type:

Article

Check out our extensive library of blog articles to stay informed of the latest cybersecurity and compliance news and information.

Article

Hacking Building Controls: The Target breach – 5 years later

HVAC and other environmental systems are now being connected into corporate networks to automate building controls. Organizations using Internet-connected systems without security controls can provide hackers an opportunity to gain access to other critical organizational systems and networks.

Cybersecurity
Read More about the Hacking Building Controls: The Target breach – 5 years later
Article

Lessons Learned from 2018 Healthcare Data Breaches

There were 503 healthcare data breaches reported in 2018, with over 15 million healthcare records exposed.

Healthcare
Read More about the Lessons Learned from 2018 Healthcare Data Breaches
Article

Oversight for Campus Affiliates

Along with your campus departments that are processing credit card payments using a merchant ID issued by your acquirer, it is important for your PCI program to incorporate oversight of the compliance efforts of all campus affiliates.

PCI DSS
Read More about the Oversight for Campus Affiliates
Article

Checklist for Third-Party Service Providers

As you are evaluating potential third-party vendors, you may want to reference this quick checklist to make sure you have all of your PCI “ducks in a row”

Third-Party Service Providers
PCI Third-Party Checklist about the Checklist for Third-Party Service Providers
Article

Crowdfunding on Campus – Considerations for PCI

With regards to PCI compliance, we did want to share some basic guidance on what to evaluate before launching a crowdfunding campaign for your organization.

PCI DSS
Read More about the Crowdfunding on Campus – Considerations for PCI
Article

Requirement 9.9: A How To Guide for Device Inspections

Although your general information security training may briefly discuss attack methods like skimming, you should create a specific program around Requirement 9.9 for any department or merchant accepting in-person transactions.

PCI DSS
Read More about the Requirement 9.9: A How To Guide for Device Inspections
Article

NIST SP 800-171 Framework Series: Audit and Accountability

The third family of controls within the NIST SP 800-171, Audit and Accountability, is critical in both the prevention and detection of data breaches. Comprehensive and accurate system logging can significantly reduce the impact of a potential breach.

NIST Framework
Read More about the NIST SP 800-171 Framework Series: Audit and Accountability
Article

NIST SP 800-171 Framework Series: Physical Protection

Section 3.10 within the NIST SP 800-171 rev 2 focuses on the physical access to an organization’s systems and the measures taken to protect equipment, buildings, and related supporting infrastructure against threats associated with the physical environment.

NIST Framework
Read More about the NIST SP 800-171 Framework Series: Physical Protection
Article

Phishing Your Faculty and Staff: Why You Should Do It

Most organizations will train their users not to click on links or open attachments in suspicious emails, but for many employees, their daily job responsibilities include opening attachments from customers and clicking on links within emails to review information.

Phishing
Read More about the Phishing Your Faculty and Staff: Why You Should Do It