program developed with a focus on industries necessary to national and economic security, such as the energy, banking, communications and defense sectors. Due to its flexibility, however, both small and large companies have adopted the Framework across every industry sector, including federal, state and local governments.

Topics: Cyber Assurance Insights

Mar 6, 2018 10:30:00 AM

Choosing the Right Security Option for Your Organization

Cybersecurity in layers has been the go-to security model for some time now. There’s no one solution that will properly secure your organization’s network and sensitive information. In today’s environment, it takes an orchestra of teams, tools, and active threat detection and prevention operations to properly secure your organization from an attacker. It has become very clear that traditional layers, such as anti-virus, firewalls and monitoring tools, are just not enough.

Topics: Penetration Testing, cybersecurity, advanced penetration testing, Security Budget, Executive Insights, Good Enough Cybersecurity

Aug 10, 2017 10:00:00 AM

How Secure Are Your Vendors?

The spotlight on the topic of vendor management has been shining even brighter lately with a large number of data breaches resulting because of poor vendor processes. With vendors being a key reason for the success of companies in today’s economy, companies have a responsibility to ensure efficient processes are in place when contracting with and working daily with vendors. 

Topics: Cyber Assurance Insights

Jun 23, 2017 7:05:00 AM

Four Steps to Managing Vendor Security

Target. Home Depot. Wendys.  The stories of significant cyber breaches are in the headlines every day.  Board members and CEOs are growing more and more concerned about cyber risk management in their organization.  But most don’t realize that each of the three breaches listed above were linked to 3rd party service providers and business associates.

Topics: SOC for Cybersecurity, Cyber Assurance Insights

Jun 22, 2017 10:02:00 AM

Breaking Bank: Episode 3

Over the last several weeks we have witnessed the story of a Bank who thought that compliance was enough to keep their customer’s information and the Bank’s reputation secure.

Topics: Cyber Assurance Insights

Jun 13, 2017 10:03:00 AM

Why an Engaged C-Suite Matters in Improving Cyber Security

In a recent article, I talked about how the C-Suite can get past not being technical and take an offensive mindset to cyber security. I think the big message there was to get involved. Part of an organizations IT leadership and consultant’s responsibility is to provide logical explanations of the threats and vulnerabilities that exist and how they can impact confidentiality, integrity, and availability of an organization’s operations, and the C-Suite should want to hear about it.

Jun 1, 2017 10:03:00 AM

Breaking Bank: Episode 2

Last month we began the story of a very ambitious bank filled with well-intentioned individuals who love their jobs and want to see their customer’s information protected.

Topics: Cyber Assurance Insights