As of Dec. 31 2017, contractors that store, transmit, or process certain types of government information were required to comply with DFARS (Defense Federal Acquisition Regulation Supplement) regulations.
Solomon Smith
Recent Posts
A Simple Primer on DFARS NIST 800-171a Regulations
Topics: DFARS
Industry Trends
Cybersecurity in the healthcare field has gone through a lot changes the past few years. In 2016 there was a significant jump in the total number of healthcare specific cybercrimes. According to SecurityIntelligence there was a 71% increase of confirmed data breaches in the healthcare sector from 2015 to 2016. Drilling down on that increase revealed that most of the jump was from external (aka "hacking" or ransomware or malware") followed by internal non-malicious (aka accidents from insiders). Trends are showing that cybercriminals have found more value in healthcare data and the potential for long term use is much higher because it is more difficult to change an individual’s "health data". Another eye-opener is that the type of healthcare entities affected is not limited to hospitals. Business associates, specialized care providers and healthcare plan have all been targets for cyber crime. Oncology, anesthesiology, orthopedic, and radiology are a few of the specific entities that were in the top 10 largest healthcare breaches of 2016. This data tells us that cybercriminals will target or find data outside of the large medical providers and may even be targeting the organizations that have lagged behind in implementing security controls.
Topics: Cybersecurity, Network Security, HIPAA, Information Security, Data Security, healthcare
For any business leader or CIO, navigating the world of cybersecurity insurance can be very complicated. It seems as if there are often more questions than answers, it can be difficult to know who you need to speak to in order to get what you need. This article will attempt to provide some direction, point out a few of the pitfalls, and help you to ask the right questions within your organization.
Topics: Cybersecurity, cybersecurity insurance, insurance, it risk assessment
The Significance of Data Ownership and Classification
Data ownership and classification are usually initiatives companies think about much after implementing many other layers of controls like firewalls, patching, or antivirus. But because of legislation like Health Insurance Portability and Accountability Act (HIPAA) and the US Family Education Rights and Privacy Act (FERPA) companies are required to know what data they possess and assure they are securing it. Most organizations retain large quantities of data and some even call it “big data” but many do not have the certainty of what type of data it is, what are the data elements, where it is stored, when it should be destroyed, and how to protect it. This article will explore those elements and highlight the importance of data ownership and classification.
Topics: Cybersecurity, Data Classification, Information Security, Data Retention, Data Security, Data Protection, Data Ownership