NetSPI Blog

Deke George
August 11th, 2009

Healthcare Organizations and Tighter Security Requirements

Because of increasing threats, high-profile data breaches, and increased awareness of the damage they cause, we anticipate a substantial tightening of regulations and contractual requirements that will significantly impact information security in healthcare. Today, HIPAA, CCHIT, and state breach notification laws are the main standards that govern security within healthcare systems that deal with protected […]

Alex Crittenden
August 6th, 2009

The Far-Reaching Impact of the PCI DSS

The last few years have seen a great deal of discussion, arguing, hand-wringing, and posturing within the retail / hospitality community regarding the PCI DSS.  It has also driven a lot of investment in technology–and a lot of investment by technology companies. Then PA-DSS came along. The PCI Council took a voluntary program (PABP) and […]

Lee Buttke
July 15th, 2009

PCI and Assessment Consistency

As many organizations that have hired QSAs recently have seen, the Report on Compliance (ROC) has changed quite dramatically for v1.2 of the PCI DSS standard from previous versions. Although previous versions of the DSS required that a QSA address all the controls and properly document them, in fact many ROCs failed to provide adequate […]

Seth Peter
July 14th, 2009

Is your Compliance Driven by More Than an Audit?

Preparing for an audit can be one of the best ways to fund and improve your security program, but this “stimulus package” for your compliance effort typically dwindles once an organization completes or passes an audit. I see this happen frequently in recurring or annual audits, but it is particularly relevant with the recent news […]

Deke George
July 14th, 2009

Compliance vs. Risk

As a company, we’ve tried to understand which organizations are most likely to mature their information security programs. It seems that the answer should be obvious: organizations with valuable assets or the need to have data highly available should be very concerned about information security. This could translate into organizations that have a lot to […]