Horne Cyber
Cyber Assurance Insights
Insights and resources for remaining compliant while also strengthening your cyber resilience.
- Filter:
How HIPAA Compliance Efforts May Impact Your Overall Security Posture
HIPAA security and privacy rule requires many resources for an organization to be compliant. Resources can be time consuming and often create operational issues and financial burden for covered entities....
Summary: Early Review of AICPA’s SOC for Supply Chain Criteria
A summary of the AICPA’s proposed Description Criteria for its SOC for Supply Chain Recently, the AICPA has released its exposure draft for the SOC for Supply Chain Description Criteria...
3 Data Governance Strategies for Financial Institutions
Read Time: 5 Minutes Data Governance is how we describe the processes and management of data in any given organization. This includes the processes around the protection and use of...
2018 SOC 2 Criteria and Positive Cybersecurity Impacts
How the AICPA’s 2018 SOC 2 Update can Positively Impact your Cybersecurity Model and Organization READ TIME: 2 minutes In January 2018, the AICPA released detailed guidance on its newest...
2018 in Review: HIPAA Violations
In 2018 there were various fines paid by healthcare organizations for failure to comply with the HIPAA security and privacy standards. Reviewing the trends of fines in 2018 can be...
HHS Finally Offers Cybersecurity Guidance to Healthcare Organizations
I’ve worked with healthcare organizations of all sizes for many years and questions are regularly asked about what the best controls framework is for building a cybersecurity program. Surprisingly, very...
SOC for Cybersecurity: Providing Board Members the Keys to the Castle
Earlier this year, the AICPA’s Center for Audit Quality (CAQ) released their Cybersecurity Risk Management Oversight: A Tool for Board Members. In this document are questions to help direct a...
Lessons Learned from SOC for Cybersecurity Readiness Assessments
During 2017, the AICPA issued a formal framework to allow independent accounting firms to attest to the cybersecurity related posture for companies. In connection with this issuance, firms are able...
NIST for Cybersecurity: What You Need to Know About the Framework v1.1 Update
At the end of April, NIST released the v1.1 update to its Cybersecurity Framework (‘CSF’). (See our introduction to the Framework through our most recent blog article.) HORNE had the...
NIST for Cybersecurity: Understanding the Framework
NIST Cybersecurity Framework (CSF) Overview The NIST Cybersecurity Framework is a cybersecurity risk management program developed with a focus on industries necessary to national and economic security, such as the...
Building the Audit of the Future: Diving Deeper into the Role of the Auditor
Last week in “Building the Audit of the Future: The Roles of Robots and Humans”, we talked about the technology pieces of the audit of the future and the need...
Building the Audit of the Future: The Roles of Robots and Humans
When most people think about the audit of the future they think about robots. Now, I don’t know about you but when I think about robots and the future I...
What You Need to Know About the SEC’s New Cyber Guidance
During the primetime of the 2017 10K filing season, the SEC issued additional guidance and expectations for cybersecurity disclosures. Cyber has been a hot topic for the SEC in the...
Providing Peace of Mind Around Your Law Firm's Data Security
Have you ever wondered why Amazon Web Services (AWS) is so focused on security? When you visit their compliance page, they have nearly every privacy and security badge available, noted...
6 Steps to NIST 800-171 Compliance
NIST 800-171 provides a framework for the protection of controlled, unclassified information (CUI). The framework is intended to provide guidance for nonfederal entities working with and accessing the data of...
How Secure Are Your Vendors?
The spotlight on the topic of vendor management has been shining even brighter lately with a large number of data breaches resulting because of poor vendor processes. With vendors being...
CMS May Want Their Money Back
The old adage ‘Money can make you do crazy things’ can easily be applied to both our personal and business lives. Within the healthcare industry, HITECH incentive payments were offered...
What You Need to Know About Cyber Regulations
Everyone hears about cyber risk, but not everyone is aware that that the federal government is taking steps to help protect public companies and investors from malicious hackers. Recently, the...
Better, Faster, Cheaper? What Audit Clients Should Expect from Next Generation Audits
The auditing profession is understandably shaken by the impact of automation on audit services. A substantial portion of what we as auditors do now as auditors can and will be...
Will the FDA Strengthen Cybersecurity Requirements for Medical Devices?
Earlier this year, the FDA released guidance for Postmarket Management of Cybersecurity in Medical Devices. While many agree that the recommendations will help guide developers and manufacturers, these are still "non-binding"...
Four Steps to Managing Vendor Security
Target. Home Depot. Wendys. The stories of significant cyber breaches are in the headlines every day. Board members and CEOs are growing more and more concerned about cyber risk management...
