Cyber Risk Assessments Risk assessments are crucial to any organization’s risk management strategy. A cyber risk assessment functions to identify information assets that could be impacted by a cyberattack and what risks are possible for each asset identified. These assessments are necessary for staff to…
While there are many great opportunities provided for real estate businesses, there are also certain risks that should be protected against. A real estate business depends entirely on its agents and its clients, so if there are any issues that threaten either of those groups,…
What are Denial of Service Attacks? Denial of Service (DoS) Attacks are meant to shut down a network, making it inaccessible to intended users. Often, systems are shut down due to malicious traffic meant to overload and cause congestion. This creates a large window for…
What is a Man-in-the Middle Attack? A man-in-the-middle (MITM) attack is a type of cyberattack in which a cybercriminal secretly intercepts communication between two parties, therefore being “in the middle” of their messages. In this attack, the interceptor often will relay the messages to their…
What is Fileless Malware? Fileless malware is a type of malicious software that utilizes legitimate programs, rather than virus-laden files, to infect a host. These legitimate programs are used to execute malicious code in resident memory. Resident memory means stored in a computer’s random access…
What is Spear Phishing? Spear phishing is a means of electronic communication, most commonly via email, that is targeted to a specific individual or business in an attempt to steal private information from the party, such as login credentials or financial information. The goal of…
A network breach, also referred to as network intrusion, refers to a cyberattack or unauthorized activity on your organization’s digital network. This breach typically jeopardizes network security and data. In today’s data-driven climate, a network breach has the potential for quick and severe consequences that…
Third-party risk is quickly becoming a primary concern for many organizations as the utilization of outside resources continues to increase. These organizations are operating in a complex ecosystem that connects data and systems, increasing risk on many fronts. These third parties gain access to employee…
RiskWatch Introduction Thank you for taking the time to read about RiskWatch! Every so often, for the sake of clarity, we like to post a recap of who we are and the products we offer. Since 1993 we’ve been in the business of reducing risk…
Late last week on Friday, October 1st, a major oil spill occurred off the coast of Southern California. An estimated 126,000 gallons of oil had spread across 13 square miles of the Pacific Ocean, sending government agencies into a frenzy as they joined the clean-up…
GDPR Defined The General Data Protection Regulation (GDPR) is a data privacy and security law that was passed by the European Union back in 2018. It quickly made its reputation as one of the toughest laws for its scope and also for its enforcement. We’ve…
GRC Defined GRC is an acronym for governance, risk, and compliance; it’s a term that refers to an organization’s strategy and management for each of those three components. GRC is a structured approach to managing these various aspects of great importance to an organization’s success…
What is Risk Management Software? Risk management software is a necessary tool that aids companies in preventing or managing a variety of risks. These risks include, but are not limited to, financial risk, physical security risk, cyber risk, compliance risk, operations risk, third-party risk, and…
Risk Monitoring Overview Risk monitoring is a crucial step in the total risk management process. Unfortunately, there is never a true end to the risk management process; risk monitoring will always be necessary to understand the risks an organization is facing and how any implemented…
One of the most difficult parts of running a business includes the dependency you have on other people. You depend on your employees to pull their weight and you depend on other companies to help you manufacture, develop, and send out your products. As a…
On June 30th, 2021, the U.S. Department of the Treasury released a set of national priorities in a document titled ‘Anti-Money Laundering and Countering the Financing of Terrorism National Priorities.’ These priorities are aligned with the 2018 and 2020 National Strategy for Combating Terrorist and…
Outsourcing is a business practice of hiring a third party to perform services or create goods that otherwise could be performed in-house by the company’s existing staff. This applies to a wide range of industries and use cases. Examples include marketing efforts, software development, part…
McDonald’s has just recently suffered a data breach, proving once again that gaps in security can exist for companies of any size. This incident is a great reminder to reassess your company’s cybersecurity efforts and check compliance against all relevant industry standards and regulations. The…
In May of 2021, the United States experienced what many are referring to as the largest cyberattack to ever take place on an American energy system. The cyberattack left a major US oil pipeline offline for several days, causing a period of mild panic as…
It is our collective job as members of an organization to work towards mitigating and managing risks wherever we can, and this includes external risks that are often out of our control. In the case of a recession, while there is nothing a company can…
What is Resource Allocation Resource allocation, in the scope of risk management, is the process of how an organization distributes its resources across the company for specific uses. This includes assigning personnel to specific tasks or projects, machines or equipment, and of course monetary resources…
Developing an action plan for cyber-physical systems is an integral part of a complete risk management program that continues to grow in importance. According to Gartner, “By 2023, 75% of organizations will restructure risk and security governance to address new cyber-physical systems (CPS) and converged…
What is Operational Risk? Operational risk, as defined by the Risk Management Association, is the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events, but is better viewed as the risk arising from the execution of an…
Earlier this month, a water treatment plant in Oldsmar, Florida experienced a cyber breach that threatened the lives of thousands of residents. A program that was designed to help the water treatment operators with treatment systems provided a point of entry for a hacker. The…
Securing your data center requires a lot more than some locks and cameras. This is because a data center hosts business-critical data and assets, such as customer information, financial documents, intellectual property, and more. In this blog, we break away from the physical security aspect…
What is a data center? A data center is a location that contains business-critical applications and information, and has components that IT needs to store and manage them. Within one of these centers you would find computing and networking equipment, as well as network infrastructure….
