What are Web Application Access Control Threats? The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) have released a Cybersecurity Advisory to warn vendors, designers, and developers of web applications, and organizations using web applications, about insecure direct object reference (IDOR) vulnerabilities.1 […]
Category: Government
What is Assessment and Authorization? Assessment and Authorization is defined by the Department of Interior (DOI) as a “…comprehensive assessment and/or evaluation of an information system policies, technical/non-technical security components, documentation, supplemental safeguards, policies, and vulnerabilities.”1 All systems and applications supporting Federal government agencies must follow National Institute of Standards and Technology (NIST) Risk Management […]
What are Radio Equipment Directive Cybersecurity Requirements? The Radio Equipment Directive (RED) is a CE marking directive that regulates the placement of radio equipment on the EU market. CE stands for “conformité européenne” (French for “European conformity”); this marking is mandatory in the 27 EU member states, as well as in Iceland, Norway and Liechtenstein. The […]
What are HIPAA Administrative Safeguards? The Health Insurance Portability and Accountability Act of 1996 (HIPAA, PL104-191) was enacted to protect the privacy and availability of health insurance coverage and medical information. The law’s primary goals include protecting health insurance coverage for workers and their families in the event that the insured employee changes or loses […]
What is the Digital Identity Ecosystem? The proposal formally known as the National Strategy for Trusted Identities in Cyberspace is now the Identity Ecosystem- a proposal from the United States federal government to improve identity authentication on the Internet and make online transactions safer. The proposal has four goals1: The Identity Ecosystem will add another […]
What is an Inadvertent Disclosure under HIPAA? An inadvertent disclosure is an event where a health professional unintentionally reveals protected health information (PHI) to an unauthorized person by mistake. Generally, if PHI is disclosed to unauthorized personnel, a breach of PHI is presumed to have occurred. Depending on the size of the unauthorized disclosure, HHS […]
Categories
CIS Benchmarks
What are CIS Benchmarks? CIS Benchmarks from the Center for Internet Security (CIS) are a set of globally recognized and consensus-driven best practices that are designed to help security professionals implement and manage cybersecurity defenses. CIS Benchmarks were developed with a global community of security experts, and the guidelines help organizations protect themselves from emerging […]
Categories
HIPAA Technical Safeguards
What are HIPAA Technical Safeguards? The Health Insurance Portability and Accountability Act of 1996 (HIPAA, PL104-191) was enacted to protect the privacy and availability of health insurance coverage and medical information. The law’s primary goals include protecting health insurance coverage for workers and their families in the event that the insured employee changes or loses […]
What are Enterprise Resource Planning Systems? Enterprise resource planning (ERP) is a system of integrated software applications that manage business processes and operations in many areas such as finance, procurement, distribution, human resources, supply chains, and more. ERP systems are critical applications as they integrate all of the disparate processes that an organization needs to […]
Categories
Pseudonymization
What is Pseudonymization? The General Data Protection Regulation (GDPR) is a privacy and security law from the European Union (EU) that imposes obligations anywhere in the world where data from EU citizens is targeted and/or collected. The GDPR will levy harsh fines against those who violate their privacy and security standards, regardless of whether the […]