Not All Penetration Tests Are Created Equal

by Sarah Harvey / December 16, 2022

When you vet a company or an individual to perform penetration testing on your organization, what do you look for? Price, certifications, experience? Those are all important aspects, but you must also consider the quality of the penetration testing you will receive. All too often, we see organizations who pay for a penetration test and are expecting a thorough service receive a vulnerability scan labeled as a penetration test from…

GDPR Fundamentals: Data Security Requirements

by Mark Hinely / October 11, 2023

 Appropriate Data Security Controls While GDPR is primarily a data privacy law, it also includes elements of data security. But of course, GDPR is ambiguous so it’s not very prescriptive when it comes to data security requirements for processing personal data. The law requires each organization to evaluate its own data security based on risk, processing activities, and its organizational structure. By putting this in the hands of the…

How Mobile Devices Impact Protected Health Information

by Sarah Harvey / June 14, 2023

The use of mobile devices has absolutely transformed healthcare. Have you ever checked into a walk-in clinic on a tablet? Has a doctor shown you X-rays through a digital screen, rather than on film? Have you paid a medical bill through an app? Mobile devices are altering patient care. The need for mobility in healthcare settings is pervasive and the security threats that mobile devices pose are only going to…

How to Lead a Cybersecurity Initiative

by Sarah Harvey / June 14, 2023

Are you a CISO, CCO, ISO, or member of the IT department that’s building and leading a cybersecurity strategy? Don’t know where to start? The foundation of a cybersecurity strategy should be built on basic principles of security – patch management, risk assessment, network monitoring, vulnerability management. From there, you must cultivate awareness of the evolving threat landscape, observe regulatory responses, continue to train and invest in your team, and…

GDPR Fundamentals: Data Protection Officers

by Mark Hinely / April 5, 2023

 Most organizations who are required to comply with GDPR will have a Data Protection Officer (DPO). The requirement to have a DPO applies if you are a public authority, if your regular activities require large-scale and systematic monitoring, or if your core activities consist of large-scale processing of special categories of data. Qualifications of a Data Protection Officer When hiring a DPO, GDPR specifies that the individual must have…