1.888.749.9800

jeff

  • Permalink Gallery

    Business Continuity Plans and Disaster Recovery Plans (Part 2)

Business Continuity Plans and Disaster Recovery Plans (Part 2)

Comprehensive business continuity and disaster recovery plans are must-haves for companies of all sizes that are dependent on their systems to run their businesses. In Part 2 on this topic, I discuss factors that have to be considered when building a plan.

Preparing for a disaster can be a daunting task, involving many factors. A company will have […]

By |August 2nd, 2018|Blog|Comments Off on Business Continuity Plans and Disaster Recovery Plans (Part 2)
  • Permalink Gallery

    Business Continuity Plans and Disaster Recovery Plans (Part 1)

Business Continuity Plans and Disaster Recovery Plans (Part 1)

Comprehensive business continuity and disaster recovery plans are must-haves for companies of all sizes that are dependent on their systems to run their businesses.

The definition of a disaster is anything that can impact the continuation of business operations. Most people think disasters would just include major weather events (snowstorms, hurricanes, flood, and tornadoes), fire, […]

By |July 30th, 2018|Blog|Comments Off on Business Continuity Plans and Disaster Recovery Plans (Part 1)

Managing IT Risk (Part 2)

Third Party Risk Management

Following up on my prior post Third Party Risk Management, (4/9/18), I’d like to share my recommendations to monitor and manage IT risk.

There are a number of Governance, Risk, and Compliance (GRC) tools available, ranging from the inexpensive to the extremely expensive. Small to medium size companies are generally […]

By |April 17th, 2018|Blog|Comments Off on Managing IT Risk (Part 2)

Managing IT Risk (Part 1)

Third Party Risk Management

Topping my list of information security risks for the coming year is third party risk management. Small to medium size companies do not have the workforce necessary to monitor the security posture of their technology service providers. To properly address the issue, a company will need to put the following in place and dedicate resources […]

By |April 9th, 2018|Blog|Comments Off on Managing IT Risk (Part 1)

Qualifying IT Security Risks

How should a small organization quantify risk when it comes to IT security?  

In my last post, I discussed how people with little or no IT security experience are often put in charge of IT security at small companies. I explained how they might approach telling their boss how things are going on the security […]

By |October 5th, 2017|Blog|Comments Off on Qualifying IT Security Risks

Tips to Maintain IT Security Equilibrium at a Small Company

Ask where somebody working in IT security at a small company got started, and there is a good chance it had nothing to do with IT security at all.

Considering the management infrastructure of the typical small organization, IT security is usually handed off to somebody who knows little about it, usually somebody from the IT […]

By |September 27th, 2017|Blog, Security Breach|Comments Off on Tips to Maintain IT Security Equilibrium at a Small Company

What Comes First, the 27001 or the 27002 ISO Standards?

There is something quirky about the 27000 series of standards published by the International Organization for Standardization (ISO).

Perhaps it is presented deliberately this way as a lesson in due diligence. Perhaps it is just a random error. But the standards are in the wrong numerical order. Judging from our interactions with company IT organizations, this […]

By |June 8th, 2017|Blog, ISO 27002|Comments Off on What Comes First, the 27001 or the 27002 ISO Standards?

Disaster Recovery & Cybersecurity

I’d like to share answers to questions recently asked about disaster recovery.

1. What advice would you give to tie cybersecurity protection and IT disaster recovery together for business continuity?

There are a number of activities performed by the IT operational group within an organization that deal with Disaster Recovery. They include performing data backups, using primary/backup datacenters, and […]

By |May 9th, 2017|Blog, Security Breach|Comments Off on Disaster Recovery & Cybersecurity

Addressing BitLocker and PCI-DSS 3.1 Usage

Inquiry: Earlier this month we received an email from Matthew Todd of Financial Engines, Inc. that said, “Back in 2011, Phil Cox (SystemExperts) wrote some guidance on using Windows BitLocker to meet PCI-DSS requirements. PCI-DSS has been updated since then, and I’m curious if SE has updated guidance.”

Response: Section 3.4.1 of […]

By |August 20th, 2015|Blog, PCI Compliance|Comments Off on Addressing BitLocker and PCI-DSS 3.1 Usage

Surviving a Breach

The Target breach is making many in the IT security field take a closer look at their company’s information security and compliance practices. I’d like to share here some of the questions and answers from a recent media interview looking at “How to Survive a Breach.”

1. Are most companies prepared for a cyber breach?

We find […]

By |August 28th, 2014|Blog, PCI Compliance, Penetration Testing|Comments Off on Surviving a Breach

Common Points of PCI Compliance Failure

With all the security issues facing businesses today, there has been an increase in articles offering advice on how to maintain security in this very challenging environment. The Payment Card Data Security Standard, a set of compliance regulations applying to every business that accepts, processes, stores or transmits credit card data, can be confusing. Daniel Humphries, managing editor of […]

By |June 3rd, 2014|Blog, PCI Compliance|Comments Off on Common Points of PCI Compliance Failure

Cloud GRC: Maintaining security and compliance in the cloud

I was recently interviewed by Christine Parizo, SearchCompliance (a TechTarget publication) for an article on how to maintain security and compliance during public and private cloud deployment. The article covers cloud data monitoring strategies as well as cloud data regulatory management best practices.  I found the questions Christine recommends asking cloud providers when evaluating their […]

By |May 18th, 2014|Blog|Comments Off on Cloud GRC: Maintaining security and compliance in the cloud
  • Permalink Gallery

    Accepting Credit Cards? PCI Compliance a Concern For Small Businesses

Accepting Credit Cards? PCI Compliance a Concern For Small Businesses

Preparing for a Payment Card Industry (PCI) audit requires merchants and service providers that store, process or transmit credit card data to have a detailed security assessment. The purpose of the assessment is to confirm that the merchant or service provider is handling card data in compliance with the Payment Card Industry Data Security Standards (PCI DSS).

By |March 21st, 2014|Blog, PCI Compliance|Comments Off on Accepting Credit Cards? PCI Compliance a Concern For Small Businesses

HIPAA audit preparation and compliance: BA effects on CEs

Preparing for a HIPAA assessment can be a daunting task – one that that can cost companies significant sums in consulting and auditing fees. During a recent interview with Nicole Freeman from HealthITSecurity, I offered  the following five tips to prepare for a HIPAA assessment.

1.  Identify all of your business and client data that falls under […]

By |March 19th, 2014|Blog, HIPAA Compliance|Comments Off on HIPAA audit preparation and compliance: BA effects on CEs
  • Permalink Gallery

    What are the essential questions a business owner should ask a cyber security consultant?

What are the essential questions a business owner should ask a cyber security consultant?

Five key questions you need to ask before you sign a contract with a Cyber Security consultant.

Before you sign on a Cyber Security consultant we recommend asking the following questions to make sure they are “truly knowledgeable” or whether they are going to use the engagement as a “learning experience.”

1. What are the legal and/or regulatory […]

By |February 25th, 2014|Blog|Comments Off on What are the essential questions a business owner should ask a cyber security consultant?