Main Menu
  • Filter:
image
Blog

A Tactical Crisis Response to Healthcare Cybersecurity

Introduction In May the Health Sector Coordinating Council (HSCC) and the Health Information Sharing and Analysis Center (H-ISAC) collectively created a tactical guide for how healthcare organizations can manage their...

image
Blog

Cloud Computing & Risk Management: A Review of the FFIEC's Recent Statement

Out of sight out of mind feels pretty good, doesn’t it? Especially with not only is it out of sight, it is off the ground. Your organization’s data is so...

image
Blog

Pt. 6: A Readiness Roadmap to the CMMC Level 5

In our previous blog, we discussed the purpose of Level 4 and the requirements that potential contractors will need to meet for Level 4. As we continue along the maturity...

image
Blog

COVID-19 Impacts on HIPAA: Maintaining Security and Privacy for Your Organization

COVID-19 has changed the HIPAA landscape in the short term, and some of these changes will undoubtedly echo long after the pandemic has ended. We’ve summarized the latest changes and...

image
Blog

Pt. 5: 7 Tips for Achieving CMMC Level 4 Readiness

In our previous blog, we discussed the purpose of Level 3 and the requirements that potential contractors will need to meet to achieve Level 3 readiness. As we continue along...

image
Blog

3 Simple Ways to Test Your Business Continuity Disaster Recovery Plan

There are numerous resources that provide the means for developing a business continuity plan. These include the achievement of such activities as team formation, business impact analysis, evaluation of legal...

image
Blog

COVID-19 and Maintaining the Integrity of Your Information Security Policy

Remote Work and Information Security Policy Exceptions There is a well-known metric included in risk assessments known as the Annualized Rate of Occurrence, or ARO. Risk events have varying AROs...

image
Blog

5 Policies Critical for Maintaining Security Standards During Pandemic

As businesses continue to work from home in an effort to flatten the curve during the COVID-19 pandemic, it is critical to have effective policies in place. More importantly, your...

image
Blog

Pt. 4: 6 Pitfalls to Avoid in CMMC Level 3

In our previous blog, we discussed the purpose of Level 2 and the requirements that potential contractors will need to meet to achieve readiness for Level 2. As we build...

image
Blog

Pt. 3: Level 2, A Readiness Roadmap to the Cybersecurity Maturity Model Certification

In our previous blog, we discussed the purpose of the Cybersecurity Maturity Model Certification (CMMC) and the requirements potential contractors will need to meet to achieve compliance with Level 1....

image
Blog

Pt. 2: Level 1, A Readiness Roadmap to the Cybersecurity Maturity Model Certification

In our previous blog, we discussed what it is going to take to achieve readiness for the Cybersecurity Maturity Model Certification (CMMC). Potential contractors should determine target contracts, identify and...

image
Blog

A Readiness Roadmap to the Cybersecurity Maturity Model Certification

In our previous blog, we discussed the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S))’s upcoming roll out of approximately 10 large contracts which will require...

image
Blog

NIST’s Privacy Framework: An Enterprise-Wide Approach to Protecting Individual Privacy

Framework Overview In January, NIST launched version 1.0 of its Privacy Framework - a voluntary tool to help companies identify and manage their products and services while protecting their customers’...

image
Blog

Introduction to CMMC Readiness

CMMC Background...

image
Blog

Friday Brief: How Contractors can Prepare for Upcoming CMMC Requirements

What is the CMMC? Earlier this year, the DoD announced a new standard for cybersecurity certification of its contractors and sub-contractors. The standard is known as Cybersecurity Maturity Model Certification...

image
Blog

XaaS, Part 2: Infrastructure as a Service (IaaS)

Getting Started with IaaS As a businessperson, deciding whether to deploy an aspect of your business to the cloud can be an ordeal, especially if cloud computing discussions are not...

image
Blog

XaaS, Part 1: Demystifying "The Cloud"

Laying the Foundation Cloud computing is here to stay, and businesses of all sizes are strategizing to catch up and keep up. In this multi-part series, we will demystify cloud...

image
Blog

Early Review of AICPA’s SOC for Supply Chain Criteria Pt. 2

Part 2 of 2 in our deep dive into the AICPA’s proposed Description Criteria for its new SOC Suite of Services, SOC for Supply Chain This is our final blog...

image
Blog

Early Review of AICPA’s SOC for Supply Chain Criteria Pt. 1

Part 1 of 2 in a deep dive into the AICPA’s proposed Description Criteria for its new SOC Suite of Services, SOC for Supply Chain Recently, the AICPA has released...

image
Blog

How HIPAA Compliance Efforts May Impact Your Overall Security Posture

HIPAA security and privacy rule requires many resources for an organization to be compliant. Resources can be time consuming and often create operational issues and financial burden for covered entities....

image
Blog

Summary: Early Review of AICPA’s SOC for Supply Chain Criteria

A summary of the AICPA’s proposed Description Criteria for its SOC for Supply Chain Recently, the AICPA has released its exposure draft for the SOC for Supply Chain Description Criteria...

image
Blog

3 Data Governance Strategies for Financial Institutions

Read Time: 5 Minutes Data Governance is how we describe the processes and management of data in any given organization. This includes the processes around the protection and use of...

image
Blog

2018 SOC 2 Criteria and Positive Cybersecurity Impacts

How the AICPA’s 2018 SOC 2 Update can Positively Impact your Cybersecurity Model and Organization READ TIME: 2 minutes In January 2018, the AICPA released detailed guidance on its newest...

