[4 min read] We all know how hectic the life of a CISO can be regardless of the size of business they support or the industry they are involved in.  CISOs face many challenges including one that is becoming increasingly important: handling the Risk Management program for their organization. With ...

[4 min read] When it comes to managing risk, companies often overlook their vendors. But Vendor Risk Management should be an integral element of any robust data security program.  A 2020 study by the Ponemon Institute showed 51% of companies have experienced a data breach caused by a third party. ...

[4 min read] We are at a turning point as companies are deciding what to do about returning to the office after the pandemic. As many schools prepare to welcome children back this fall, should you also be expecting your employees to return to the office, and how will you handle your data security ...

[4 min read] Late last year we wrote a blog that looked at Risk Management and Data Security and suggested what you might do differently as we headed into 2021. Without a doubt, 2020 created a considerable amount of uncertainty and risk, making Risk Management and Data Security hot topics for most ...

[4 min read] There’s one thing that you can count on in the news right now and that’s another report of a data breach or ransomware attack. They seem to be more and more frequent with the hackers demanding higher ransom amounts to have valuable company data returned.  Recently, it was the Kaseya ...

[4 min read] Have you ever wished you could run a marathon?  I have run a few and I can tell you it is hard work and takes a lot of training just to complete it, let alone run a good time.  The body is not naturally conditioned to run for that long, as it can only physically store so much energy.  ...

[3 min read] Many organizations know that they need to operate in line with HIPAA to protect sensitive data but they have also heard about HITRUST CSF certification. As the next step in their data security and compliance journey, customers often ask us about becoming HITRUST certified. Ostendio has ...

[4 min read] I have learned over my time working in the cybersecurity space that for many people and business leaders there is a lot of confusion between risk assessment and risk management. Very often the performance of cumulative risk assessments is mistakenly described as risk management.  This ...

[4 min read] Security Audits can improve your organizational efficiency and data security When it comes to conducting audits there are multiple benefits to an organization.  We discussed this, and more, with Dale Dresch, Director of IT Services at Maloney+Novotny, on our recent webinar. Dale spoke ...

[4 min read] Daunting. That’s the word we hear the most from customers when it comes to thinking about completing a security audit. Time, money and confusion – these are just the beginning of the challenges that go hand in hand with any security audit from FedRAMP to SOC 2 or HITRUST. But there’s ...

[5 min read] Customers see a lot of confusing terms when they are looking at building a security program.  Terms such as “regulatory compliance”, “security frameworks”, “Information Security Standards”, and “Security controls”.  Of all the buzz words we hear these days “regulatory compliance” is a ...

[4 min read] We talked previously about the type of cybersecurity and risk management challenges to expect in 2021, but the trends driving these challenges are equally important to understand. In his recent Gartner publication called “Top Security and Risk Management Trends 2021,” Peter Firstbrook ...

[4 min read] SOC reports simplified with our top 10 questions and answers One of the most popular frameworks we get questions about is the SOC 2 report. Companies often get an unexpected request from a customer or prospect who is seeking verification of their data security and risk management ...

[4 min read] 5 Key features you need that a traditional GRC provider doesn’t offer When we talk to customers, prospects and even audit partners, they are often overwhelmed with the choices they have for a GRC (Governance, Risk and Compliance) tool or don’t really know what a GRC tool does.  There ...

[4 min read] Hint Health is a technology enabled Direct Primary Care (DPC) solutions company that partners with visionary provider organizations to build successful DPC programs. They developed the HintOS™ platform, an enterprise-grade DPC management platform that powers the largest and ...