How can we make eco-friendly business decisions that also benefit risk management goals? This is a question a lot of companies are asking lately, for several reasons. Many companies feel a responsibility to minimize their contribution to global warming; others may have more selfish reasons…
Last week, a massive cyberattack on the United States was announced, triggering U.S. national security meetings and mild panic among citizens. Experts are calling this one of the most sophisticated and large scale attacks seen in years. More details have come to light, but much…
Damage from hail storms is one of the leading causes of loss and one that continues to grow. Causing billions of dollars of damage each year, hail damage has quickly become a high priority risk. According to the NOAA’S Annual Severe Weather Report Summary for…
Risk management in banking has largely been focused on compliance with regulations and standards in recent times. This practice primarily stems from the regulations and culture that emerged during the global financial crisis that took place around 2007. The aftermath of this crisis revealed that…
Managing risk is an essential component of every organization accomplishing its key objectives effectively. Risk management not only requires a reliable process to capture risks, but also needs a method to document and administer the organization’s response. An appropriate risk management tool always helps the…
Who is NIST? The US National Institute of Standards and Technology (NIST) is an organization with the goal of improving economic security and quality of life. They pursue this goal by promoting innovation and industrial competitiveness within the US through advancements in science and technology….
Vendor Risk Assessments It’s important to assess vendors to accurately determine the risks of doing business with your third-party partners. At the minimum, most businesses will assess their vendors on an annual basis. In a 2018 report by Opus that surveyed over 1,000 CISOs, CIOs…
Insider threats have always been a significant possibility for many organizations, but in recent months we’ve seen a boom in incidents highlighting this particular risk. Insider threat prevention can be a difficult task to handle, as it generally encompasses viewing your own employees in a…
Today, disaster planning is becoming a more important component of risk management than ever before. It’s no easy task to create or maintain this plan, and you may find yourself spending countless hours speaking with IT and HR teams. Disasters can’t always be avoided, but…
When we look at successful businesses, it can be difficult to gauge every positive contribution to their accomplishments. One certain factor, though, is the combination of unforeseen risk and the quality of risk management implemented. Poor risk management and exhaustive risk management both directly affect…
Each industry has its fair share of acronyms and terminology that can be difficult to learn. To someone outside the industry, these phrases may seem like a foreign language. In Healthcare, HMO (health maintenance organization) is widely used, in marketing we say SEO for search…
Remote Risk Assessments Due to COVID-19, travel has become increasingly difficult and dangerous. So much so, that many businesses require a 14-day isolation period for anyone who has traveled within that time. As government regulations consistently change as well, many are being forced to make…
Construction Risk According to the U.S. Census Bureau, the U.S. construction industry was worth $1.3 trillion in 2019. Within such a large industry like construction, risk is inherent in all activities. Depending on the action, you carry the potential loss of time, resources, money, or…
The Top Risks in Retail Whether your business is a brick and mortar location or you operate as an online entity, retail organizations require specialized risk management to meet their needs. To stay profitable, companies need to watch their bottom line and a retail risk…
Diversity and Inclusion As we settle into the middle of Pride Month and protests across the world call out systemic racism, it feels appropriate that we use this time to address the importance of diversity and inclusion in the workplace. We know innately that diversity…
Reputational Risk Every organization, despite its size, location, or industry, has reputational risk. While any risk carries the possibility of causing undesirable consequences, damage from reputational risk can be disastrous for a company of any size. This blog will aid you in avoiding reputational risk…
Where Do Climate Change and Risk Management Meet? In today’s setting, it is not only a good moral decision to protect the environment, but a risk-conscious decision as well. Climate change is the catalyst for immeasurable risks such as increasing the frequency and severity of…
Top 5 Risks in the Insurance Industry Insurance companies place an abundant focus on protecting their customers and minimizing their impact from risks. However, it’s vital for these insurance companies to acknowledge and prepare for their own risks as well. When there are thousands of…
Secure Remote Meetings Employees have finally adapted to working remotely and settled into new processes, but businesses that have enabled remote working capability shouldn’t breathe easy just yet. For many companies, the shift to working remotely came suddenly as lockdowns and closures of nonessential businesses…
Information Technology is one of the fastest-growing business sectors in today’s economy. This has happened because technology has become an indispensable part of the business landscape. However, as a result, the competition in the Information Technology sector is more serious than ever. This means…
Third-Party Risk Third parties are a necessary risk for many organizations, helping them to expand their reach and services to limits far past what could be achieved on their own. For many, this boils down to the cost-effectiveness of certain functions, keeping revenue highest by…
