Blog Archives

CCPA Update: 4 Things to Know About the AG’s Proposed Regulations

by Sarah Harvey / December 15, 2022

On October 10, 2019, the California Attorney General released the much-anticipated California Consumer Privacy Act (CCPA) proposed regulations – providing some clarity to the strict data privacy law. The proposed regulations were divided into four key areas: notices to consumers, consumer requests, verification requirements, and special considerations for minors. What do you need to know about these regulations? How will they impact your organization’s CCPA compliance efforts? Let’s discuss. CCPA…

Dangers of XSS Attacks at Healthcare Organizations

by Sarah Harvey / June 14, 2023

In October 2019, Citizen Times reported that Mission Health, North Carolina’s sixth-largest health system and HCA Healthcare’s North Carolina Division, had disclosed a data breach caused by a cross-site scripting (XSS) attack. Cross-site scripting (XSS) vulnerabilities rank among OWASP’s top 10 web application security risks. XXS occurs when a web application doesn’t properly sanitize user input and their input (such as malicious code) is either reflected or stored on the…

HITRUST Update: HITRUST CSF® v9.3 Release

by Sarah Harvey / December 15, 2022

HITRUST®, a the leader in information security and privacy risk management and compliance programs, has announced a much-anticipated update to the HITRUST CSF in an effort to remain one of the leading data protection standards. HITRUST CSF v9.3 adds new privacy and security standards and updates six others existing within the certifiable framework. These changes were made in response to the ever-shifting information security landscape that is consistently updated with…

Best Practices for Privilege Management in AWS

by Sarah Harvey / December 15, 2022

Could what happened at Capital One happen at your organization? That depends on your commitment to cloud security. This breach could happen to any organization that’s not educated on AWS vulnerabilities and best practices. We’ve talked about how security misconfigurations played a role in Capital One’s breach, but now let’s discuss how privilege management contributed to this successful hack. What Happened at Capital One with IAM Misconfigurations? According to Verizon’s…

Stages of Penetration Testing According to PTES

by Sarah Harvey / November 3, 2023

What is the Penetration Testing Execution Standard (PTES)? The Penetration Testing Execution Standard, or PTES, is a standard that was developed and continues to be enhanced by a group of information security experts from various industries. PTES provides a minimum baseline for what is required of a penetration test, expanding from initial communication between client and tester to what a report includes. The goal of PTES is to provide quality…

Blog

Blog

CCPA Update: 4 Things to Know About the AG’s Proposed Regulations

Dangers of XSS Attacks at Healthcare Organizations

HITRUST Update: HITRUST CSF® v9.3 Release

Best Practices for Privilege Management in AWS

Stages of Penetration Testing According to PTES

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.