Horne Cyber
Cyber Assurance Insights
Insights and resources for remaining compliant while also strengthening your cyber resilience.
- Filter:
OCR Proposed Changes to HIPAA Privacy Rule Part 2
Introduction In January 2021, the Office of Civil Rights (OCR) published its proposed Modifications to the HIPAA Privacy Rule to Empower Individuals, Improve Coordinated Care, and Reduce Regulatory Burdens, and...
OCR Proposed Changes to HIPAA Privacy Rule Part 1
Introduction In January 2021, the Office of Civil Rights (OCR) published its proposed Modifications to the HIPAA Privacy Rule to Empower Individuals, Improve Coordinated Care, and Reduce Regulatory Burdens, and...
A Tactical Crisis Response to Healthcare Cybersecurity
Introduction In May the Health Sector Coordinating Council (HSCC) and the Health Information Sharing and Analysis Center (H-ISAC) collectively created a tactical guide for how healthcare organizations can manage their...
Cloud Computing & Risk Management: A Review of the FFIEC's Recent Statement
Out of sight out of mind feels pretty good, doesn’t it? Especially with not only is it out of sight, it is off the ground. Your organization’s data is so...
Pt. 6: A Readiness Roadmap to the CMMC Level 5
In our previous blog, we discussed the purpose of Level 4 and the requirements that potential contractors will need to meet for Level 4. As we continue along the maturity...
COVID-19 Impacts on HIPAA: Maintaining Security and Privacy for Your Organization
COVID-19 has changed the HIPAA landscape in the short term, and some of these changes will undoubtedly echo long after the pandemic has ended. We’ve summarized the latest changes and...
Pt. 5: 7 Tips for Achieving CMMC Level 4 Readiness
In our previous blog, we discussed the purpose of Level 3 and the requirements that potential contractors will need to meet to achieve Level 3 readiness. As we continue along...
3 Simple Ways to Test Your Business Continuity Disaster Recovery Plan
There are numerous resources that provide the means for developing a business continuity plan. These include the achievement of such activities as team formation, business impact analysis, evaluation of legal...
COVID-19 and Maintaining the Integrity of Your Information Security Policy
Remote Work and Information Security Policy Exceptions There is a well-known metric included in risk assessments known as the Annualized Rate of Occurrence, or ARO. Risk events have varying AROs...
5 Policies Critical for Maintaining Security Standards During Pandemic
As businesses continue to work from home in an effort to flatten the curve during the COVID-19 pandemic, it is critical to have effective policies in place. More importantly, your...
Pt. 4: 6 Pitfalls to Avoid in CMMC Level 3
In our previous blog, we discussed the purpose of Level 2 and the requirements that potential contractors will need to meet to achieve readiness for Level 2. As we build...
Pt. 3: Level 2, A Readiness Roadmap to the Cybersecurity Maturity Model Certification
In our previous blog, we discussed the purpose of the Cybersecurity Maturity Model Certification (CMMC) and the requirements potential contractors will need to meet to achieve compliance with Level 1....
Pt. 2: Level 1, A Readiness Roadmap to the Cybersecurity Maturity Model Certification
In our previous blog, we discussed what it is going to take to achieve readiness for the Cybersecurity Maturity Model Certification (CMMC). Potential contractors should determine target contracts, identify and...
A Readiness Roadmap to the Cybersecurity Maturity Model Certification
In our previous blog, we discussed the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S))’s upcoming roll out of approximately 10 large contracts which will require...
NIST’s Privacy Framework: An Enterprise-Wide Approach to Protecting Individual Privacy
Framework Overview In January, NIST launched version 1.0 of its Privacy Framework - a voluntary tool to help companies identify and manage their products and services while protecting their customers’...
Friday Brief: How Contractors can Prepare for Upcoming CMMC Requirements
What is the CMMC? Earlier this year, the DoD announced a new standard for cybersecurity certification of its contractors and sub-contractors. The standard is known as Cybersecurity Maturity Model Certification...
XaaS, Part 2: Infrastructure as a Service (IaaS)
Getting Started with IaaS As a businessperson, deciding whether to deploy an aspect of your business to the cloud can be an ordeal, especially if cloud computing discussions are not...
XaaS, Part 1: Demystifying "The Cloud"
Laying the Foundation Cloud computing is here to stay, and businesses of all sizes are strategizing to catch up and keep up. In this multi-part series, we will demystify cloud...
Early Review of AICPA’s SOC for Supply Chain Criteria Pt. 2
Part 2 of 2 in our deep dive into the AICPA’s proposed Description Criteria for its new SOC Suite of Services, SOC for Supply Chain This is our final blog...
Early Review of AICPA’s SOC for Supply Chain Criteria Pt. 1
Part 1 of 2 in a deep dive into the AICPA’s proposed Description Criteria for its new SOC Suite of Services, SOC for Supply Chain Recently, the AICPA has released...
How HIPAA Compliance Efforts May Impact Your Overall Security Posture
HIPAA security and privacy rule requires many resources for an organization to be compliant. Resources can be time consuming and often create operational issues and financial burden for covered entities....
Summary: Early Review of AICPA’s SOC for Supply Chain Criteria
A summary of the AICPA’s proposed Description Criteria for its SOC for Supply Chain Recently, the AICPA has released its exposure draft for the SOC for Supply Chain Description Criteria...