Cyber Risk Assessments Risk assessments are crucial to any organization’s risk management strategy. A cyber risk assessment functions to identify information assets that could be impacted by a cyberattack and what risks are possible for each asset identified. These assessments are necessary for staff to…
Changes in Workforce Flexibility The workplace has changed more in the last few years than the last two decades combined, especially in terms of flexibility. Only a fraction of the US workforce had access to remote work in 1985. Today, around two-thirds of American workers…
The Coronavirus As the coronavirus continues to spread throughout China and the rest of the world, we’re seeing serious effects on businesses. From shuttering factories to employee death, the influence of the coronavirus (COVID-19 ) is definitely playing itself out as a worst-case scenario. However,…
What Is the CAN-SPAM Act? The CAN-SPAM Act essentially dictates what can and cannot be done in regards to commercial messaging, including what can happen if you’re noncompliant. Formally referred to as The Controlling the Assault of Non-Solicited Pornography And Marketing Act, the act was…
Risk Management Overview Risk management is the process of identifying, assessing, and controlling risks. This is crucial to the success of an organization as it impacts decision making and influences response to different incidents. An effective risk management plan allows you to navigate an environment…
Risks in Education Whether students are 6-years-old or 40, educational institutions are responsible for providing them with a safe, productive learning environment free of risks. Education risk management is becoming increasingly important as institutions move away from simply checking boxes for compliance; they are learning…
What is the California Consumer Privacy Act? The California Consumer Privacy Act (CCPA) exists to provide California residents with more control over their data and information on how it is being used. For businesses, this means policies must adapt so that customer data is readily…
New Orleans State of Emergency This past Friday, the city of New Orleans declared a state of emergency due to a cybersecurity attack. The declaration led to the complete shutdown of all city servers and computers, effectively impacting city services such as police, emergency medical…
Top 5 Transportation Risks Transportation risk management begins with analyzing your biggest risks, determine where they come from, and the likelihood they will occur. It’s absolutely critical to conduct regular comprehensive risk analyses to prepare for and protect your company interests. Many of these challenges…
Oil and Gas Industry The oil and gas industry is a volatile one, inundated by a number of risks and regulations which range from worker safety to environmental concern. It is designated as a capital-intensive industry due to the overwhelming amount of capital it needs…
Gap Analysis A gap analysis is a necessary component of risk management that is, at times, unclear to those in risk, security, and compliance positions. This leaves the question of, “What is a gap analysis?” Simply put, a gap analysis is a process of examining…
Top Five Risks in Financial Services Within the financial industry, we’re seeing a balance struggle to provide a smooth and automated experience to the customer while simultaneously maintaining a high level of security. Below are the top five risks we’ve identified in the financial sector…
Healthcare Compliance As a highly regulated, high-risk industry, healthcare organizations place the utmost concern on compliance. Healthcare compliance protects both patients and staff, and widely covers areas such as patient safety, data protection, and billing. As such, compliance programs are set in place to ensure…
We often evaluate our compliance to different security standards and use them as guidelines to make sure we are minimizing privacy risk in our organizations – this is common practice. If your organization is bound by regulations, this may be required. Despite this, we’ve observed…
The Grid Cyberattack New details have been released on a cyberattack on the U.S. electric grid. In this case, an unnamed utility in the western United States fell victim to an attack that exploited a vulnerability in their firewall. This attack caused repeated reboots, which…
Managing Personally Identifiable Information In a time where discussion of cyber attacks frequents the news, customers are starting to demand more attention to their personal data – and they should. When personal information is offered or required from customers, there is fair expectation that the…
Using Drones for Security and Risk Management Drones have become increasingly useful for companies looking to boost their security and risk management efforts. Their capabilities often allow security professionals to maintain a required level of security while reducing operational costs and risk. We’ll look at…
What is Risk Scoring? Risk scoring is the process of attaining a calculated score that tells you how severe a risk is, based off of several factors. Without a standard model for risk scoring, risk and security teams would continually struggle to communicate internally about…
Planning Security for Hurricanes Now that we’re well settled into the chaotic hurricane season of 2019, many organizations are wondering how to prepare. In the most recent example, Hurricane Barry caused major issues as it approached the U.S. and made landfall in Louisiana and continued…
The Emergence of Artificial Intelligence in Security Artificial intelligence (AI) being used for cybersecurity is a dream come true to most professionals in the security and risk management field. We’ve seen promises of robots and machines that can analyze data and mimic human learning since…
Top Five Risks Facing the Healthcare Industry The healthcare industry faces unprecedented risks and compounding regulatory compliance requirements. They’re particularly vulnerable due to their heavy involvement in patient personal information, time constraints, and nature of day-to-day operations. Below are what we consider to be the…
