Jan 1, 2021 4:03:00 PM

XaaS, Part 2: Infrastructure as a Service (IaaS)

Getting Started with IaaS As a businessperson, deciding whether to deploy an aspect of your business to the cloud can be an ordeal, especially if cloud computing discussions are not a standard part of your workday. In XaaS Part 1, we defined cloud computing, the three standard cloud services models, and four cloud computing architectures. 

Topics: Cyber Assurance Insights

Jan 1, 2021 10:11:00 AM

6 Steps to NIST 800-171 Compliance

NIST 800-171 provides a framework for the protection of controlled, unclassified information (CUI). The framework is intended to provide guidance for nonfederal entities working with and accessing the data of federal entities. However, NIST 800-171 serves as a best practice for controls for privacy and security for many types of unclassified data.

Topics: Cyber Assurance Insights, IT GRC, Cyber GRC, Cyber Regulations, Compliance, NIST 800-171

Jan 1, 2021 9:54:00 AM

Providing Peace of Mind Around Your Law Firm's Data Security

Have you ever wondered why Amazon Web Services (AWS) is so focused on security? When you visit their compliance page, they have nearly every privacy and security badge available, noted with the global standards highlighted below:

Topics: cybersecurity, SOC 1 Audit, securing your data, SOC for Cybersecurity, Cyber Assurance Insights, Cyber SOC, Compliance

Apr 10, 2020 8:00:00 AM

5 Policies Critical for Maintaining Security Standards During Pandemic

As businesses continue to work from home in an effort to flatten the curve during the COVID-19 pandemic, it is critical to have effective policies in place. More importantly, your employees should be trained in said policies and be following them accordingly, both in and out of the office. Policies are only as good as your employees’ behavior - strong security hygiene at the user-level helps responsibly manage security risk.

Topics: Cyber Assurance Insights

Mar 12, 2020 6:00:00 AM

Pt. 2: Level 1, A Readiness Roadmap to the Cybersecurity Maturity Model Certification

In our previous blog, we discussed what it is going to take to achieve readiness for the Cybersecurity Maturity Model Certification (CMMC).

Topics: Cyber Assurance Insights

Feb 20, 2020 6:15:00 AM

Introduction to CMMC Readiness

CMMC Background In an effort to mitigate the cybersecurity risk currently present across all sectors of the Defense Industrial Base (DIB), the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) is rolling out the Cybersecurity Maturity Model Certification (CMMC).

Topics: Cyber Assurance Insights

Jan 10, 2019 9:30:00 AM

HHS Finally Offers Cybersecurity Guidance to Healthcare Organizations

I’ve worked with healthcare organizations of all sizes for many years and questions are regularly asked about what the best controls framework is for building a cybersecurity program. Surprisingly, very little guidance related to cybersecurity has been provided by the government in the past years even though healthcare has been one of the prime targets of hackers.

Topics: Cyber Assurance Insights, HHS Guidance, NIST

Aug 16, 2018 9:30:00 AM

NIST Upcoming Mobile Application Security Recommendations

Turning Attention to Mobile Applications

Topics: Cyber Assurance Insights

Jul 5, 2018 10:30:00 AM

Going Beyond HIPAA Compliance to Elevate Your Security Posture

Health Insurance Portability and Accountability Act (HIPAA) Security and Privacy ruling provides standards for required and addressable security and privacy standards around patient medical records and other health information for covered entities.

Topics: Cyber Assurance Insights

Jun 28, 2018 9:30:00 AM

NIST for Cybersecurity: What You Need to Know About the Framework v1.1 Update

At the end of April, NIST released the v1.1 update to its Cybersecurity Framework (‘CSF’). (See our introduction to the Framework through our most recent blog article.) HORNE had the opportunity to attend the NIST update webinar last month. Below is a summary of the the latest updates to be considered by your organization if you currently utilize or plan to utilize the Cybersecurity Framework.

Topics: Cyber Assurance Insights

Jun 26, 2018 9:30:00 AM

NIST for Cybersecurity: Understanding the Framework

NIST Cybersecurity Framework (CSF) Overview The NIST Cybersecurity Framework is a cybersecurity risk management program developed with a focus on industries necessary to national and economic security, such as the energy, banking, communications and defense sectors. Due to its flexibility, however, both small and large companies have adopted the Framework across every industry sector, including federal, state and local governments.

Topics: Cyber Assurance Insights

Aug 10, 2017 10:00:00 AM

How Secure Are Your Vendors?

The spotlight on the topic of vendor management has been shining even brighter lately with a large number of data breaches resulting because of poor vendor processes. With vendors being a key reason for the success of companies in today’s economy, companies have a responsibility to ensure efficient processes are in place when contracting with and working daily with vendors. 

Topics: Cyber Assurance Insights

Jun 23, 2017 7:05:00 AM

Four Steps to Managing Vendor Security

Target. Home Depot. Wendys.  The stories of significant cyber breaches are in the headlines every day.  Board members and CEOs are growing more and more concerned about cyber risk management in their organization.  But most don’t realize that each of the three breaches listed above were linked to 3rd party service providers and business associates.

Topics: SOC for Cybersecurity, Cyber Assurance Insights

Jun 22, 2017 10:02:00 AM

Breaking Bank: Episode 3

Over the last several weeks we have witnessed the story of a Bank who thought that compliance was enough to keep their customer’s information and the Bank’s reputation secure.

Topics: Cyber Assurance Insights

Jun 1, 2017 10:03:00 AM

Breaking Bank: Episode 2

Last month we began the story of a very ambitious bank filled with well-intentioned individuals who love their jobs and want to see their customer’s information protected.

Topics: Cyber Assurance Insights

May 17, 2017 10:31:00 AM

Cyber SOC – What Board Members Need to Know

The AICPA has issued its much awaited standard on cyber security.  The new guidance, referred to as the “Cyber SOC,” allows CPA’s to audit a company’s cyber security.  In the past, organizations relied on various consultants, internal resources, and sometimes just plan luck, in identifying and mitigating cyber risks.

Topics: Cyber Assurance Insights, Cyber SOC

May 11, 2017 10:00:00 AM

Breaking Bank: Episode 1

I don’t know about you, but I’ve read a lot of content-filled, factually intense cybersecurity articles over the past few months. I’ve read so many that I begin hearing similar concepts without actually understanding how it impacts my clients specifically. For this reason, today I don’t want to spout off a bunch of information (as accurate as it may be) and tell you to go make sense of it, I would instead like to tell you a story. So sit back, relax, and enjoy the movie (cue Disney Castle scene)…

Topics: cybersecurity, Cyber Assurance Insights