Breaking Bank: Episode 3
Over the last several weeks we have witnessed the story of a Bank who thought that compliance was enough to keep their customer’s information and the Bank’s reputation secure. However,...
Breaking Bank: Episode 2
Last month we began the story of a very ambitious bank filled with well-intentioned individuals who love their jobs and want to see their customer’s information protected. We were introduced...
Cybersecurity: Are You the Gazelle at the Back of the Herd?
In response to the headline breaches plaguing organizations across the globe, there have been numerous solutions and recommendations that have gained popularity in the fight to combat cyber-crime. New security...
Cyber SOC – What Board Members Need to Know
The AICPA has issued its much awaited standard on cyber security. The new guidance, referred to as the “Cyber SOC,” allows CPA’s to audit a company’s cyber security. In the...
President Trump's Cybersecurity Executive Order: What You Need to Know
Last weekend’s global cyber-attack shocked a lot of us due to its size, scope and impact. As news broke of the attack around the globe, each story was more concerning...
Breaking Bank: Episode 1
I don’t know about you, but I’ve read a lot of content-filled, factually intense cybersecurity articles over the past few months. I’ve read so many that I begin hearing similar...
SOC for Cybersecurity: What Does this Mean for Your Business?
The American Institute of Certified Public Accountants (AICPA) finalized the guidance for Systems and Organization Controls (SOC) for Cybersecurity reporting this week. This guidance gives organizations guidelines on how to...
Teamwork Makes the Dream Work
I grew up in Birmingham, Alabama and throughout my childhood I played a lot of sports. I played anything from basketball, to soccer, to pickup games of kickball and baseball...
SSAE 18 and Your Company's SOC 1 Audit
For the purposes of this article, we’ll be entirely focused on SOC 1. Look for future blogs related to the impact of SSAE 18 on your SOC 2 and 3...
Audit Risk in Penetration Tests: What You Should Know
Cyber risk is prevalent in almost every business today. Any business which has a web page, keeps information online, or uses the cloud is at risk for a cyber breach....
R.I.P. VCRs: Lessons in Disruption for the Audit Industry
I was shocked to learn the last VCR rolled off the assembly line in July 2016. I remember my family buying our first VCR – the magic of being able...
Vendor Management: Ignore at Your Own Risk
In this busy, ever changing business world, management has so many things to worry about that some key business responsibilities often get overlooked. One key area that is front and...
FFIEC Cybersecurity Assessment Tool Frequently Asked Questions
This past month the FFIEC issued a statement to provide clarification on several questions the FFIEC recieved for the Cybersecurity Assessment Tool (CAT). Since the release of the CAT and...
GAO Audit: Can We Learn From Their Mistakes
The old saying “if it ain't broke, don’t fix it” immediately came to mind as I began to look at the audit report from the Government Accountability Office regarding Federal Agency...
Under the Surface Cyber Risk
Part of my role as a Cyber Risk Analyst is to help companies think through their cybersecurity threats. Like most threats, they lie under the surface and most of the time remain unseen...
Where is Your Data? Why Performing a Data Inventory is Integral for Companies in this Digital Age
There’s no denying that the days of printed documents are a distant speck in the rearview. Industries are becoming much more reliant on automated systems and processes versus the manual...
AICPA Exposes Guidance for Cybersecurity Risk Management Examinations
The American Institute of Certified Public Accountants (AICPA) recently released two exposure drafts on criteria for cybersecurity. The first Proposed Description Criteria for Management's Description of an Entity's Cybersecurity Risk...
Alphabet Soup: Understanding the Qualifications of Risk Management Professionals
You’ve just gotten an email from a potential vendor looking to make a connection. In their signature, following their name is a list of five abbreviations, all intended to make...
How InTREx Changes Audits
On June 30th, 2016, the FDIC announced that the Information Technology Risk Examination (InTREx) Program would be replacing the existing Information Technology Risk Management Program (IT-RMP) effective July 1st, 2016....
4 Tips for Password Management
With the recent high-profile social media account hacks, it has become apparent that password management is a challenge for users that has not been adequately addressed. After all, if the...
Key Takeaways From the FFIEC Joint Statement on Cybersecurity
This past week the FFIEC issued a statement advising financial institutions to actively manage the risks associated with interbank messaging and wholesale payment networks. The FFIEC warned financial institutions to...
Data is the New Currency
It’s not if a breach will occur, it’s when. Where should you look for vulnerabilities? What should you do?
Cybersecurity Considerations For M&A
Investors must place a higher value on the cyber-resilience of a potential acquisition.