What Tesla Teaches Us About Supply Chain Issues An organization’s supply chain is vital to ensure that the necessary materials, services, and technologies are purchased from the right sources, at the appropriate time, and of expected quality. Responsible sourcing is becoming an important issue for…
Cybersecurity Training for Members of the House of Representatives In an attempt to improve government cybersecurity, new legislation was proposed that would require all House Members to participate in annual cybersecurity and information security training. This is already a requirement of House officers and employees,…
What’s Up With the WhatsApp Breach? The Facebook-owned chat app, WhatsApp, recently fell victim to an Israeli spy firm’s malware. The malware could be transmitted by placing a phone call, which proved effective even if the call was unanswered. The malicious code, which targeted both…
How to Protect Against Data Breaches in 2019 The list of companies suffering data breaches is surprising, especially when many are sizeable companies with plenty of data security resources. Within the past year alone, we’ve seen breaches at businesses such as Dunkin’, Quora, Marriott, Facebook,…
The Danger of Flash Drives When considering the many risks that face organizations today, most of us tend to unconsciously gloss over the threat of everyday items, such as a flash drive. Also referred to as thumb drives, data sticks, jump drives, or keychain drives,…
Reduce Cybersecurity Risks With Password Security Cybersecurity and knowing the related risks are essential to any company trying to succeed today. Many disregard cybersecurity and data breaches as problems for IT, but the impact of a breach is felt across your entire organization in disruptions…
Government Risk Management Government departments and agencies face an ever-increasing amount of pressure to improve transparency in their processes. As part of this, risk management becomes a key point of focus for the public eye. In the face of an emerging threat or crisis, the…
Gas Company Noncompliance Causes Ruptured Gas Line Two weeks ago, PUCO (Public Utilities Commission of Ohio) fined Columbia Gas $400,000 for failure to comply with set operating procedures in abandoning a service line and the resulting complications. Columbia Gas reportedly failed to document the existence…
The Need for Policy and Document Management Today we’re discussing a vital component of compliance: policy and document management. By now, we all know the importance of being compliant… but is that enough on its own? We could just as easily ask the old philosophical…
The it of IT Risk Management This week we’re discussing IT risk management, a topic that is never really complete and should always be part of the conversation at your place of business. At its most basic level, IT risk management is applying risk management…
The Value of Cobit Compliance With today’s prevalence of technology in the workplace, we can’t stress enough the importance of cybersecurity and keeping an effective cyber framework in place. As such, we often recommend COBIT compliance to anyone looking for best practices regarding IT systems…
An Overview of Physical Security Inspections A comprehensive physical security inspection is essential for protecting your business. A physical security inspection is a process of checking your asset against set criteria and the evaluation of all security systems and access controls. These help you to…
Risks During the Government Shutdown Today marks 21 days into the government shutdown, and we can’t help but worry about the state of safety and regulations. Nine out of fifteen federal departments are closed, as well as many different agencies. Recent stories of vandalism at…
Survey Management Tools When it comes to survey management tools, the anticipated functionality is to collect accurate feedback and usable business data. The tool should also be easy to use, for both the person building the survey and the person answering it. In terms of…
What is business continuity management? A vital component of any healthy organization, business continuity management is the process of developing systems of prevention and recovery in response to potential threats a company can face. For most organizations, these threats include IT related issues, an interruption…
IT Compliance Management IT compliance management can be difficult for many organizations that don’t understand the requirements of cyber data, especially when you have to consider standards such as SOX, NERC CIP, PCI DSS, GLBA, etc. Today, let’s discuss IT compliance management and its importance…
Top Risks in Third Party Management When you observe a business ecosystem, it’s important to note that it’s dynamic and constantly changing as it interacts with outside elements, such as a third party. These vary from distributors, vendors, suppliers, agencies, etcetera. If your business is…
Service Provider Risk and Compliance In our continuing effort to educate on the importance of risk assessment and compliance, this week we wanted to touch base on service provider risk and what you can do to help reduce it. We’ve had many customers unclear on…
Top 5 Risks in Manufacturing When risks aren’t managed correctly, we often see the negative results plastered on the news and across social media. Delays, breaches, and quality issues are all prevalent in the manufacturing industry today. The key to preventing these issues in your…
Performing Supplier Audits If you’re in business with a supplier, you’re going to want to make sure you perform regular audits as their business practices directly impact yours. Supplier audits are essential to document the relationship between different companies and verify a supplier’s compliance with…
Importance of Implementing IT Compliance With the vast majority of businesses going digital, IT compliance is now more prevalent than ever. With that said, we wanted to utilize this blog post as an opportunity to educate our readers on the hot topic of IT compliance….
