ISO 27001 vs NIST Cybersecurity Framework
Blog Numerous laws and regulations worldwide require corporations to adopt them to secure their data. NIST CSF and ISO 27001 are two of the most prevalent in North America. While both frameworks intend to safeguard data and strengthen security, they do so...
ISO 27001 Certification Process Step-by-Step
Blog Increasingly, information security management is becoming a critical, top-priority issue for organizations of all sizes. Whether you serve a domestic or global customer base, protecting your ISMS infrastructure against both internal and external risk is...
HITRUST CSF Controls
Blog If your organization is in the healthcare industry, you focus extensively on valuable data. Whether you create it, store it, transmit or exchange it or simply access it, your systems must be secure in order to protect the confidentiality, privacy and...
HITRUST Self Assessment
International corporate entities, insurance firms, medical practices, hospitals, state and federal government agencies and other companies that operate in the healthcare sector are charged with the crucial responsibility of protecting, storing and transmitting patient...
Qualitative vs. Quantitative Risk Assessments in Cybersecurity
Blog Assessing the risks within your cybersecurity system is one of the key priorities to address when conducting an ISO 27001 project or a related audit. It can be accomplished using quantitative risk analysis, qualitative risk analysis, or a combination...
HITRUST Certification Requirements
Blog To streamline the complex process of complying with a wide range of security standards, representatives from information security, technology, business, and healthcare formed a consortium known as the Health Information Trust Alliance (HITRUST). The...
ISO 27001 Checklist
ISO 27001 (formerly known as ISO/IEC 27001:27005) is a set of specifications that helps you to assess the risks found in your information security management system (ISMS). Implementing it helps to ensure that risks are identified, assessed and managed in a...
ISO 27001 Risk Assessment Methodology
Blog Conducting an internal ISO 27001 audit enables you to assess your company’s security equipment, systems, protocols and procedures to ensure that they are in compliance with industry standards. One of the most important aspects of this process involves...
How to Conduct an Internal ISO 27001 Audit
Blog In order for your information security management system (ISMS) to be viable, you must periodically receive an internal, independent audit that shows how it is meeting the requirements of the IEC ISO 27001 standard. Since organizations, particularly...
Decoding PCI DSS Merchant Levels: A Guide to Compliance
Blog For one to ensure that payment card information remains secure, it’s crucial that you understand the PCI DSS merchant levels. Classified under these levels are the company’s activities, either grouped in relation to the volumes of its transactions or...