Ask the Expert: Penetration Testing

by Sarah Harvey / February 20, 2023

Penetration Testing for HIPAA Compliance Penetration testing is a critical line of defense when protecting your organization’s sensitive assets - especially Electronic Protected Health Information (ePHI). Penetration testing is the process of performing authorized security testing of an environment to identify and exploit weaknesses associated with the targeted systems, networks, and applications before those weaknesses can be exploited by a real attacker. When performed in support of HIPAA compliance, the…

How Can Penetration Testing Protect Your Assets?

by Sarah Harvey / January 25, 2023

Every business has something to lose. But…who loses sleep over it? Whose job is on the line if assets are compromised? Who cares about protecting their assets? In recent data breaches, some companies just haven’t shown the expected response when they compromise assets. Take Uber, for example. The core of Uber’s business is drivers and riders, yet they covered up a hack for over a year. Hackers stole 57 million…

Protecting MSPs from Million Dollar Ransomware Attacks

by Amelia Lewis / June 14, 2023

The DarkSide Ransomware Attack on CompuCom On March 3, the IT managed service provider (MSP) announced they had fallen victim to a Darkside ransomware attack. The cybercrime group installed CobaltStrike beacons on several systems throughout the MSP’s environment. These beacons helped the threat actor steal data, spread the virus, and deploy ransomware payloads.  The MSP expects the incident to result in losses of $20 million and counting due to the…

Using NIST 800-53 vs. NIST 800-171 in a FISMA Audit

by Sarah Harvey / June 13, 2023

When any organization engages in a FISMA audit, their information systems are organized according to FIPS 199 and FIPS 200 to determine security categories and impact levels. Then, those systems are tested against a tailored set of baseline security controls. Depending on whether an organization is a federal agency or a private sector entity, different NIST publications of security controls may apply to the FISMA audit. How can you determine…

FISMA vs. FedRAMP

by Sarah Harvey / June 13, 2023

FISMA and FedRAMP audits are often confused because both involve compliance around government data. But, when you dive into the details of each audit, you’ll recognize the differences are stark. Let’s talk through each of these compliance audits and how you can tell them apart from one another. What is FISMA? The Federal Information Security Modernization Act, or FISMA, is U.S. legislation that requires government agencies to meet a standard…