The Dangers of the Oil and Gas Industry The oil and gas industry easily has a large impact on the mass populations of the world, as they supply many useful products, the main one being gasoline. Though this industry is a large and prosperous one,…
The Unnecessary Torture of Security Audits From financial services to healthcare, nearly every industry gets audited for security, and no one looks forward to it. Just the thought of getting audited can generate chaos, stress and headaches to those involved. But what if I told…
The downfall of Convenience The continuous advancement of technology is evergreen because of its advantages like easy access and instant gratification. From being able to shop for groceries from their living room, to having vehicles that drive themselves, consumers are loving the convenience that the…
Financial Service Risk Over the last several years, the financial services industry has been hurdled with scandals and loss. Said scandals have cost financial companies millions of dollars and left them with a not so good look. Financial service risks are getting out of hand,…
A supplier can be defined as a person or organization that provides a product or service to a vendor. Most all organizations use suppliers to provide goods and/or services to them. Though most do it, it must be done with caution, as there is a…
A vendor can be defined as a person or a company that offers some service or product for a fee. Many companies hire third-party vendors to help get jobs done in certain areas. Outsourcing comes with some benefits, such as expertise knowledge, without the hassle…
What is it? ISO 27001 is an international standard that provides a process for an Information Security Management System (ISMS). An ISMS is a framework containing policies and procedures for an organization to follow throughout its information risk management process. Following the process will ensure…
Risk consultants are so busy managing risk for other companies that they often don’t realize that they themselves also have risks to face, such as: missing deadlines, misplacing client documents, difficulty scheduling client interviews and more. But overall, the biggest risk here is performance. How…
We live in a society where risk is ever present and impossible to avoid, no matter what industry you are in. It is no secret that some industries tend to face higher risk than others, therefor they must take additional precautions. PCI-DSS, HIPAA, and NERC-CIP-01…
What is GDPR? A trending topic these days is the latest data regulation that businesses all around the world will soon follow—GDPR. For those of you who don’t already know what GDPR is, let’s start with the basics. GDPR stands for General Data Protection Regulation…
New Announcement Last month, we made an exciting announcement to our email subscribers. Now we want to expand more on that and share it with our blog subscribers too. RiskWatch is adopting a new delivery method for its software, and it’s called Software as a…
What is ISO 31000? ISO 31000 is a security analysis methodology, or risk management process, that is used in various risk programs across a range of different industries. It helps standardize the steps you take to evaluate and manage risk, leaving you with a formal…
What’s changed at RiskWatch this year? We’ve overhauled the entire application with a new, easy-to-use interface while simplifying and improving the process for performing assessments. Our new dashboard showcases and empowers you to perform comparative analytics using detailed graphics and reports. What are the results…
“Why You Should Stop Thinking about Risk When You Think about CIP-014’s R4” Often physical security professionals associate CIP-014’s R4 with the word risk. However, this interesting and informative webinar for physical security executives will include three surprising points: Why risk is inconsequential to CIP-014’s…
Have you ever been treated with a generic medicine or an over-the-counter (OTC) drug? Then chances are high that you have taken a medication made in India, China, or in other emerging drug markets. India is the second-largest exporter of OTC and generic medications to…
In wake of the April 2013 attack on PG&E’s Metcalf substation in San Jose, California, the Federal Energy Regulatory Commission (FERC) issued an order directing the North American Electric Reliability Corporation (NERC) to develop a physical security standard requiring transmission owners to identify risks posed…
The Securities and Exchange Commission (SEC) to require registered broker-dealers and registered investment advisers to conduct risk assessments to identify cybersecurity threats, vulnerabilities, and potential business consequences. Earlier this year on March 26, 2014, the U.S. Securities and Exchange Commission sponsored a Cybersecurity Roundtable. In…
The U.S. Food and Drug Administration (FDA) today proposed a rule to prevent food safety risks, that would require certain shippers, receivers, and carriers who transport food by motor or rail vehicles to take steps to prevent the contamination of human and animal food during…
USING SPREADSHEETS FOR RISK ASSESSMENTS – WHY IT IS SUCH A BAD IDEA? Spreadsheets are user-friendly, inexpensive, and easy to use, which are key attributes. However, they fall short in several key areas when using them to perform Risk Assessments and Security Audits. The temptation…
Nearly five years after the financial crisis made it more difficult for banks to approve small business loans, large lenders are loosening credit standards and allocating more capital to small business lending, according to research published today by Biz2Credit, which matches borrowers with lenders. The company…
Are you HIPAA compliant? Late last year, members of the U.S. Congress challenged The Director of Office of Civil Rights (OCR), Leon Rodriguez, to step up the enforcement of the Health Insurance Portability and Accountability Act (HIPAA). He intends to put its Fining Authority to…
If you are in any way connected with the world of third party risk assessments and compliance, then you would have encountered the terminology being used to describe the vast scope of an organization’s third party ecosystem. ‘Third Party Network’ and ‘Third Party Vendors’ are…
Secretary Ernest Moniz is generally regarded by all parties as one of the brightest minds on energy. With that in mind, he made some statements last week that shed some light on the current administration and their motivations. President Obama and the current administration have…
After a lengthy and bitter Senate dispute over the filibuster as it applies to nominees, Gina McCarthy was confirmed as the head of the EPA about three weeks ago. She is already on the offensive, pushing a positive message and denying that policies championed by…
Last Thursday, a bill sponsored by Representative Bill Cassidy (R-Louisiana) passed the Republican majority house 232-181, with almost no Democratic support. The bill would effectively stall new regulations proposed by the Environmental Protection Agency until a report was submitted detailing the costs, benefits and job…
