OCR Crosswalk Between NIST Cybersecurity Framework and the HIPAA Security Rule

Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity was issued by President Obama in 2013, and called for the development of a voluntary risk-based cybersecurity framework (CSF) that is “prioritized, flexible, repeatable, performance-based, and cost-effective.” In response, the National Institute of Standards […]

LoadingAdd to favorites

Vulnerability Assessment vs. Penetration Testing—Which One is Right for You?

Many organizations conduct vulnerability assessments, while fewer conduct regular third-party penetration tests. Both are critical components of a Vulnerability and Threat Management program. Vulnerability assessments identify security vulnerabilities in an environment, such as applications, networks, etc. Testing should produce a prioritized list […]

LoadingAdd to favorites

The NIST Cybersecurity Framework

Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, was issued by President Obama in 2013, and called for the development of a voluntary risk-based cybersecurity framework (CSF) that is “prioritized, flexible, repeatable, performance-based, and cost-effective.” In response, the National Institute of […]

LoadingAdd to favorites

HITRUST – What it is, Benefits and Determining if it is for Your Company

Among other mandates, Title II of HIPAA defined policies and procedures and provided guidelines for maintaining the privacy and security of individually identifiable health information. Its Administrative Simplification (AS) rules directed the Department of Health and Human Services (HHS) to draft rules aimed at […]

LoadingAdd to favorites