Leviathan Security Group Offers Pre-Draft Comments on NIST SP 800-66, Implementing the HIPAA Security Rule
Risk Advisory Wendy Everette & James Bohem Risk Advisory Wendy Everette & James Bohem

Leviathan Security Group Offers Pre-Draft Comments on NIST SP 800-66, Implementing the HIPAA Security Rule

Leviathan submitted general comments on what Revision 2 should cover, as well as specific feedback on updates needed to the standard, which was first published in 2008. As readers will be aware, a lot has changed in that time, including the explosive growth in cloud computing and Software As a Service (“SaaS”) tools.

Read More
Common Security Certifications & Audits: A Review of Some Standard Security Certifications for SaaS Vendors
Wendy Everette Wendy Everette

Common Security Certifications & Audits: A Review of Some Standard Security Certifications for SaaS Vendors

SaaS companies can demonstrate their security maturity level in a few ways, including through the use of one or more standardized security audits and certifications. While compliance is certainly not the totality of security, audits can demonstrate a certain level of organizational maturity and require evidence of some security safeguards; in other words, they show that someone is likely meeting a minimum bar of security best practices, but they do not demonstrate “unhackability” (and indeed, nothing can).

Read More
Cybersecurity Recommendations in a Rapidly Emerging Telework Environment
Risk Advisory The Risk and Advisory Services Team Risk Advisory The Risk and Advisory Services Team

Cybersecurity Recommendations in a Rapidly Emerging Telework Environment

Some companies, particularly those who work with sensitive health information, have traditionally relied extensively on physical security controls and enterprise firewalls in their office. With workforces scattered to their residences in recent days, many enterprise security controls are no longer operating in the same way.

Read More