The Future of Healthcare Cybersecurity: The Best Defense is a Good Offense
March 20, 2015, Andrew Hicks, Director, Healthcare Practice Lead
In the last five years with the increasing digitalization of health information, healthcare security breaches have increased four-fold with the industry experiencing more breaches than any other in 2013. With a large number of potential targets and the high value of personal medical information on the black market, healthcare organizations will continue to be more appealing targets.
COSO Framework for Service Organizations and SOC Reporting (Part 2 of 3)
March 06, 2015, Jamie Kilcoyne, Managing Director Coalfire Controls
Every SOC report (whether it is a SOC 1, SOC 2 or SOC 3) should include information about the service organization’s risk assessment process. Risk assessment can take many forms and there is no “one size fits all” format. Risk assessment is intended to be an evolutionary process, designed to meet the specific needs of individual companies.
COSO Framework for Service Organizations and SOC Reporting (Part 1 of 3)
February 24, 2015, Jamie Kilcoyne, Managing Director Coalfire Controls
One of the most important reference tools that companies use to establish and evaluate their internal controls is the Committee of Sponsoring Organizations' (COSO) Internal Control - Integrated Framework. Initially published in 1992 (the 1992 Framework), the COSO framework has been the most widely used model for internal control for the past 20 years.
What does PCI DSS 3.1 and PA-DSS 3.1 mean for you and your organization
February 19, 2015, Matt Getzelman, PCI Practice Director
In the wake of the POODLE vulnerability identified by NIST and subsequent attacks, the PCI SSC has announced its intent to release the first revision of the PCI DSS 3.0 and PA-DSS 3.0 standards. The PCI DSS 3.1 and PA-DSS 3.1 standards will indicate that the SSL v3.0 protocol no longer meets the PCI SSC’s definition of “Strong Encryption” and this will have immediate impact to several existing requirements. However, one key point from the announcement should be highlighted:
Emerging Payment Technologies and Due Diligence: A Warning about “Silver Bullets”
February 09, 2015, Matt Getzelman, PCI Practice Director
2015 will be an exciting year for the payments industry, especially for merchants that now have a number of new payment technologies at their disposal. Emerging payment technologies such as Point-to-Point-Encryption (P2PE), Tokenization, EMV/Chip and Signature and Mobile Payment Acceptance are hitting the market globally and all of them can help reduce the risk of cardholder data compromise as well as potentially impact the compliance posture of merchants that choose to adopt them.