If you work in retail or payment processing, you may already know about PCI DSS. However, you may not know of the details about compliance and transaction processing. For example, did you know that the size of your business and the number of transactions you process actually change how you comply with PCI DSS?

Here, we’ll break down the merchant levels in place to address this difference and how it could impact you as an organization facing PCI DSS requirements.

Read More

Cybersecurity is a community practice. Different innovations and discussions about new vulnerabilities, threats and controls inevitably influence security implementations in multiple markets and industries, depending on their applicability. This is just as true for healthcare, an industry generally governed by HIPAA. HIPAA, however, is complex, and organizations working in healthcare often look outside their own industry to help them better understand cybersecurity outside just hitting compliance checklists. That’s where NIST 800-66 comes in. 

In this article, we’ll discuss HIPAA security and how it relates to NIST 800-66. This NIST document helps healthcare providers under HIPAA understand more advanced security controls that could support their compliance, privacy and cybersecurity controls. 

Read More

Risk assessment has been and continues to be, one of the more challenging cybersecurity practices that many organizations will put into place. Unlike simple security control implementation and maintenance, risk assessment calls for your organization to understand how adopting, or not adopting, particular controls, operations or processes can impact security.

As the federal government and the defense supply chain are turning more and more attention to the importance of cybersecurity (including President Biden’s Executive Order on the subject and the several bills in Congress addressing limitations in our security posture), businesses working in that area will be expected to implement risk-based compliance. This fact, in turn, means that you must understand critical government frameworks that speak about risk. 

In this article, we are discussing NIST 800-30 and how it serves as a foundation for risk assessment in government compliance. 

Read More