You are viewing 'security compliance'
15 steps for a successful implementation
Implementing an ISO 27001, and subsequently ISO 27002 Information Security Management System (ISMS) is no small feat. It is a daunting task, disruptive to your organization and can also upset employees with necessary changes. How can your organization effectively implement a robust and successful security program?
The first step in determining whether your organization is ready for an ISMS is to ask, how will we benefit from this? Security professionals often overlook this step, but it is critical and can really encourage management's support of the program. It is not financially viable to pursue something that will not at some point increase the bottom line. Discuss whether your organization will retain or acquire customers based on the strength of the security program. Your organization may also experience a competitive market advantage or improve its reputation after implementation. Furthermore, not implementing a program could cause your organization to lose revenue,... read more >
In my time here at Solutionary as a Security Consultant, I’ve had the pleasure of seeing first-hand varying levels of maturity in information security programs. I’ve seen programs that work really well and I’ve seen some that could use quite a bit of maturing. In this blog, I’m going to attempt to identify programs that work well and how their success is achieved.Compliance Focused Program
I have rarely seen a security program succeed when it is solely focused on meeting requirements enforced by some sort of compliance body. Don’t get me wrong, compliance should always be a part of a security program but should not be the main motivation for a security program. I’ve witnessed a lot of compliance driven programs that put compliance at the forefront of security decision making and fail for several reasons. Two of the most common ways these programs fail are described in detail... read more >
“If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization.” – Weinberg’s Second Law
A thousand years ago, anyone who could stack some bricks could call himself a building designer. It took a few centuries and the collapse of a number of buildings, but eventually we decided that there needed to be some restrictions on who could, and who could not, put up a building.
Today, in most occupations that are even slightly technical, you need to be licensed. You can’t just hang up your shingle and go into business designing bridges or wiring buildings. All states require these types of professionals to be licensed, and in many cases to hold a Professional Engineer (PE) certification. Only someone holding the appropriate license can... read more >
12th Consecutive Year as an ASV
Solutionary is pleased to announce that we have successfully completed the annual Payment Card Industry Approved Scanning Vendor (PCI ASV) lab certification test process for 2015-2016. This marks our 12th consecutive year as a PCI ASV. Solutionary has been helping clients remain in compliance with payment card standards as a certified scanning assessor prior to the formation of the PCI Security Standards Council (SSC) in 2006. As discussed in our previous blogs about our PCI certification, we do this every year not because we have to, or because clients have asked us to, but because is it the right thing to do and it will make our client’s lives easier. In addition, this year Solutionary not only successfully completed the PCI ASV certification, but we completed it using two separate unique platforms to give clients the flexibility of using different scan platforms. Sometimes you need a hammer, sometimes you need a... read more >
Has your organization had a checkup lately?
Wellness programs promote the idea of regular checkups and preventive healthcare solutions for our physical wellbeing, so it seems to make sense for healthcare organizations to regularly perform security “wellness” checkups to ensure the safety of the healthcare information they are responsible for. A motivating factor for healthcare organizations to perform security checkups is the five significant healthcare data breaches that have occurred so far in 2015. The total number of individuals impacted by these attacks has totaled 99.3 million and represents almost 70 percent of the 143.3 million individuals impacted by healthcare attacks since 2009.
Healthcare organizations need to be proactive and prepared to defend themselves against all types of attacks on healthcare information.Healthcare Security Checklist
One way to be proactive and prepared is to perform periodic evaluations of security... read more >