Ask A-LIGN’s Experienced Assessors: HITRUST

Because of the unique challenges facing the healthcare industry, companies are considering their options to mitigate and manage their risk. HITRUST offers a framework that allows for consistent implementation of the HIPAA requirements, but generates many questions that need to be answered. Below are a few frequently asked questions that A-LIGN Partner, Gene Geiger, answers […]

Read More

Revision in MasterCard’s Cardholder Obligations: Does It Affect You?

MasterCard has revised its Standards to allow for collection agents to accept signature debit cards in the US. This revision is effective immediately and will be reflected in upcoming versions of MasterCard Rules. This change does not affect MasterCard’s credit transaction rules, and those transactions will remain prohibited as satisfactory payment for uncollectable obligations. The […]

Read More

Phase 2 of the HIPAA Audit Program Launches

Author: Gene Geiger, CPA, CISSP, CCSK, QSA, PCIP, ISO 27k LA, and Partner at A-LIGN. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced Phase 2 of the HIPAA Audit Program. Every covered entity and business associate will be eligible to be audited. Organizations will be identified by OCR […]

Read More

Common ISO 27001 Pitfalls

We want to ensure that your organization does not fall victim to these common ISO 27001 pitfalls so that your information security management system (ISMS) continues to operate as designed and subsequent audits flow smoothly. Becoming ISO 27001 certified is a rigorous process for most organizations but the work should not stop after receiving the […]

Read More

Strengthening the Cloud: ISO 27017 and ISO 27018

As the global usage of cloud technology continues to grow, businesses must strategically consider the risk of storing protected information and explore security options in order to protect their information systems. There are multiple security standards for cloud services providers and users to utilize in order to secure the cloud-based environment and minimize potential risk […]

Read More

More Passwords, More Problems: A Look into Biometric Authentication

What’s your password? Studies show that you likely use more than 15 different passwords, but more than half of you admit to using a weak password. So how do companies fare with inconsistent password usage and standardization? Even companies with incredible security practices can become vulnerable due to a forgetful employee who leaves their password on a […]

Read More

The New Standard: PCI DSS 3.1

On April 15, 2015, The PCI Security Standards Council published the PCI DSS Version 3.1.  Within the update, there were 3 types of changes that were noted.  They included: Clarifications: Clarifies the intents of the requirements.  Additional Guidance: Explanations with the purpose of providing further information on the requirements. Evolving Requirement: Changes to the requirements […]

Read More

Relevant Audit Selection for Cloud Providers

Just as in physical storage, cloud service providers are used to store sensitive data.  This can be anything from credit card information to personal information such as social security numbers.  There are three key cloud services:  Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).  The storage of […]

Read More

The State of Cybersecurity: How to Prepare For 2015

2014 was a cybersecurity eye opener for all individuals using technology.  The public and many corporations had to personally face the repercussions of the cybersecurity weaknesses throughout all technology.  The whole world was watching this year as cyber-attacks hit one after the other, arguably the worst cybersecurity incident happening in November to Sony Pictures Entertainment.  […]

Read More

FedRAMP Releases Updated Logo & FedRAMP Forward

  FedRAMPSM has released their newly redesigned logo in coordination with the release of “FedRAMP Forward: 2 Year Priorities.”  FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services.  

Read More