[4 min read] As supply chains become more complex, third-party and vendor data breaches have increasingly become one of the most significant threats...
[5 min read] To the busy CISO, it might seem like implementing a GRC (Governance, Risk and Compliance) tool will be an easy way to create and manage...
[5 min read] Is the AICPA asleep at the wheel? More and more tech companies are seeking to demonstrate their security posture by undertaking a SOC 2...
[5 min read] Vendor Risk management is a hot topic especially when you realize that many of the most high-profile data breaches are due to vendors or...
[3 min read] It is amazing to think about how much data we all create these days. With so many employees working remotely, and the rise in the number...
[4 min read] Security standards, reports, and certifications are becoming essential for vendors and technology firms. Certifications, such as SOC 2,...
[4 min read] I had not heard the term “Mission Corp” until earlier this year. It came up when I was interviewing someone for a role at Ostendio and,...
[3 min read] This blog is the last in a series from the National Cybersecurity Alliance in support of Cybersecurity Awareness Month 2021. Ostendio is...
[4 min read] We all know how hectic the life of a CISO can be regardless of the size of business they support or the industry they are involved in. ...
[4 min read] When it comes to managing risk, companies often overlook their vendors. But Vendor Risk Management should be an integral element of any...
[4 min read] We are at a turning point as companies are deciding what to do about returning to the office after the pandemic. As many schools prepare...
[4 min read] Late last year we wrote a blog that looked at Risk Management and Data Security and suggested what you might do differently as we headed...
[4 min read] There’s one thing that you can count on in the news right now and that’s another report of a data breach or ransomware attack. They seem...
[4 min read] 5 Key features you need that a traditional GRC provider doesn’t offer When we talk to customers, prospects and even audit partners, they...
[4 min read] A recent article in SecureWorld “Lessons from 2020, and what to expect in 2021: An evolutionary time in cyber and privacy” looks back at...
If you’ve recently built a data security and risk management program and passed a security audit, you’ve accomplished more than many organizations. ...
How is your business showing compliance to operational and business risks during these uncertain times? Many companies turn to the popular SOC report...
As we start to adapt to our new quarantined life, one of the things that has struck me is how different people have benchmarked what they constitute...
If you have a team working remotely due to the COVID-19 virus you are obviously not alone as we adjust to this new normal way of work. At present, 1...
There’s an inherent risk to doing business, particularly business that touches personal data. For years now, the business community – from healthcare...
Recent news that PwC (PricewaterhouseCoopers LLP) has agreed to pay US$7.9 million in fines to settle U.S. Securities and Exchange Commission charges...
As many companies - and their vendors - are moving data to the cloud, there are often concerns about the security of their sensitive information. In...
In case you are new to the world of cybersecurity and are struggling to learn or understand some of the new terms you are hearing, don’t worry, we’re...
A SOC 2 report has 5 Trust Services Criteria, which have previously been commonly called Trust Services Principles. These Trust Service Criteria are...
We hear about personal data breaches and cybersecurity attacks daily in the news. The California Consumer Privacy Act (CCPA) is one state’s answer to...
You’ve likely heard about organizations having a culture of compliance but not as much about having a culture of cybersecurity. Yet as threats to our...
Cyber experts like former Federal CISO Gregory Touhill feel that managing risk is paramount to, and more effective than, trying to defend everything,...
No matter the criticism of the “rush job” regarding the newly passed AB375, the California Consumer Privacy Act, its underlying purpose makes it the...
HITRUST (Health Information Trust Alliance) and NIST (National Institute of Standards and Technology) recently announced that they have teamed up and...
When it comes to HIPAA compliance and cybersecurity, the danger comes with thinking one assures the other. It doesn’t. Just skim the daily headlines...
Study Shows that Healthcare's Internal Security Breaches Exceed External Ones Was that Lady Gaga in the emergency room? What kind of procedure is my...
Phishing is quickly evolving to take advantage of that most difficult-to-prevent vulnerability: human error. A lack of security awareness can lead to...
One of the key objectives when developing an effective security and compliance management program is to remain interdependent of core systems. While...
When you’re a medical device manufacturer, your primary goal is to get your product into hospitals and care provider networks. The internet of things...
As we wrap up 2017, the number of healthcare data breaches are up over 2016, with 41% caused by “insiders” per the Protenus Breach Barometer mid-year...
As we wrap up Cybersecurity Awareness Month, keep in mind that cybercriminals are indiscriminate in who they attack. Large business, small business,...
For the last eighteen months or so, media coverage of healthcare hasn’t been focused so much on HIPAA regulations, but on the cybersecurity strength...
We’re proud to announce that Ostendio has been shortlisted as a finalist in the “Best Technology Startup” category for the Third Annual Timmy Awards....
Are you always on the look out for the best InfoSec conferences to attend? We've found several helpful resources to point you in the right direction,...
Ransomware is growing in popularity because it works. A recently released study by Google estimates that ransomware victims have paid over $25million...
It’s reported to have been one of the largest cyber extortion attacks to-date. The WannaCry (aka WanaCryptor 2.0) ransomware attack hit globally and...
Why is healthcare so heavily and successfully targeted by cybercrime? It’s a tough question, but after a record number of breaches last year – nearly...
The Ostendio blog covered a lot of ground this year – from a 3-part series about Cybercrime in Healthcare – to the worst passwords your organization...
After a lengthy process of “putting things to rights” in 17 states, Zenefits is paying up to US$7 million in penalties. As with other digital health...
There’s a streamlined way to get there. A growing number of digital health companies are being asked to adopt the HITRUST standard. You too may soon...
In the last few months we have seen a spike in cybercrime with a series of ransomware attacks in the healthcare industry. Hospitals, from California...
This week we saw yet another cybercrime attack on a large hospital system. This is the latest in a series of apparent ransomware attacks starting in...
Apple held their latest product unveil earlier this week and of course there was the obligatory newest iPhone announcement. What was more interesting...
Digital health companies are rapidly becoming the new frontline for data security in the healthcare industry. This year alone we have seen almost 100...
As a proponent of ISO 27000 series of standards I was delighted to see the International Organization for Standardization release ISO/IEC 27018:2014...