Compliance

NIST Cybersecurity Framework: Third, Go Looking for Trouble
Josh Mayfield
NIST Cybersecurity Framework: Third, Go Looking for Trouble

Throughout this series, we’ve been exploring how a standard issue IT team can implement the NIST Cybersecurity Framework (CSF). Within the framework, there are five principle areas, what I call ‘pillars’, where IT and IT security teams can focus their attention to improve their cyber resilience. We looked at the first two pillars—identify and protect—in previous posts. Here, we can zero-in on the next step to NIST CSF success:...

READ MORE
How Greenville Health Systems Improved Endpoint Security and Achieved HIPAA Compliance
Kim Ellery
How Greenville Health Systems Improved Endpoint Security and Achieved HIPAA Compliance

On average, data breaches cost healthcare organizations $408 per record according to the 2018 Cost of a Data Breach Report by the Ponemon Institute and commissioned by IBM. Across all industries, healthcare has seen the priciest of data breaches for the last 8 years running. To boost security, Greenville Health System, a not for profit, patient-centered healthcare network that serves upstate South Carolina and the surrounding area, knew they...

READ MORE
NIST Cybersecurity Framework: Second, Build a Moat – Part 2
Josh Mayfield
NIST Cybersecurity Framework: Second, Build a Moat – Part 2

The NIST Cybersecurity Framework is a repeatable framework organizations may follow to bolster their security posture. Within it, there are 5 foundational actions that may be flexibly deployed, regardless of industry or setting. In this, the second of a two-part post, we focus on the second action, Protect whereby NIST outlines 4 practical steps to protect data. My previous post explained access control and user awareness. This post takes...

READ MORE
NIST Cybersecurity Framework: Second, Build a Moat
Josh Mayfield
NIST Cybersecurity Framework: Second, Build a Moat

My last post guided you through the first pillar of the NIST Cybersecurity Framework (CSF): Identify. Here, we’ll talk through the steps to fulfill the second pillar of NIST CSF: Protect. But first, let’s consider a small, subtle nuance in our language. “Safe” is an adjective, not a verb. Although everyone wants to describe their data, devices, apps, and users as safe, the label is only true when a...

READ MORE
5 Tips for Compliance Officers Dealing with GDPR
Mark McGlenn
5 Tips for Compliance Officers Dealing with GDPR

GDPR enforcement is here and businesses are taking various approaches to comply. Most noticeable was the flood of emails we all received from companies scrambling to update their privacy policies. Big tech companies are passing the buck onto individual businesses and publishers, making them responsible for any data they may collect. And to the extreme, some organizations are blocking all EU users including retailers like Dick’s Sporting Goods and...

READ MORE