04
Feb
Feb
Streamline Compliance with the Digital Operational Resilience Act (DORA). Save thousands building and documenting a cyber program.
Tag Archives: third-party security policy
22
Jan
Jan
Streamline Compliance with the Digital Operational Resilience Act (DORA). Save thousands building and documenting a cyber program.
HIPAA-HiTECH Compliance, third-party security policies, Vendor Risk Management
Healthcare Cyber Resilience: Third Party Cyber Risk Management
13
Aug
Aug
As the result of several recent cyber attacks on the healthcare supply chain, the American Hospital Association (AHA) and Health Information Sharing and Analysis Center (H-ISAC) issued a joint warning for healthcare organizations to increase focus of third-party security. For organizations that are already short on resources and staff, adding Vendor Risk Management process can […]
We often speak to businesses struggling to pass a cyber security assessment from one of their key clients. The business has received a huge spreadsheet with 100+ cyber security questions, many of which they have no idea how to answer. If they don’t “pass” the assessment, they may lose the client entirely. Sometimes it is […]
Houston, Texas – Information Shield today announced that their latest information security product – ComplianceShield – can be used by clients to save time and money addressing security requirements from the Securities and Exchange Commission (SEC.) Since the SEC originally established requirements for protecting sensitive financial information, it has increased focus on the cyber security […]
Assessing the risk of third-party vendors has been a growing problem for compliance management. Because of the growing number of data breaches related to third-parties, regulators have been focusing on the inherent risks of outsourcing. Within the financial services industry, this has long been accomplished via a SAS70 (now SSAE16) type audit. Within the U.S. [...]
The Privacy Rights Clearinghouse recently released their review of what they call the most significant data breaches of 2011. Even if you have read about each of these incidents before, they are worth reading again in summary form. What is perhaps most striking is how the most basic security policies and procedures are often the […]
Security policies are generalized requirements that must be written down and communicated to certain groups of people inside, and in some cases, outside the organization. For example, a more general Internet Acceptable Use Policy covering the acceptable use of electronic mail would need to be read by every person with access to electronic mail. A […]
Never Say Never: In the absence of further information, written information security policies are by default generally considered information that is "for internal use only" or "restricted." There are many good reasons to refuse to release information security policies to outsiders. But the trend these days is towards greater transparency, greater accountability, and a more [...]
In July 2007, several contractors of Los Alamos National Laboratory were fined a total of $3.3 million for failing to adequately protect data as required in their contracts. The Department of Energy (DOE) initiated formal enforcement actions against specific current and former contractors, the reports said that investigations revealed that the contractors failed to prevent […]