A new supplement to the National Institute of Standards and Technology (NIST) 800-171 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” is on the way. The proposed supplement 800-171B adds 35 new requirements that go alongside...
WannaCry malware hit the news in 2017 when reports of the damaging attack spread through more than 150 countries. The National Health Service in the UK, and FedEx where two of the worst hit organizations, but countless others, including small business, schools, and...
A class action suit is in progress after an estimated 200,000 people had personal data exposed by a hacked server at Casino Rama in Ontario. The breach was made public back in November 2016 when the hacker was able to obtain credentials, access at least two of the...
Auditing and logging are an important part of the HIPAA Security Rule, but the rule contains no specifics on this requirement. According to HIPAA Security Rule – 164.312(b):“Implement hardware, software, and/or procedural mechanisms that record and examine...
Since the National Institute of Standards and Technology Cyber Security Framework (NIST CSF) was established, it has become the framework of choice for organizations to align with to establish “best practice”, and is the foundation for most US cyber...
Record fines come on the heels of warnings from US Intelligence warning of a growing risk to our utility providers. Similar warnings have been issued for law firms, higher education, and small businesses, so this information is relevant to a wide spectrum of...
