PCI Requirement 3.4.1 – Use of Disk Encryption

by Randy Bartels / May 31, 2023

If your organization is going to use disk encryption as a means to render data unreadable, you need to comply with PCI Requirement 3.4.1. PCI Requirement 3.4.1 states, “If disk encryption is used (rather than file or column-level database encryption), logical access must be managed separately and independently of native operating system authentication and access control mechanisms (for example, by not using local user account databases or general network login…

Compliance is Never Enough: Encryption & Key Management

by Sarah Harvey / November 27, 2023

Understanding a Key Management Program The purpose of this presentation is to give you a foundation of understanding encryption. This webinar will not delve into the math involved, but rather, you will learn about the different types of encryption, key management basics, algorithm uses, and encryption attacks. First, let’s define and discuss symmetric versus asymmetric encryption. Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both…

Using your HIPAA Risk Analysis

by Sarah Harvey / June 14, 2023

Congratulations! You’ve completed your initial comprehensive HIPAA risk analysis, no easy task. You’ve gone through the process and planned for and scoped your environment. You’ve identified your risks, threats, and vulnerabilities, and all of the associated requirements necessary to conduct and complete a HIPAA risk analysis. So, now what? Let’s focus on five important steps for using your HIPAA risk analysis; Internal Reporting, Management Responsibilities, Corrective Action, Monitoring, and Auditing.…

Best Practices for Managing Firewall and Router Security

by Sarah Harvey / June 14, 2023

When you look at the threat landscape today and the organizations that have experienced a data breach (Target, Home Depot, Arby’s), they all have a common denominator – they were all compliant. They had been checking the boxes like they were asked to do. So, when it seems that compliance isn’t enough, how can we ensure that we are secure? Organizations today should use these examples as motivation to focus…