RiskWatch 360 product line now serving compliance risk assessment needs for the healthcare, physical security, credit union, banking, PCI, information systems and energy industries Sarasota, FL, June 18th, 2013 – RiskWatch International, LLC., today announced the expansion of its flagship Risk Assessment Software Solution: RiskWatch…
Republished from (https://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/shasta-agreement-press-release.html) FOR IMMEDIATE RELEASE HHS Press Office Thursday, June 13, 2013 (202) 690-6343(202) 690-6343 News Release Shasta Regional Medical Center (SRMC) has agreed to a comprehensive corrective action plan to settle a U.S. Department of Health and Human Services (HHS) investigation concerning potential…
New regulations and threats to businesses, combined with new user habits have led to more tailored SaaS solutions from the 20-Year risk assessment solutions provider. Sarasota, FL, June 6th, 2013 – RiskWatch International, LLC., today announced the addition of 4 new product lines to their…
This Post is a direct quote from the U.S. Department of Health & Human Services’ official website found at the following URL: https://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/isu-agreement-press-release.html.html “Idaho State University Settles HIPAA Security Case for $400,000 FOR IMMEDIATE RELEASE HHS Press Office Tuesday, May 21, 2013 (202) 690-6343(202) 690-6343…
A Physical Security Threat Assessment Solution
Developed BY Security Professionals FOR Security Professionals
Classified Order Aims to Use Military to Protect Key IT Networks President Obama signed a classified presidential directive last month that enables the military to act more aggressively to frustrate cyberattacks on government and private computer networks. The White House confirmed the issuance of Presidential…
The positions “Risk Analysis,” at front-and-center in the first section of HIPAA – the Administrative Safeguards. Yet, it is rare to find that a formal IT Risk Assessment has been completed, and rarer still to find that the IT Risk Assessment addresses what the regulators…
In response to the recent release of a study sponsored in part by Johns Hopkins entitled “Hospital-Based Shootings in the United States: 2000-2011,” the International Association for Healthcare Security & Safety [IAHSS] believes there is some valuable information that was garnered from the evaluation of…
Nearly four out of five high-risk hospitals nationwide have failed to implement safeguards to secure radiological material that could be used in a “dirty bomb,” according to a draft report by congressional investigators. Eleven years after the Sept. 11, 2001, attacks focused attention on the…
Woman arrested at Le Bonheur hospital, accused of making threats A woman was arrested at Le Bonheur Children’s Hospital on Monday after allegedly claiming to have a gun and threatening to kill security officers. Police responded to the hospital shortly after 3 p.m., when security…
Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. (MEEI) has agreed to pay the U.S. Department of Health and Human Services (HHS) $1.5 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule….
HIPAA Investigation Leads to Sanctions For the second time in three months, federal authorities have issued a hefty financial penalty stemming from a HIPAA compliance investigation after a relatively small breach. The Department of Health and Human Services’ Office for Civil Rights has entered a…
Alaska’s Health and Social Services CSO Offers Lessons Learned Thor Ryan, chief security officer at the Alaska Department of Health and Social Services, offers lessons learned as a result of his organization’s $1.7 million settlement following a HIPAA compliance investigation triggered by a small breach…
Smaller Institutions Could Benefit from Regulators’ Help Last year, federal regulators issued FFIEC authentication guidance for online transactions. But, unfortunately, regulators apparently don’t plan to issue additional guidance on the security issues involved in mobile banking and cloud computing. Larger institutions don’t really need guidance…
Plank: Going Forward, President to Update Cyberdefenses The plank of the Democratic Party platform on cybersecurity suggests that President Obama will take unilateral action to safeguard the nation’s critical IT infrastructure because of Congress’ inability to enact comprehensive cybersecurity legislation. In the Democratic Party’s platform,…
Hospital, Attorney General, at Odds Over Records Access A criminal and public health investigation in New Hampshire involving a former hospital worker who allegedly infected dozens of patients with Hepatitis C is turning into a patient a privacy debate. New Hampshire’ attorney general next week…
What are the Key Steps to Controlling Skimming? Card fraud linked to pay-at-the-pump gas terminals is growing, and that trend will continue until more fraudster convictions are publicized, some security experts say. While they’re pleased that another skimming fraudster was sentenced last week, they say…
Federal Privacy Officer Offers Insights What’s the best way to prepare to comply with HITECH Stage 2 privacy and security requirements? Federal privacy officer Joy Pritts advises healthcare organizations to start by conducting a thorough risk assessment. A risk assessment helps hospitals and physicians “identify…
Experts Sort Through Privacy, Security Provisions Some privacy and security experts that have dug into the 1,446 pages of final rules for Stage 2 of the HITECH electronic health record incentive program say they are mostly pleased with provisions included to protect patient data (see:…
First Time Authorities Seize Domain Names Involving Mobile Apps U.S. federal authorities say they’ve seized three website domain names that distributed illegal copies of copyrighted Android cell phone applications, the first time website domains involving cell phone app marketplaces have been confiscated. Visitors to the…
As the Gulf Coast braces for Tropical storm Isaac, it’s forecast that thousands could lose power. Is your data secured? If not, consider calling Riskwatch International and let us show you how you can always be secure during any emergency. What about a flood? An…
Hospital Staffer Targeted Accident Victims’ Records, FBI Says A former staff member at Florida Hospital Celebration was arrested last week for allegedly inappropriately accessing more than 760,000 electronic health records with the intent to disclose, transfer or sell certain information for personal gain. Dale Munroe,…
FBI Warning Reiterates Citadel Malware Threats Banking institutions need to take action to thwart the latest generation of targeted ransomware and malware attacks that hijack computer operating systems and launch keyloggers to steal online banking credentials and other financial information. The attacks, fueled by the…
With the Senate failing to advance the Cybersecurity Act of 2012 (S.3414) to a full vote earlier this month, we must take this opportunity to engage in an honest dialogue about the risks that exist to our nation’s critical and cyber infrastructure. In order to…
