Mar 3, 2020 | Compliance, Information Security, NIST 800-53, Payment Card Industry, Risk Management
With acronyms inside of acronyms and hundreds of pages of documentation, choosing a framework for a security controls assessment seems like a daunting task. NuHarbor Security has years of experience working with different controls frameworks, and we have laid out the...
Jun 3, 2019 | Compliance, Cybersecurity, HIPAA, Information Security, ISO27001, NIST 800-53, Payment Card Industry
By: Justin Fimlaid The Ohio Data Protection Act was passed in August of 2018 and went into effect as of November 2018. What’s unique about this data protection law is that it’s unlike recently passed privacy legislation recently seen in California and...
Apr 22, 2019 | Audit, Compliance, Cybersecurity, Tenable, Vulnerability Scanning
By: Justin Fimlaid Every organization has different needs related to their vulnerability management program. This varies from the scanner used (cloud or on premise), the places where sensors are deployed, the technology environment, and the needs of your vulnerability...
Apr 15, 2019 | Compliance, Cybersecurity, Information Security, Penetration Testing, Vulnerability Scanning
By: Justin Fimlaid If you haven’t heard of it there is a new banking directive in the U.K. called the Open Banking Directive. This directive went into effect on January 13, 2018. It’s significant for U.S. based banks, because this Directive could apply...
Apr 8, 2019 | Audit, Compliance, Cybersecurity, Information Security
By: Justin Fimlaid First things first, if you are interested in elections security have not heard of Estonia’s electronic voting system I’d encourage you do some research starting with this blog post. There is a lot to Estonia’s e-Government initiative,...
Mar 25, 2019 | Compliance, Information Security
By: Justin Fimlaid For a long time our industry has been saying that addressing people, process, and technology will solve some of the hardest problems in cybersecurity. The term people, process, and technology fundamentally suggests the destination and solution is...
Mar 5, 2019 | Compliance, Incident Response, Information Security, Risk Management
By: Justin Fimlaid Many companies struggle to make the decision on when to hire Information Security or Cybersecurity staff. This is a collection and benchmark from 250 different companies from different industry verticals on how they choose to staff security teams...
Feb 24, 2019 | Audit, Compliance, Risk Management
By: Justin Fimlaid Have you been thinking about getting a SOC2 report? Are you unsure whether you should do a SOC2 Type 1 or a SOC2 Type 2? Confused about which trust service principle to go after? If yes then read on. A SOC2 Report stands for Service Organizational...
Feb 13, 2019 | Audit, Compliance, HIPAA, Information Security, ISO27001, New York Cyber 23 NYCRR 500, NIST 800-53, Risk Management
By: Kristof Holm We’ve written several blogs on risk assessments and controls assessments. However, these two terms are often co-mingled, used interchangeably, or incorrectly. Unfortunately, it’s very easy to do this and often if we aren’t careful even professionals...
Jan 23, 2019 | Audit, Compliance, Information Security, NIST 800-53
By: Justin Fimlaid In my previous post there’s a big difference between a security assessment and a security program review. The NIST Cybersecurity Framework is a leader and go-to in developing a security program. The NIST Cybersecurity Framework is broken down into...
