Jan 1, 2021 10:40:00 AM

Cloud Computing & Risk Management: A Review of the FFIEC's Recent Statement

Out of sight out of mind feels pretty good, doesn’t it? Especially with not only is it out of sight, it is off the ground. Your organization’s data is so far out of reach not only does it feel like you can’t get to it, but there’s an illusion that no one else can either.

Topics: risk management, the cloud

Jan 1, 2021 10:23:00 AM

A Tactical Crisis Response to Healthcare Cybersecurity

Introduction In May the Health Sector Coordinating Council (HSCC) and the Health Information Sharing and Analysis Center (H-ISAC) collectively created a tactical guide for how healthcare organizations can manage their cybersecurity threats during a crisis like COVID-19. During a crisis, the way your company works, specifically your technology and processes, can change dramatically. These changes create new attack surfaces and vulnerabilities.

Topics: COVID 19

Jan 1, 2021 10:11:00 AM

6 Steps to NIST 800-171 Compliance

NIST 800-171 provides a framework for the protection of controlled, unclassified information (CUI). The framework is intended to provide guidance for nonfederal entities working with and accessing the data of federal entities. However, NIST 800-171 serves as a best practice for controls for privacy and security for many types of unclassified data.

Topics: Cyber Assurance Insights, IT GRC, Cyber GRC, Cyber Regulations, Compliance, NIST 800-171

Jan 1, 2021 9:54:00 AM

Providing Peace of Mind Around Your Law Firm's Data Security

Have you ever wondered why Amazon Web Services (AWS) is so focused on security? When you visit their compliance page, they have nearly every privacy and security badge available, noted with the global standards highlighted below:

Topics: cybersecurity, SOC 1 Audit, securing your data, SOC for Cybersecurity, Cyber Assurance Insights, Cyber SOC, Compliance

Jan 1, 2021 9:30:00 AM

OCR Proposed Changes to HIPAA Privacy Rule Part 1

Introduction In January 2021, the Office of Civil Rights (OCR) published its proposed Modifications to the HIPAA Privacy Rule to Empower Individuals, Improve Coordinated Care, and Reduce Regulatory Burdens, and opened for public comment until March 22, 2021. As of March 9, 2021, this comment period has been extended to May 6, 2021.

Jan 1, 2021 9:28:00 AM

OCR Proposed Changes to HIPAA Privacy Rule Part 2

Introduction   In January 2021, the Office of Civil Rights (OCR) published its proposed Modifications to the HIPAA Privacy Rule to Empower Individuals, Improve Coordinated Care, and Reduce Regulatory Burdens, and opened for public comment until March 22, 2021. As of March 9, 2021, this comment period has been extended to May 6, 2021. In Part 1 of our blog, we highlighted the first 4 of the proposed eight (8) changes and how these may impact providers. Today, we’ll go over the remainder.

Topics: HITECH, HIPAA

Apr 13, 2020 6:00:00 AM

COVID-19 and Maintaining the Integrity of Your Information Security Policy

Remote Work and Information Security Policy Exceptions   There is a well-known metric included in risk assessments known as the Annualized Rate of Occurrence, or ARO. Risk events have varying AROs depending on the frequency with which they are expected to occur. Many risk events have AROs that are so low, meaning that the event is so unlikely to occur, that an organization may not have a formal, documented policy or procedure (such as Pandemic Response) that describes how the organization will react or account for the impact of such an event.

Topics: risk management, COVID 19

Apr 10, 2020 8:00:00 AM

5 Policies Critical for Maintaining Security Standards During Pandemic

As businesses continue to work from home in an effort to flatten the curve during the COVID-19 pandemic, it is critical to have effective policies in place. More importantly, your employees should be trained in said policies and be following them accordingly, both in and out of the office. Policies are only as good as your employees’ behavior - strong security hygiene at the user-level helps responsibly manage security risk.

Topics: Cyber Assurance Insights

Apr 7, 2020 6:00:00 AM

5 Tips for Securing a Remote Workforce

As the COVID-19 pandemic continues, a new global remote workforce has emerged in an effort to help flatten the curve. As organizations make this necessary transition, changes to infrastructure to support remote workers may create unprecedented risks and vulnerabilities.

Topics: remote workforce

Apr 2, 2020 6:30:00 AM

Pt. 4: 6 Pitfalls to Avoid in CMMC Level 3

In our previous blog, we discussed the purpose of Level 2 and the requirements that potential contractors will need to meet to achieve readiness for Level 2. As we build upon Level 2 and progress to Level 3, we will provide *Readiness Notes* to highlight potential roadblocks for achieving Cybersecurity Maturity Model Certification (CMMC) Level 3 readiness.

Topics: CMMC

Mar 26, 2020 6:30:00 AM

Pt. 3: Level 2, A Readiness Roadmap to the Cybersecurity Maturity Model Certification

In our previous blog, we discussed the purpose of the Cybersecurity Maturity Model Certification (CMMC) and the requirements potential contractors will need to meet to achieve compliance with Level 1. As we progress to Level 2, we will provide *Readiness Notes* to highlight potential roadblocks for achieving CMMC Level 2 readiness.

Topics: CMMC

Mar 12, 2020 6:00:00 AM

Pt. 2: Level 1, A Readiness Roadmap to the Cybersecurity Maturity Model Certification

In our previous blog, we discussed what it is going to take to achieve readiness for the Cybersecurity Maturity Model Certification (CMMC).

