Leviathan Security Group Offers Pre-Draft Comments on NIST SP 800-66, Implementing the HIPAA Security Rule
Risk Advisory Wendy Everette & James Bohem Risk Advisory Wendy Everette & James Bohem

Leviathan Security Group Offers Pre-Draft Comments on NIST SP 800-66, Implementing the HIPAA Security Rule

Leviathan submitted general comments on what Revision 2 should cover, as well as specific feedback on updates needed to the standard, which was first published in 2008. As readers will be aware, a lot has changed in that time, including the explosive growth in cloud computing and Software As a Service (“SaaS”) tools.

Read More
Common Security Certifications & Audits: A Review of Some Standard Security Certifications for SaaS Vendors
Wendy Everette Wendy Everette

Common Security Certifications & Audits: A Review of Some Standard Security Certifications for SaaS Vendors

SaaS companies can demonstrate their security maturity level in a few ways, including through the use of one or more standardized security audits and certifications. While compliance is certainly not the totality of security, audits can demonstrate a certain level of organizational maturity and require evidence of some security safeguards; in other words, they show that someone is likely meeting a minimum bar of security best practices, but they do not demonstrate “unhackability” (and indeed, nothing can).

Read More