Michaels craft stores. TRICARE. Global Payments Inc. These are among the most recent and prominent examples of third-party data breaches that adversely impacted financial institutions, healthcare providers and other affiliated entities. How prepared is your organization to respond to a third-party breach – not just…
The Office of the National Coordinator for Health IT is studying use of mobile devices in small healthcare environments. The goal: new mobile security guidance that will be released in 2013. The Office of the National Coordinator for Health IT next spring will release a…
Expert: Nation States, Crime Rings Pose Increasing Threat Banks and the U.S. payments infrastructure are prime targets for international cyberattacks. And it’s not just money hackers are after, says Bill Wansley of Booz Allen Hamilton. What else is at risk? Wansley, a financial fraud and…
Having completed an initial 20 HIPAA privacy and security compliance audits since last fall, and with 95 additional audits in the pipeline, OCR has just released its HIPAA privacy and security audit protocol, together with information about the audit pilot program. As always, information like…
A man whose jet ski failed him in New York’s Jamaica Bay swam to John F. Kennedy airport, where he was easily able to penetrate the airport $100 million, state-of-the art security system. Daniel Casillo, 31, was able to swim up to and enter the…
Penalty Resulted from Deceptive Cookie Practices Search engine giant Google Inc. will pay $22.5 million to settle Federal Trade Commission charges that it misrepresented its privacy promises to users of the Apple Safari web browser. The fine is the largest civil penalty the FTC has…
The National Institute of Standards and Technology has issued a revision of its guidance to help organizations establish programs to manage computer security incidents. NIST, in Special Publication 800-61 Revision 2: Computer Security Incident Handling Guide, spells out what incident-response capabilities are necessary to rapidly…
Cyber Benefits from Shift to Enterprise Risk Management Flipping through the 150-page 2012 RIMS Benchmark Survey, in preparation for an interview on the study’s findings (see Social Media Risks: Weigh Pros, Cons), I noticed lots of figures on payouts for auto, aviation, fiduciary, marine, malpractice,…
Public-Private Partnership Focuses On Prevention The Obama administration has launched a new public-private collaborative effort to help prevent healthcare insurance fraud. The voluntary group includes healthcare organizations and associations, health insurers, federal and state agencies, and anti-fraud groups that together aim to combat healthcare fraud…
The FBI is treating a mass shooting on Sunday at a Milwaukee-area Sikh Temple as a possible act of domestic terrorism, officials announced in a press conference Monday. Wade Michael Page, a 40-year-old Army veteran and suspected white supremacist, is believed to be the gunman…
NIST Revising Guide on Detection, Prevention Software Intrusion detection and prevention software has become a necessary addition to the information security infrastructure of many organizations, so the National Institute of Standards and Technology is updating its guidance to help organizations to employ the appropriate programs….
Hepatitis C Scandal Exposes Costly Hiring Flaws How could this happen? I received word last week that I’m one of 6,000 individuals who should be tested for hepatitis C amidst the healthcare scandal unraveling in Exeter, N.H. It’s frightening how little most organizations know, or…
List Grows to 464 Incidents Since September 2009 A total of 464 major U.S. health information breaches have affected 20.8 million individuals since September 2009, according to the latest federal tally, which was recently updated with 29 new incidents. The 29 breaches affecting 740,000 individuals…
Slew of Amendments Expected as Senators Begin Debate The Cybersecurity Act of 2012 will finally come up for debate on the Senate floor on July 30, and a number of senators say they’ll introduce amendments to tweak the bill to their liking. On July 26,…
A report from Accenture, “The Changing Face of Risk Management,” talks about how risk management within financial services firms (with a focus on insurance) is changing — and in my opinion, in a very positive way. Will other industries follow this lead? Key Quotes:…
The obvious question after a horrible tragedy such as the one in Aurora, Colorado, is what can we do to prevent such a tragedy in the future? The answer to that question isn’t simple and is usually peppered with political points or incorrect information. We may never…
Introduction Over the past decade, several methods of viewing have come into use – ActiveX, Java applets, client-server, thin client etc. But recently the buzz has been about zero footprint viewing. What does zero footprint viewing mean, and how different is it from other viewing…
By Marisa Peacock (@marisacp51) Jul 18, 2012 Recently, Symantec revealed what they learned from those in attendance during Microsoft’s TechEd conference in June. This week Proofpoint released its findings from the same conference about trends in email and information security, and the results are…
LONDON (AP) — Yahoo Inc. said Thursday it is investigating reports of a security breach that may have exposed nearly half a million users’ email addresses and passwords. The company said it was looking into “claims of a compromise of Yahoo! user IDs” but did…
NSA Chief: Cybercrime constitutes the “greatest transfer of wealth in history” The loss of industrial information and intellectual property through cyber espionage constitutes the “greatest transfer of wealth in history,” the nation’s top cyber warrior Gen. Keith Alexander said Monday. U.S. companies lose about $250…
As more small-business employees share larger files, the security risk is growing, according to a Symantec survey. By: Nathan Eddy As the prevalence of online sharing grows, small and midsize businesses are increasingly at risk due to employees adopting unmanaged, personal-use online file-sharing solutions without…
The damage and destruction from the path of a tornado is incredible – and only matched by the sad stories of the survivors, if they are lucky enough to survive. If there’s one thing that social media has improved – it is the ability of…
Fortune 100 Risk Assessment Fortune 500 Company Conducts Ground-breaking Risk Assessment Across the Organization. One of the Fortune 500, a global electronics manufacturer with over 120,000 employees needed to quickly develop a global view of how their Information Security standards were implemented across the entire…
Operation Safe Commerce Operation Safe Commerce Analysis Arrives in Port. The Department of Homeland Security and the Bush Administration funded a $28 million dollar grant to over fifteen companies to try innovative security solutions and allow TSA to analyze their supply chains into the U.S….
