The NuHarbor Notice
Less is More: Focusing Your Third-Party Vendor Risk Assessments on the Basics
By: Paul Dusini, Security Manager CISOs, CIOs, and Risk Managers often understand the importance of vendor information security assessments but don’t know where to begin. I manage a team of analysts who perform vendor assessments, and we have experience making this...
read more
Splunk Data Onboarding: Success With Syslog-NG and Splunk – Part 2
By: Dan Potter, Senior Security Engineer If you're just getting started be sure to check out Part 1 of our series: Data Onboarding Success Part 1 - Success with Syslog-NG and Splunk. How do I install syslog-ng? Make sure you download the latest version of syslog-ng....
read morealert(‘XSS – Pwn3d!’) – The Real Dangers of Cross-Site Scripting
Rewrite: Justin Fimlaid Original Author: Hunter Gregal Cross-site scripting, or otherwise known as XSS, is the most common web application vulnerability on the internet. I have found this to be true through both data research and personal experience during penetration...
read moreHIPAA Risk Analysis vs Gap Assessment
HIPAA Risk Analysis vs Gap Analysis –What’s the difference? Author: Mark Brisson I often speak with healthcare organizations and have found that many are unsure of the difference between a HIPAA risk analysis and a HIPAA gap analysis as they related to the Security...
read more
Assessing Vendor Risk: Is reviewing a SOC report enough?
SOC reports and Vendor Management By: Brianna Blanchard, Information Assurance Analyst Statement on Standards for Attestation Engagements (SSAE) audits are conducted by third party auditors and are used to document and evaluate internal controls. The SOC reports...
read more