A health care provider has closed unexpectedly due to a ransomware attack. ENT & Hearing Services in Battle Creek, Michigan, is the first health provider in the nation to close due to cybersecurity flaws. Since HIPAA is based on NIST 800-53, father to NIST 800-171, ENT & Hearing Services demonstrates the importance of maintaining diligence...Read More
Welcome to part three of our 3-part series about security and compliance. For those of you who missed part one or two, feel free to follow these links to get up to speed on this series: Part 1: Related but Not the Same, and Part 2: Compliance Means We’re Secure, Right? In the previous two...Read More
Welcome to part 2 in our 3 part series about security and compliance. For those of you who missed part one, feel free to give it a quick read here. When the need for compliance hits your organization, many things can be involved, such as hiring outside consultant help, purchasing new hardware and software, even...Read More
Security Vitals will be collaborating with Merit Network, Inc.’s cyber range to conduct product reviews for SC Magazine Pontiac, MI – Security Vitals has been awarded a new contract with Haymarket Media, publisher of SC Magazine. After an extensive search and review process, Haymarket Media selected Security Vitals as the firm to conduct SC Magazine...Read More
Welcome to part 1 of our 3 part series which dives into complicated relationship between security and compliance. There are many misconceptions about information security’s relation to compliance. Compliance does not equal a sophisticated information security system, nor does having a sophisticated security posture mean you are 100% compliant with a regulation or industry standard...Read More
Last month, a Wi-Fi vulnerability called the KRACK Attack was brought to the surface that potentially affects billions of devices. Now this month, Intel announced a security alert for their processor platforms that could possibly affect millions of devices. How bad is it? Intel’s Management firmware on many recent PC, server, and Internet-of-Things are vulnerable...Read More
Last month in October, security researchers announced perhaps one of the biggest vulnerabilities discovered in the past decade. Say hello to the KRACK vulnerability, which is the clever acronym for what’s known as the Key Reinstallation Attack. KRACK likely affects billions of home and enterprise Wi-Fi devices around the world and is all because of...Read More
A letter regarding the NIST 800-171 compliance deadline from the Director, Defense Pricing/Defense Procurement and Acquisition Policy, in collaboration with the DoD Chief Information Officer and the Deputy Assistant Secretary of Defense, Systems Engineering, has developed the enclosed guidance for acquisition personnel in anticipation of this December 31, 2017 implementation deadline. Read More
There is some confusion in the information technology industry at times between compliance and information security. Being compliant with a certain set of standard controls such as PCI DSS, HIPPA, or NIST 800-171, is completely different than having an effective information security posture. Compliance does not equal security, and in turn, security does not equal...Read More
Building an information security program in a business can be a daunting task. It can easily become over complicated and out of control. A lot of companies starting from scratch usually do not have an expert in the security field on staff. This can also lead to an increased amount of time to put this...Read More