Lessons Learned: Major Security Vulnerabilities and Flaws Uncovered During Audit of HealthCare.gov

by Sarah Harvey / December 19, 2022

Last month, an audit of HealthCare.gov uncovered some basic flaws in the security of the government’s healthcare website. The Personally Identifiable Information (PII) of millions of health insurance customers was being stored in a database that, fortunately, was never compromised by way of cyberattack. Medical records are not stored in the system, however, names, Social Security numbers, birth dates, addresses, and phone numbers of customers were left vulnerable to attacks.…

Ask the Auditor: PCI Requirements 5 and 6

by Sarah Harvey / June 13, 2023

As a PCI Qualified Security Assessor (QSA), we receive a lot of questions and concerns from clients who are just stepping into their first PCI assessment, particularly around PCI Requirements 5 and 6; maintaining a vulnerability management program. We have recently sat down with one of our own QSA’s, Steve McEnroe, QSA, CISA, to answer some of the major questions we commonly hear. Here are the highlights from the interview:…

A Checklist to Prepare for Your SSAE 16 (SOC 1) Audit

by Sarah Harvey / December 19, 2022

If your customers rely on you to protect consumer information, chances are you may be asked to produce an SSAE 16 audit report. An SSAE 16 audit is a reporting on the controls at an organization that are relevant to, or may affect a client’s financial statements. This standard is designed to demonstrate that an organization has proper internal controls and processes in place to address information security and compliance…

Creating a Culture of Compliance within your Organization

by Sarah Harvey / June 15, 2023

We are here to help companies make managing compliance, well, manageable. We’ve defined the role and responsibilities of the Chief Compliance Officer. We’ve helped delineate what a Compliance Management System (CMS) is all about. We are now here to share the next best kept industry secret to achieving compliance success – creating a culture of compliance within your organization. You can tell a lot about a company’s overall compliance posture…

Secure Web Application Best Practices

by Sarah Harvey / December 16, 2022

It isn’t news that maintaining a secure web environment is extremely important in today’s technological climate. Performing regular scans and tests of your security posture is best practice and becoming an essential piece to maintaining security at your organization. Web applications have become a common target for hackers, thus the need for better practices. Last week, we tapped into our own developers’ minds to help us put together a list…