Thailand Case Study Study #11 Retail Store Bombing in Asia A large international retail chain has been the victim of a bomb where a security guard was killed. The store chain wants to make sure that all the stores are protected against future violence. How…
The True Value of the Hospital Security Program By Caroline Ramsey-Hamilton Overview Violence in hospitals and against healthcare staff has been steadily increasing since 2004. A recent article in the Journal of the American Medical Association (JAMA), cited the National Institute for Occupational Safety and…
The Future of Security The Integration of Information Security, Integrated Systems Security and Physical Security By Caroline Ramsey-Hamilton This article was originally published as the cover story for Security Technology & Design Magazine, April 2004. The single most important trend in security in the next…
The Criticality of Security in Florida Hospitals By Caroline Ramsey-Hamilton Overview Violence in hospitals and against healthcare staff has been steadily increasing since 2004. A recent article in the Journal of the American Medical Association (JAMA), cited the National Institute for Occupational Safety and Health,…
Journal of Healthcare Protection Management International Association of Hospital Security and Safety (IAHSS). By James Sawyer and Caroline Ramsey-Hamilton Background Every IAHSS reader knows that violence in hospitals is increasing at an increasing rate. The Joint Commission has issued Sentinel Alerts, the Journal of the…
The American Association of Workplace Violence Prevention (www.aawvp.org) has designated April 2012 as official Workplace Violence Awareness Month! You can celebrate in your office by suggesting ways to reduce workplace violence in your own environment. At AAWVP, they stress that workplace violence also happens to…
Companies often don’t think about preventing workplace violence until there is an incident that affects them, or a company similar to them, or geographically close. As soon as something happens close to home, they want to get serious and do something about it right away….
Suicidal Man Triggers an Evacuation in Denton, Texas. The emergency department at Texas Health Presbyterian Hospital was evacuated after an armed man threatened to shoot himself in the hospital’s parking lot, as reported in a newspaper article. The man had sent suicidal messages to his…
Security measures in place are being questioned in Kissimmee, Florida at Osceola Regional Medical Center after clerk passes as a physicians assistant! Hospital security procedures, including staff screening practices at Osceola Regional Medical Center, are getting a second look after a 17-year-old passed himself off…
Whether it is Spring tornados or spring-summer thunderstorms and hurricanes. We officially enter the season of severe weather across the U.S. A major focus at the beginning of each severe weather season, take a few minute to get ready and make sure you are prepared,…
The damage and destruction from the path of a tornado is incredible – and only matched by the sad stories of the survivors, if they are lucky enough to survive. If there’s one thing that social media has improved – it is the ability of…
Security programs can be dramatically improved by using a metrics-based assessment to focus them on the areas of greatest threat, and to use metrics as a management tool to keep the security program targeted on the areas that need the most attention. Using a data-driven…
I just finished reading a new book called HALT THE VIOLENCE, written and edited by Patricia Biles and her Alliance Against Workplace Violence group. Here are some of my thoughts on it, if your organization has been evaluating workplace violence issues: Here’s my review and…
As a risk assessment professional, when I get into a risk discussion, most security people want to talk about THREAT! Threat is the most sexy and exciting part of doing a risk assessment. Threats are exciting all by themselves. Think about all the threats you…
Why Violence in Hospitals is Increasing Violence is not a concept that people usually associate with hospitals. For years, hospitals have been seen as almost a sanctuary of care for the sick and wounded in our society. However, the perception of hospitals has been changing…
This New Year’s Eve, I thought at times my neighbors were using a rocket launcher and several assault rifles to shoot up the New Year. Lucky for me, I spent the awake time to contemplate the outlook for risk, threat and security issues for 2012…
Workplace Violent Incidents have been on the rise in several specific organizations, including hospitals, home health organizations, social workers who do in home visit, and also late-night retail stores. On September 8, 2011, OSHA suddenly released their internal Directive on what their OSHA investigators look…
People tell me all the time that their management doesn’t want them to do a risk analysis, even if it’s a requirement. Sometime they say that they have no budget to fix anything – so why bother? Even if it’s a requirement, like new workplace…
On September 8, OSHA issued a new directive about enforcement activity on workplace violence issues. This directive (CPL 02-01-052) takes effective on Sept. 8, 2011 and is called Enforcement Procedures for Investigating or Inspecting Workplace Violence Incidents. It details new procedures for the OSHA inspectors,…