Episode 1 – Who is HITRUST & What is the HITRUST CSF?

by Joseph Kirkpatrick / December 22, 2022

Have you been asked by a top client to become HITRUST CSF certified? Are you looking for a better way to demonstrate compliance with HIPAA laws? What exactly is HITRUST and how does it apply to your organization? KirkpatrickPrice is an approved HITRUST CSF Assessor, prepared to help Business Associates understand who HITRUST is, what the HITRUST CSF is, and how you can apply HITRUST CSF certification to your organization.…

Navigating the HITRUST CSF

by Sarah Harvey / February 20, 2023

In this webinar, Jessie Skibbe discusses one of the most important steps in the certification journey: scoping. She will cover how to scope your environment for a HITRUST CSF assessment and how to define the risk factors related to your scope.  Scoping is the very first step in your certification journey. Before you even contact an assessor, you must determine what your scope is. The controls of the HITRUST…

5 Deadly Information Security Mistakes to Avoid

by Sarah Harvey / June 15, 2023

Learning to swim ahead of the latest threats in information security is important for avoiding a devastating run-in with a malicious attacker. So, we’ve compiled some exclusive advice from our expert security professionals that dispels common misconceptions about information security by outlining some of the deadliest information security mistakes your organization must avoid. Protect your sensitive assets and prevent a data breach from happening at your organization by avoiding these…

PCI Requirement 3.7 – Security Policies & Operational Procedures

by Randy Bartels / December 22, 2022

PCI Requirement 3 states, “Protect stored cardholder data.” We’ve discussed encryption, truncation, masking, and hashing – all methods that can be used to protect cardholder data. We’ve talked about dual control, split knowledge, rendering data unreadable, key-custodians, PAN, sensitive authentication data – all elements that need to be understood in order to fully protect and store cardholder data. But it’s not enough just to learn and talk about these things;…

business people walking

PCI Requirement 3.6.8 – Key-Custodian Responsibilities

by Randy Bartels / December 22, 2022

Someone in your organization needs to be responsible for managing the encryption of your environment and accept the importance of this role. This is why PCI Requirement 3.6.8 states, “Requirement for cryptographic key custodians to formally acknowledge that they understand and accept their key-custodian responsibilities.” Key custodians are one of the most important jobs within your organization. They’re responsible for creating encryption keys, altering keys, recovering keys, rotating keys, distributing…