security & business

COVID-19 has changed the HIPAA landscape in the short term, and some of these changes will undoubtedly echo long after the pandemic has ended. We’ve summarized the latest changes and how you can maintain the security goals for your organization and stay in compliance....

"Belief" Defined It should come as no surprise to us that belief drives everything we do as humans. In honor of the New Year and resolutions, I’d like to bring a little philosophy to the table and show you how it can improve your organization’s cybersecurity posture....

Recently, the AICPA has released its exposure draft for the SOC for Supply Chain Description Criteria for public comment. In a follow-up to my recent blog summarizing the Description Criteria, this blog will be part of a 2-part series exploring the details. In the...

Recently, the AICPA has released its exposure draft for the SOC for Supply Chain Description Criteria for public comment. I reviewed the draft and summarized the overview and main points below. This is an introductory post. Stay tuned for a 2-part deep dive into the...

In January 2018, the AICPA released detailed guidance on its newest SOC 2 Common Criteria (based on COSO 2013 Framework for an entity-wide reporting level). The new framework officially went into effect on December 15, 2018. Many organizations, including some of my...

Turning Attention to Mobile Applications NIST 800-163, Vetting the Security of Mobile Applications, was recently revised from its 2015 version to address the evolving landscape of mobile application security. NIST provides details and clarity on how exactly...