3 Data Governance Strategies for Financial Institutions
Read Time: 5 Minutes Data Governance is how we describe the processes and management of data in any given organization. This includes the processes around the protection and use of...
2018 SOC 2 Criteria and Positive Cybersecurity Impacts
How the AICPA’s 2018 SOC 2 Update can Positively Impact your Cybersecurity Model and Organization READ TIME: 2 minutes In January 2018, the AICPA released detailed guidance on its newest...
2018 in Review: HIPAA Violations
In 2018 there were various fines paid by healthcare organizations for failure to comply with the HIPAA security and privacy standards. Reviewing the trends of fines in 2018 can be...
HHS Finally Offers Cybersecurity Guidance to Healthcare Organizations
I’ve worked with healthcare organizations of all sizes for many years and questions are regularly asked about what the best controls framework is for building a cybersecurity program. Surprisingly, very...
SOC for Cybersecurity: Providing Board Members the Keys to the Castle
Earlier this year, the AICPA’s Center for Audit Quality (CAQ) released their Cybersecurity Risk Management Oversight: A Tool for Board Members. In this document are questions to help direct a...
Lessons Learned from SOC for Cybersecurity Readiness Assessments
During 2017, the AICPA issued a formal framework to allow independent accounting firms to attest to the cybersecurity related posture for companies. In connection with this issuance, firms are able...
NIST for Cybersecurity: What You Need to Know About the Framework v1.1 Update
At the end of April, NIST released the v1.1 update to its Cybersecurity Framework (‘CSF’). (See our introduction to the Framework through our most recent blog article.) HORNE had the...
NIST for Cybersecurity: Understanding the Framework
NIST Cybersecurity Framework (CSF) Overview The NIST Cybersecurity Framework is a cybersecurity risk management program developed with a focus on industries necessary to national and economic security, such as the...
Building the Audit of the Future: Diving Deeper into the Role of the Auditor
Last week in “Building the Audit of the Future: The Roles of Robots and Humans”, we talked about the technology pieces of the audit of the future and the need...
Building the Audit of the Future: The Roles of Robots and Humans
When most people think about the audit of the future they think about robots. Now, I don’t know about you but when I think about robots and the future I...
What You Need to Know About the SEC’s New Cyber Guidance
During the primetime of the 2017 10K filing season, the SEC issued additional guidance and expectations for cybersecurity disclosures. Cyber has been a hot topic for the SEC in the...
Providing Peace of Mind Around Your Law Firm's Data Security
Have you ever wondered why Amazon Web Services (AWS) is so focused on security? When you visit their compliance page, they have nearly every privacy and security badge available, noted...
6 Steps to NIST 800-171 Compliance
NIST 800-171 provides a framework for the protection of controlled, unclassified information (CUI). The framework is intended to provide guidance for nonfederal entities working with and accessing the data of...
How Secure Are Your Vendors?
The spotlight on the topic of vendor management has been shining even brighter lately with a large number of data breaches resulting because of poor vendor processes. With vendors being...
CMS May Want Their Money Back
The old adage ‘Money can make you do crazy things’ can easily be applied to both our personal and business lives. Within the healthcare industry, HITECH incentive payments were offered...
What You Need to Know About Cyber Regulations
Everyone hears about cyber risk, but not everyone is aware that that the federal government is taking steps to help protect public companies and investors from malicious hackers. Recently, the...
Better, Faster, Cheaper? What Audit Clients Should Expect from Next Generation Audits
The auditing profession is understandably shaken by the impact of automation on audit services. A substantial portion of what we as auditors do now as auditors can and will be...
Will the FDA Strengthen Cybersecurity Requirements for Medical Devices?
Earlier this year, the FDA released guidance for Postmarket Management of Cybersecurity in Medical Devices. While many agree that the recommendations will help guide developers and manufacturers, these are still "non-binding"...
Four Steps to Managing Vendor Security
Target. Home Depot. Wendys. The stories of significant cyber breaches are in the headlines every day. Board members and CEOs are growing more and more concerned about cyber risk management...
Breaking Bank: Episode 3
Over the last several weeks we have witnessed the story of a Bank who thought that compliance was enough to keep their customer’s information and the Bank’s reputation secure. However,...
Breaking Bank: Episode 2
Last month we began the story of a very ambitious bank filled with well-intentioned individuals who love their jobs and want to see their customer’s information protected. We were introduced...
Cybersecurity: Are You the Gazelle at the Back of the Herd?
In response to the headline breaches plaguing organizations across the globe, there have been numerous solutions and recommendations that have gained popularity in the fight to combat cyber-crime. New security...
Cyber SOC – What Board Members Need to Know
The AICPA has issued its much awaited standard on cyber security. The new guidance, referred to as the “Cyber SOC,” allows CPA’s to audit a company’s cyber security. In the...
President Trump's Cybersecurity Executive Order: What You Need to Know
Last weekend’s global cyber-attack shocked a lot of us due to its size, scope and impact. As news broke of the attack around the globe, each story was more concerning...
Data is the New Currency
It’s not if a breach will occur, it’s when. Where should you look for vulnerabilities? What should you do?
Cybersecurity Considerations For M&A
Investors must place a higher value on the cyber-resilience of a potential acquisition.