Home / 2016 / March

Month: March 2016

Does HIPAA Require Encryption?

One of the most common questions I have fielded in the past two years is, does HIPAA require encryption? The good news is that the answer is simple, yes, encryption is an addressable item under HIPAA. However, that is not the end of the story nor are the answer(s) to surrounding questions as simple as the yes or no. Let’s explore what we have to consider. Data Primer: Before you can even ask...
Read More

ASV, QSA, PCI-DSS and other Credit Card Acronyms that Make a Head Spin

Does your company take credit cards? Have you been confronted by your bank or card processor to complete a PCI-DSS SAQ and determine if you need an ASV or an audit by a QSA? If you have, don't worry. Many have and can't tell heads nor tails of what all of this means. The purpose of this little blog post is to simply define these things. Future posts will dive into each and why they exist. What ...
Read More

DDoS Protection is Hot

DDoS, is a hot concern right now across the IT and security sector. I can tell this by the number of inquiries to my consulting business, discussions on social media and the number of vendor contacts I am getting. What is DDoS? DDoS, or Distributed Denial of Service is the evil cousin of a Denial of Service (DoS) attack. Both have a single purpose, to annoy you and bring your site or service...
Read More

Heads will Roll… Really? And Should They?

In an article dated February 29th,  2016 CYBERCOM Chief Mike Rogers "...warned that more corporate heads will roll as companies continue to overlook security holes."  (Link) The article goes on to describe how Adm. Rogers "grew up in a culture of personal responsibility for failure. When a ship experiences "an issue,” the “commanding officer has ultimate accountability,” he said. “It doesn't matte...
Read More