Logical Access Archives | Page 4 of 4

PCI Requirement 3.4.1 – Use of Disk Encryption

by Randy Bartels / July 28th, 2017

If your organization is going to use disk encryption as a means to render data unreadable, you need to comply with PCI Requirement 3.4.1. PCI Requirement 3.4.1 states, “If disk encryption is used (rather than file or column-level database encryption), logical access must be managed separately and independently of native operating system authentication and access control mechanisms (for example, by not using local user account databases or general network login…

Compliance is Never Enough: Encryption & Key Management

by Sarah Harvey / April 25th, 2017

Understanding a Key Management Program The purpose of this presentation is to give you a foundation of understanding encryption. This webinar will not delve into the math involved, but rather, you will learn about the different types of encryption, key management basics, algorithm uses, and encryption attacks. First, let’s define and discuss symmetric versus asymmetric encryption. Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both…

Using your HIPAA Risk Analysis

by Sarah Harvey / April 13th, 2017

Congratulations! You’ve completed your initial comprehensive HIPAA risk analysis, no easy task. You’ve gone through the process and planned for and scoped your environment. You’ve identified your risks, threats, and vulnerabilities, and all of the associated requirements necessary to conduct and complete a HIPAA risk analysis. So, now what? Let’s focus on five important steps for using your HIPAA risk analysis; Internal Reporting, Management Responsibilities, Corrective Action, Monitoring, and Auditing.…

Best Practices for Managing Firewall and Router Security

by Sarah Harvey / March 23rd, 2017

When you look at the threat landscape today and the organizations that have experienced a data breach (Target, Home Depot, Arby’s), they all have a common denominator – they were all compliant. They had been checking the boxes like they were asked to do. So, when it seems that compliance isn’t enough, how can we ensure that we are secure? Organizations today should use these examples as motivation to focus…

Blog

Logical Access

PCI Requirement 3.4.1 – Use of Disk Encryption

Compliance is Never Enough: Encryption & Key Management

Using your HIPAA Risk Analysis

Best Practices for Managing Firewall and Router Security

Newsletter

Categories

Learn what you need to get started with our Audit Readiness Guide.