Security Risk Management – Professional Penetration Testing by World-Class Experts

Fighting Back Against Ransomware

March 29, 2016
Redspin
Breaches, Healthcare Security, HIPAA, Incident Response, Penetration Testing, Security Risk Management, Social Engineering
0 Comments

Ransomware is not a new cybersecurity threat; it has been around for over a decade. But the growing sophistication of this malicious scheme and increasing frequency of attacks have security professionals and law enforcement concerned. In 2015, the FBI issued…

What Do 60 Minutes and the NSA Have in Common?

On November 20th, Adm. Michael Rogers, Deputy Director of the NSA and head of the US Cyber Command, testified before the House Intelligence Committee that China and "one or two other countries" had the capability to launch cyber attacks on the U.S. that could shut down the electrical grid and other critical infrastructure systems.

Helpful Reminders About HIPAA Security Risk Analysis

October 21, 2014
Redspin
Healthcare Security, HIPAA, Main, Security Risk Management
1 Comment

If protecting the integrity of patient health care information were not already sufficient incentive to improve IT security, being HIPAA compliant has perks.

4 Things You Should Know About Social Engineering

October 16, 2014
Redspin
Security Risk Management, Social Engineering
0 Comments

The biggest social engineering threat to organizations is not a specific type of scam, but a general lack of employee awareness.

The Risks of a HIPAA Security Risk Analysis

July 8, 2014
Redspin
Healthcare Security, HIPAA, Main, Security Risk Management
1 Comment

The risk of a HIPAA risk analysis is in not selecting the right team for the job.

Why Risk an Incomplete HIPAA Risk Assessment?

February 27, 2014
Redspin
Healthcare Security, HIPAA, Main, Security Risk Management
1 Comment

Covered entities and their business associates must conduct periodic HIPAA risk assessments (aka: HIPAA risk analysis) under the HIPAA Security Rule and Omnibus Final Rule. For eligible covered entities, a HIPAA risk assessment is also a core requirement of their…

The Biggest Oversight in HIPAA Security Risk Assessments – Security!

January 23, 2014
Redspin
Healthcare Security, HIPAA, Main, Security Risk Management
0 Comments

There are many HIPAA consultants, law firms, software companies, cloud service providers, and others who will happily provide you with a quote for a HIPAA security risk analysis. Neither the HIPAA Security Rule nor the respective references in Meaningful Use…

The ROI of Business Associate Security Risk Management

November 28, 2012
Redspin
Healthcare Security, HIPAA, Main, Security Risk Management
0 Comments

Redspin now offers a Business Associate Risk Analysis service that helps hospitals and other covered entities understand where their highest BA risk lies so that they can take preventive measures and/or implement contingency plans to mitigate that risk.

HIPAA Enforcement Heats Up in the Coldest State

June 27, 2012
Redspin
Healthcare Security, HIPAA, Main, Security Risk Management
0 Comments

This is a painful illustration of the both the seriousness of protecting patient health data and the challenges that healthcare organizations face in comprehensively addressing IT security risk.

The First Step In Cyber Insurance: Know Your Risk And What You’re Insuring Against.

June 5, 2012
Redspin
Breaches, Healthcare Security, HIPAA, Main, Security Risk Management
0 Comments

Cyber insurance provides an opportunity to address residual risk in your information security program to offset the costs due to a data breach of ePHI. However, individuals polices, coverage and exclusions are highly variable, so just like any security control it's important to understand your security risk profile before an appropriate security insurance policy can be defined. An assessment, such as a HIPAA Security Risk Analysis should be the first step in any insurance policy strategy. Here's why: A) You'll have to do it anyway, B) The safest approach is to avoid a breach in the first place, C) Your risk profile will enable a better tailored policy.

IT Security Blog