What is a Managed Firewall and Do You Need One?
Overview of key changes in the CIS controls update. See what’s new in the CIS Controls (v8) and how this free resource can help maximize your security.
The NIST cybersecurity framework can help guide small-to-medium sized organizations improve their cybersecurity posture.
Criminals have countless methods and types of phishing emails to trick email users.
How do you block access to your systems (and sensitive data) from hackers in the outside world?
System logs are part of HIPAA compliance and specifically mentioned in two different requirements.
Log management and regular log review could help identify malicious attacks on your system.
Merchants must “address all known security vulnerabilities and [be] consistent with industry-accepted system hardening standards.”
Learn how to help your employees be better prepared to fight against social engineering tactics.
The biggest difference between SAQ A and SAQ A-EP is based on how cardholder data is handled.
There are some key changes to the PCI DSS 4.0 SAQ questionnaires you will want to be aware of.
You will need to be compliant with PCI DSS 4.0 by March 31, 2025. We recommend starting your transition to 4.0 by reading the documents that explain the new PCI standard, including the executive summary, which has a lot of good information in it.
Lack of budget is a plague that affects risk and compliance officers at health organizations of all sizes. This post will give you the information you need to more accurately plan your HIPAA budget.
Why do you need to comply with PCI if you’ve already taken care of HIPAA?
My stance on patient sign-in sheets is that unless there is a valid business reason for having them, don’t do it.
Is it your responsibility to ensure that your clinic is HIPAA compliant?
Whether you’re a CIO, the head of IT, or in a non-security-related position, if your data security practices are unclear, your company is at a greater risk to a data breach.
Performing an SAQ A version 4.0 Self-Assessment: Several new requirements, both existing in version 3.2.1 of the standard and some newly created for version 4.0, have been added to increase the security of outsourced ecommerce environments.
There are two website prefixes: One shows the site you are on is secure (HTTPS), and the other does not (HTTP).
This blog will cover the three types of HITRUST CSF certifications. It will also cover what you can expect to achieve upon completion of each type of assessment and general guidelines of which assessment is best for your organization.
Do You Need a Web Application Penetration Test? It’s important for your business to find and remediate any vulnerabilities your web applications may have. This is where web application penetration testing comes in.
We outline the penetration testing process in detail and answer some of the most frequently asked questions related to this important security test.
Read this blog to help you determine what type of penetration test is best for your business.
What is it like working with SecurityMetrics? SecurityMetrics’ central objective is to help companies secure their data, not just meet compliance standards. We love working with organizations who have that same vision for security.
.svg)