Compliance mistakes can be costly. Very costly. The fines associated with non-compliance and/or data breaches are stiff and punishing in multiple ways. Sarah Morris of KirkpatrickPrice, our auditor, kindly put together this list of five key compliance mistakes. At AISN, we urge you to be proactive about compliance and security and understand how to avoid … Read more
When it comes to CFPB vendor compliance, companies must “oversee” their vendors “in a manner that ensures compliance with Federal consumer financial law…The CFPB’s exercise of its supervisory and enforcement authority will closely reflect this orientation and emphasis,” according to the Consumer Financial Protection Bureau’s CFPB Bulletin 2012-3. An effective risk management strategy includes the … Read more
Users of popular social media sites may not realize the potential risks to which they expose themselves while using and participating in social networking. Most users develop a “dangerous level of assumed trust” with other users of these sites, regardless of whether or not they have actually verified their identities. This is why it is a good … Read more
Today, I’d like to talk a little about hospital network security and point to a story about a hospital incident in which three key principles of hospital network security are illustrated. As you may know, technical controls are sometimes illustrated with physical descriptions in order to help the non-technical person understand the concept. A firewall, … Read more
It’s one thing to suffer one data breach – there is room to recover. Will Anthem survive a second breach? Don’t let this happen to you. With the Anthem breach still on the forefront of everyone’s minds, as well as the upcoming supervision from the OCR and the new phase of HIPAA audits, we have put … Read more
Common PCI compliance gaps? You bet! We can identify 15 of them. The need for enhanced security is becoming more and more obvious every day. As the security landscape changes, the threats to our sensitive data become more serious, and as a result, the controls that we put in place have become stronger. We see a … Read more
The recent Anthem breach is potentially the largest data breach to date in the healthcare space. When your CEO or your largest clients ask you what your plan is to prevent the same from happening to you, what are you going to tell them? Safeguarding Personally Identifiable Information (PII) is essential for avoiding a data … Read more
In light of the recent news of the data breach at Anthem Blue Cross/Blue Shield, risk assessment is our theme today. We welcome this guest post from our partner, KirkpatrickPrice…. Performing a Risk Assessment is a critical component of any Information Security Program. It’s mandated by several frameworks (SSAE 16, SOC 2, PCI DSS, … Read more
If information security trends from last year are at all telling, 2015 will be a very important year to pay close attention to the security of your sensitive data. Here are 5 Security Tips to keep in mind when protecting yourself and your organization in 2015. Cybersecurity – Organized crime in the 21st century has a … Read more
Are you effectively gathering and making use of compliance-related data? What kind of story is your data saying about your organization? Ask yourself the following questions: How are you currently measuring and reporting on complaint data? Do you have the ability to demonstrate trends by month, quarter, response time, or complaint category? What is your monthly … Read more