Oct 14, 2020 | Cybersecurity, Incident Response, Information Security, NIST 800-53, Risk Management
September is National Preparedness Month and October is National Cybersecurity Awareness Month, which makes it a great time to review your organization’s disaster preparedness strategy. Implementing a contingency plan for a natural disaster could be the difference...
Mar 3, 2020 | Compliance, Information Security, NIST 800-53, Payment Card Industry, Risk Management
With acronyms inside of acronyms and hundreds of pages of documentation, choosing a framework for a security controls assessment seems like a daunting task. NuHarbor Security has years of experience working with different controls frameworks, and we have laid out the...
Jun 3, 2019 | Compliance, Cybersecurity, HIPAA, Information Security, ISO27001, NIST 800-53, Payment Card Industry
By: Justin Fimlaid The Ohio Data Protection Act was passed in August of 2018 and went into effect as of November 2018. What’s unique about this data protection law is that it’s unlike recently passed privacy legislation recently seen in California and...
Feb 13, 2019 | Audit, Compliance, HIPAA, Information Security, ISO27001, New York Cyber 23 NYCRR 500, NIST 800-53, Risk Management
By: Kristof Holm We’ve written several blogs on risk assessments and controls assessments. However, these two terms are often co-mingled, used interchangeably, or incorrectly. Unfortunately, it’s very easy to do this and often if we aren’t careful even professionals...
Feb 11, 2019 | Information Security, NIST 800-53, Risk Management
By: Justin Fimlaid The NIST 800-37 Revision 2 was published on December 20, 2018. There were not many material changes rather some minor enhancements to align with recent federal mandates: DSB 2013 Executive Order (E.O.) 13800 OMB Memorandum M-17-25 OMB Circular...
Jan 23, 2019 | Audit, Compliance, Information Security, NIST 800-53
By: Justin Fimlaid In my previous post there’s a big difference between a security assessment and a security program review. The NIST Cybersecurity Framework is a leader and go-to in developing a security program. The NIST Cybersecurity Framework is broken down into...
Jan 16, 2019 | Audit, HIPAA, IRS1075, ISO27001, MARS-E, New York Cyber 23 NYCRR 500, NIST 800-53
By: Justin Fimlaid The beginning of the year is a great time to review your security posture. You have many options available to you as to how you conduct security review. The most common ways that we see companies approach a review of their security program generally...
Nov 15, 2018 | Audit, Compliance, Information Security, NIST 800-53
Author: Kristof Holm I often hear feedback from clients that National Institute of Standards and Technology (NIST) frameworks are too cumbersome and frustrating to implement, with a steep learning curve to understand all the requirements. I can empathize with them,...
Jun 14, 2018 | Compliance, Information Security, NIST 800-53
by: Jeff Bamberger, Senior Information Assurance Analyst If you are a member of your organization’s executive team, then you are likely well-versed with various information security responsibilities, either by choice or by regulation. If your organization is in the...
Jun 12, 2018 | Audit, Compliance, NIST 800-53
Are you shopping for a comprehensive security assessment, but would like to know what you’re in for before starting? In this post, we’ll break down the process, using an example NIST 800-53 security assessment, so you can determine whether you think you’re ready now,...