Topics: Cyber Assurance Insights

Mar 4, 2020 6:00:00 AM

A Readiness Roadmap to the Cybersecurity Maturity Model Certification

In our previous blog, we discussed the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S))’s upcoming roll out of approximately 10 large contracts which will require contractors to meet Cybersecurity Maturity Model Certification (CMMC) standards in 2020.

Topics: CMMC

Feb 27, 2020 6:00:00 AM

NIST’s Privacy Framework: An Enterprise-Wide Approach to Protecting Individual Privacy

Framework Overview In January, NIST launched version 1.0 of its Privacy Framework - a voluntary tool to help companies identify and manage their products and services while protecting their customers’ individual privacy.

Feb 20, 2020 6:15:00 AM

Introduction to CMMC Readiness

CMMC Background In an effort to mitigate the cybersecurity risk currently present across all sectors of the Defense Industrial Base (DIB), the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) is rolling out the Cybersecurity Maturity Model Certification (CMMC).

Topics: Cyber Assurance Insights

Jan 2, 2020 8:00:00 AM

Cybersecurity and the Power of Belief

How Rethinking Your Public, Private, and Core Beliefs Can Improve Your Cybersecurity Posture   “Belief” Defined It should come as no surprise to us that belief drives everything we do as humans. In honor of the New Year and resolutions, I’d like to bring a little philosophy to the table and show you how it can improve your organization’s cybersecurity posture.

Topics: Executive Insights

Jan 1, 2020 9:22:00 AM

Testing the Security of Your Remote Infrastructure

There is a lot of uncertainty around where we are headed, both individually and corporately, as we watch, for most of us, one of the most impactful events of our lives unfold day after day. We each have the responsibility to do our part in flattening the curve and, for many organizations, that means implementing alternative work arrangements.

Dec 10, 2019 6:30:00 AM

Cyber 2020: The Year of Situational Awareness

Situational Awareness: words that were ingrained in my psyche during my years in the military. The phrase is simply defined as, “the perception of environmental elements and events with respect to time or space, the comprehension of their meaning, and the projection of their future status.” By gaining situational awareness, IT teams can begin to form an idea of how an environment should be securely maintained and how it will likely evolve in the near future. Additionally, enhanced situational awareness will likely allow organizations to see a more logical approach to anticipating the future trends in cybersecurity as a whole.

Topics: cybersecurity, ransomware

Nov 27, 2019 6:00:00 AM

12 Tips for Safe Online Shopping this Holiday Sale Season

As the Holiday Season presents itself once again, consumers take to smartphones, tablets, and laptops to research and buy gifts for family, friends, and loved ones. Online shopping proves to be a convenient alternative for consumers in our hurried societies; however, ecommerce also presents increased risk of financial fraud and identity theft.

Topics: online shopping

Nov 15, 2019 6:30:00 AM

Friday Brief: The End is Near, Windows 7 End of Support

This year, Microsoft announced End of Support for Windows 7 will begin on January 14, 2020. As we approach the new year, organizations still running Windows 7 should – if you haven’t already – prepare to transition to Windows 10. What does End of Support mean, exactly?

Topics: Software End of Support

Nov 1, 2019 6:30:00 AM

Friday Brief: How Contractors can Prepare for Upcoming CMMC Requirements

What is the CMMC? Earlier this year, the DoD announced a new standard for cybersecurity certification of its contractors and sub-contractors. The standard is known as Cybersecurity Maturity Model Certification and includes a five-tier approach to determining the adequacy and effectiveness of contractors’ controls and processes for protecting the department’s controlled unclassified information (CUI).

Topics: NIST 800-171

Jul 16, 2019 6:30:00 AM

XaaS, Part 1: Demystifying "The Cloud"

Laying the Foundation Cloud computing is here to stay, and businesses of all sizes are strategizing to catch up and keep up. In this multi-part series, we will demystify cloud computing by first defining what "the cloud" is. Future blog posts in this series will evaluate the unique advantages and challenges related to various cloud computing as a service - "aaS" models. 

Mar 28, 2019 9:30:00 AM

How HIPAA Compliance Efforts May Impact Your Overall Security Posture

HIPAA security and privacy rule requires many resources for an organization to be compliant. Resources can be time consuming and often create operational issues and financial burden for covered entities. Organizations often believe that there is one solution out there that will make achieve compliance or, more importantly, secure the organization.

Topics: HIPAA

Mar 7, 2019 9:00:00 AM

3 Data Governance Strategies for Financial Institutions

Read Time: 5 Minutes Data Governance is how we describe the processes and management of data in any given organization. This includes the processes around the protection and use of data. In our specific context today, we will be discussing data governance for a financial institution (FI).

Topics: Data Governance

Feb 21, 2019 6:30:00 AM

2018 SOC 2 Criteria and Positive Cybersecurity Impacts

How the AICPA’s 2018 SOC 2 Update can Positively Impact your Cybersecurity Model and Organization READ TIME: 2 minutes In January 2018, the AICPA released detailed guidance on its newest SOC 2 Common Criteria (based on COSO 2013 Framework for an entity-wide reporting level). The new framework officially went into effect December 15, 2018. Many organizations, including some of HORNE’s clients, were early adopters of the new framework and have already benefited greatly from its guidance.

Topics: SOC 2