image
Blog

2018 in Review: HIPAA Violations

In 2018 there were various fines paid by healthcare organizations for failure to comply with the HIPAA security and privacy standards. Reviewing the trends of fines in 2018 can be...

image
Blog

HHS Finally Offers Cybersecurity Guidance to Healthcare Organizations

I’ve worked with healthcare organizations of all sizes for many years and questions are regularly asked about what the best controls framework is for building a cybersecurity program. Surprisingly, very...

image
Blog

SOC for Cybersecurity: Providing Board Members the Keys to the Castle

Earlier this year, the AICPA’s Center for Audit Quality (CAQ) released their Cybersecurity Risk Management Oversight: A Tool for Board Members. In this document are questions to help direct a...

image
Blog

Lessons Learned from SOC for Cybersecurity Readiness Assessments

During 2017, the AICPA issued a formal framework to allow independent accounting firms to attest to the cybersecurity related posture for companies. In connection with this issuance, firms are able...

image
Blog

NIST for Cybersecurity: What You Need to Know About the Framework v1.1 Update

At the end of April, NIST released the v1.1 update to its Cybersecurity Framework (‘CSF’). (See our introduction to the Framework through our most recent blog article.) HORNE had the...

image
Blog

NIST for Cybersecurity: Understanding the Framework

NIST Cybersecurity Framework (CSF) Overview The NIST Cybersecurity Framework is a cybersecurity risk management program developed with a focus on industries necessary to national and economic security, such as the...

image
Blog

Building the Audit of the Future: Diving Deeper into the Role of the Auditor

Last week in “Building the Audit of the Future: The Roles of Robots and Humans”, we talked about the technology pieces of the audit of the future and the need...

image
Blog

Building the Audit of the Future: The Roles of Robots and Humans

When most people think about the audit of the future they think about robots. Now, I don’t know about you but when I think about robots and the future I...

image
Blog

What You Need to Know About the SEC’s New Cyber Guidance

During the primetime of the 2017 10K filing season, the SEC issued additional guidance and expectations for cybersecurity disclosures. Cyber has been a hot topic for the SEC in the...

image
Blog

Providing Peace of Mind Around Your Law Firm's Data Security

Have you ever wondered why Amazon Web Services (AWS) is so focused on security? When you visit their compliance page, they have nearly every privacy and security badge available, noted...

image
Blog

6 Steps to NIST 800-171 Compliance

NIST 800-171 provides a framework for the protection of controlled, unclassified information (CUI). The framework is intended to provide guidance for nonfederal entities working with and accessing the data of...

image
Blog

How Secure Are Your Vendors?

The spotlight on the topic of vendor management has been shining even brighter lately with a large number of data breaches resulting because of poor vendor processes. With vendors being...

image
Blog

CMS May Want Their Money Back

The old adage ‘Money can make you do crazy things’ can easily be applied to both our personal and business lives. Within the healthcare industry, HITECH incentive payments were offered...

image
Blog

What You Need to Know About Cyber Regulations

Everyone hears about cyber risk, but not everyone is aware that that the federal government is taking steps to help protect public companies and investors from malicious hackers. Recently, the...

image
Blog

Better, Faster, Cheaper? What Audit Clients Should Expect from Next Generation Audits

The auditing profession is understandably shaken by the impact of automation on audit services. A substantial portion of what we as auditors do now as auditors can and will be...

image
Blog

Will the FDA Strengthen Cybersecurity Requirements for Medical Devices?

Earlier this year, the FDA released guidance for Postmarket Management of Cybersecurity in Medical Devices. While many agree that the recommendations will help guide developers and manufacturers, these are still "non-binding"...

image
Blog

Four Steps to Managing Vendor Security

Target. Home Depot. Wendys. The stories of significant cyber breaches are in the headlines every day. Board members and CEOs are growing more and more concerned about cyber risk management...

image
Blog

Breaking Bank: Episode 3

Over the last several weeks we have witnessed the story of a Bank who thought that compliance was enough to keep their customer’s information and the Bank’s reputation secure. However,...

image
Blog

Breaking Bank: Episode 2

Last month we began the story of a very ambitious bank filled with well-intentioned individuals who love their jobs and want to see their customer’s information protected. We were introduced...

image
Blog

Cybersecurity: Are You the Gazelle at the Back of the Herd?

In response to the headline breaches plaguing organizations across the globe, there have been numerous solutions and recommendations that have gained popularity in the fight to combat cyber-crime. New security...

image
Blog

Cyber SOC – What Board Members Need to Know

The AICPA has issued its much awaited standard on cyber security. The new guidance, referred to as the “Cyber SOC,” allows CPA’s to audit a company’s cyber security. In the...

image
Blog

President Trump's Cybersecurity Executive Order: What You Need to Know

Last weekend’s global cyber-attack shocked a lot of us due to its size, scope and impact. As news broke of the attack around the globe, each story was more concerning...

image
Blog

Breaking Bank: Episode 1

I don’t know about you, but I’ve read a lot of content-filled, factually intense cybersecurity articles over the past few months. I’ve read so many that I begin hearing similar...

image
Blog

SOC for Cybersecurity: What Does this Mean for Your Business?

The American Institute of Certified Public Accountants (AICPA) finalized the guidance for Systems and Organization Controls (SOC) for Cybersecurity reporting this week. This guidance gives organizations guidelines on how to...

image
Infographic

Data is the New Currency

It’s not if a breach will occur, it’s when.  Where should you look for vulnerabilities?  What should you do?

image
Whitepaper

Cybersecurity Considerations For M&A

Investors must place a higher value on the cyber-resilience of a potential acquisition.