Firewall security devices, including routers and Intrusion detection and/or prevention systems, play a critical role in system of controls to prevent and detect unauthorized access to data and information-related assets. Firewall security devices represent the logical perimeter security for electronic…
Any applications developed internally or outsourced should follow secure coding practices to prevent common vulnerabilities and potential data breaches. The application’s design and implementation should ensure that the risks of processing failures leading to a loss of integrity are minimized.…
What is the GDPR regulation and when did it passed? The EU General Data Protection Regulation, or GDPR for short, is a sweeping regulation passed in December of 2016 to protect the privacy rights of European citizens and to promote…
Medical devices improve health, quality of life, and even save lives. As such, medical device use must be appropriate for the context and setting in which it is intended. They must be safe for the patient to use and abide…
The network should be designed, configured, and maintained to deliver high performance and reliability to meet the needs of the business, while also providing access controls and necessary privileges. The intent of network security management is to protect the critical…
As a follow up to the security auditing and logging article, security monitoring and reporting is an essential part of a robust information security program. Adequate procedures should be in place to monitor any log-in attempts to information systems and…
Generally accepted security auditing and logging practices should be adhered to ensure that the policies and procedures regarding compliance with the implementation specifications of certain standards and regulations (e.g. HIPAA, PCI, ISO 27001, HITRUST) are being met. Auditing and logging…
A vendor management program is designed to provide the organization the assurance that vendors, third-party service providers, contractors, and subcontractors are meeting the same standards of security as implemented for the protection of information systems and information assets. The vendor…