What You Need to Know From the Cybersecurity Act of 2015: Part One
January 19, 2016, Rick Link, Managing Director
On Dec. 18, 2015, President Obama signed into law an omnibus spending bill that included the Cybersecurity Act of 2015 (“The Act”). The Act was a compromise of cybersecurity information sharing bills that passed the House and Senate earlier in 2015. It creates a voluntary process for sharing cybersecurity information and is intended to encourage public- and private-sector entities to share cyber-threat information. The Act is controversial, as the active sharing of information between and among the Federal Government and private sector entities does not currently occur routinely or effectively.
PCI Council Gives Merchants Reprieve on PCI 3.1 Updates
January 07, 2016, Shawn Shifflett, Director, PCI Practice
The Payment Card Industry Security Standards Council (PCI SSC) released an update to its vulnerability standards and is giving merchants until June 2018 to migrate their security protocols, even though waiting is not recommended.
2016 Cybersecurity Predictions
December 10, 2015, Larry Jones, CEO
The lessons learned from this past year teach us that no one is immune to cyber threats. The sooner corporate boards and executives come to understand that cybersecurity breaches are a very real and pervasive threat; then the hard work can begin to take preemptive measures and prepare an appropriate response and recovery strategy.
Highlights from the HITRUST Health Industry Third Party Assurance Summit
November 19, 2015, Andrew Hicks, Healthcare and Life Sciences Practice Director
On June 29, 2015, the Health Information Trust Alliance (HITRUST) announced that several massive payer organizations, including Anthem, Health Care Services Corp., Highmark, Humana, and UnitedHealth Group will require their business associates to obtain CSF certification. While this is old news, HITRUST assembled more than 350 business-associate attendees at the “Health Industry Third Party Assurance Summit: Driving Efficiencies and Compliance through the HITRUST Assurance Program” last Friday as a way for business associates to (1) better understand the reasons for the mandate, (2) understand the journey to CSF certification, (3) interact with CSF Assessor organizations (such as Coalfire), and (4) learn about current initiatives underway at HITRUST.
The Ghosts Inside - Horror Stories 2015
October 26, 2015, Joseph Hesse, Director of Penetration Testing
By 8 p.m. the donuts from the previous day had gone stale, what was left of them anyway. There was the eerie feeling of spirits in the night mist tonight. It was late October and the chill was thick with Halloween. You could smell it in the haze. I consider myself quite tough, but when you are a ghost it’s always a little… spooky.