Insights and resources for remaining compliant while also strengthening your cyber resilience.
Introduction In January 2021, the Office of Civil Rights (OCR) published its proposed Modifications to the HIPAA Privacy Rule to Empower Individuals, Improve Coordinated Care, and Reduce Regulatory Burdens, and...
Introduction In January 2021, the Office of Civil Rights (OCR) published its proposed Modifications to the HIPAA Privacy Rule to Empower Individuals, Improve Coordinated Care, and Reduce Regulatory Burdens, and...
Introduction In May the Health Sector Coordinating Council (HSCC) and the Health Information Sharing and Analysis Center (H-ISAC) collectively created a tactical guide for how healthcare organizations can manage their...
Out of sight out of mind feels pretty good, doesn’t it? Especially with not only is it out of sight, it is off the ground. Your organization’s data is so...
In our previous blog, we discussed the purpose of Level 4 and the requirements that potential contractors will need to meet for Level 4. As we continue along the maturity...
COVID-19 has changed the HIPAA landscape in the short term, and some of these changes will undoubtedly echo long after the pandemic has ended. We’ve summarized the latest changes and...
In our previous blog, we discussed the purpose of Level 3 and the requirements that potential contractors will need to meet to achieve Level 3 readiness. As we continue along...
There are numerous resources that provide the means for developing a business continuity plan. These include the achievement of such activities as team formation, business impact analysis, evaluation of legal...
Remote Work and Information Security Policy Exceptions There is a well-known metric included in risk assessments known as the Annualized Rate of Occurrence, or ARO. Risk events have varying AROs...
As businesses continue to work from home in an effort to flatten the curve during the COVID-19 pandemic, it is critical to have effective policies in place. More importantly, your...
In our previous blog, we discussed the purpose of Level 2 and the requirements that potential contractors will need to meet to achieve readiness for Level 2. As we build...
In our previous blog, we discussed the purpose of the Cybersecurity Maturity Model Certification (CMMC) and the requirements potential contractors will need to meet to achieve compliance with Level 1....
In our previous blog, we discussed what it is going to take to achieve readiness for the Cybersecurity Maturity Model Certification (CMMC). Potential contractors should determine target contracts, identify and...
In our previous blog, we discussed the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S))’s upcoming roll out of approximately 10 large contracts which will require...
Framework Overview In January, NIST launched version 1.0 of its Privacy Framework - a voluntary tool to help companies identify and manage their products and services while protecting their customers’...
What is the CMMC? Earlier this year, the DoD announced a new standard for cybersecurity certification of its contractors and sub-contractors. The standard is known as Cybersecurity Maturity Model Certification...
Getting Started with IaaS As a businessperson, deciding whether to deploy an aspect of your business to the cloud can be an ordeal, especially if cloud computing discussions are not...
Laying the Foundation Cloud computing is here to stay, and businesses of all sizes are strategizing to catch up and keep up. In this multi-part series, we will demystify cloud...
Part 2 of 2 in our deep dive into the AICPA’s proposed Description Criteria for its new SOC Suite of Services, SOC for Supply Chain This is our final blog...
Part 1 of 2 in a deep dive into the AICPA’s proposed Description Criteria for its new SOC Suite of Services, SOC for Supply Chain Recently, the AICPA has released...
HIPAA security and privacy rule requires many resources for an organization to be compliant. Resources can be time consuming and often create operational issues and financial burden for covered entities....
A summary of the AICPA’s proposed Description Criteria for its SOC for Supply Chain Recently, the AICPA has released its exposure draft for the SOC for Supply Chain Description Criteria...
Read Time: 5 Minutes Data Governance is how we describe the processes and management of data in any given organization. This includes the processes around the protection and use of...
How the AICPA’s 2018 SOC 2 Update can Positively Impact your Cybersecurity Model and Organization READ TIME: 2 minutes In January 2018, the AICPA released detailed guidance on its newest...
In 2018 there were various fines paid by healthcare organizations for failure to comply with the HIPAA security and privacy standards. Reviewing the trends of fines in 2018 can be...
I’ve worked with healthcare organizations of all sizes for many years and questions are regularly asked about what the best controls framework is for building a cybersecurity program. Surprisingly, very...
Earlier this year, the AICPA’s Center for Audit Quality (CAQ) released their Cybersecurity Risk Management Oversight: A Tool for Board Members. In this document are questions to help direct a...
During 2017, the AICPA issued a formal framework to allow independent accounting firms to attest to the cybersecurity related posture for companies. In connection with this issuance, firms are able...
At the end of April, NIST released the v1.1 update to its Cybersecurity Framework (‘CSF’). (See our introduction to the Framework through our most recent blog article.) HORNE had the...
NIST Cybersecurity Framework (CSF) Overview The NIST Cybersecurity Framework is a cybersecurity risk management program developed with a focus on industries necessary to national and economic security, such as the...
Last week in “Building the Audit of the Future: The Roles of Robots and Humans”, we talked about the technology pieces of the audit of the future and the need...
When most people think about the audit of the future they think about robots. Now, I don’t know about you but when I think about robots and the future I...
During the primetime of the 2017 10K filing season, the SEC issued additional guidance and expectations for cybersecurity disclosures. Cyber has been a hot topic for the SEC in the...
Have you ever wondered why Amazon Web Services (AWS) is so focused on security? When you visit their compliance page, they have nearly every privacy and security badge available, noted...
NIST 800-171 provides a framework for the protection of controlled, unclassified information (CUI). The framework is intended to provide guidance for nonfederal entities working with and accessing the data of...
The spotlight on the topic of vendor management has been shining even brighter lately with a large number of data breaches resulting because of poor vendor processes. With vendors being...
The old adage ‘Money can make you do crazy things’ can easily be applied to both our personal and business lives. Within the healthcare industry, HITECH incentive payments were offered...
Everyone hears about cyber risk, but not everyone is aware that that the federal government is taking steps to help protect public companies and investors from malicious hackers. Recently, the...
The auditing profession is understandably shaken by the impact of automation on audit services. A substantial portion of what we as auditors do now as auditors can and will be...
Earlier this year, the FDA released guidance for Postmarket Management of Cybersecurity in Medical Devices. While many agree that the recommendations will help guide developers and manufacturers, these are still "non-binding"...
Target. Home Depot. Wendys. The stories of significant cyber breaches are in the headlines every day. Board members and CEOs are growing more and more concerned about cyber risk management...
Over the last several weeks we have witnessed the story of a Bank who thought that compliance was enough to keep their customer’s information and the Bank’s reputation secure. However,...
Last month we began the story of a very ambitious bank filled with well-intentioned individuals who love their jobs and want to see their customer’s information protected. We were introduced...
In response to the headline breaches plaguing organizations across the globe, there have been numerous solutions and recommendations that have gained popularity in the fight to combat cyber-crime. New security...
The AICPA has issued its much awaited standard on cyber security. The new guidance, referred to as the “Cyber SOC,” allows CPA’s to audit a company’s cyber security. In the...
Last weekend’s global cyber-attack shocked a lot of us due to its size, scope and impact. As news broke of the attack around the globe, each story was more concerning...
It’s not if a breach will occur, it’s when. Where should you look for vulnerabilities? What should you do?
Investors must place a higher value on the cyber-resilience of a potential acquisition.