Riskwatch Blog

The it of IT Risk Management This week we’re discussing IT risk management, a topic that is never really complete and should always be part of the conversation at your place of business. At its most basic level, IT risk management is applying risk management…

The Value of Cobit Compliance With today’s prevalence of technology in the workplace, we can’t stress enough the importance of cybersecurity and keeping an effective cyber framework in place. As such, we often recommend COBIT compliance to anyone looking for best practices regarding IT systems…

An Overview of Physical Security Inspections A comprehensive physical security inspection is essential for protecting your business. A physical security inspection is a process of checking your asset against set criteria and the evaluation of all security systems and access controls. These help you to…

Risks During the Government Shutdown Today marks 21 days into the government shutdown, and we can’t help but worry about the state of safety and regulations. Nine out of fifteen federal departments are closed, as well as many different agencies. Recent stories of vandalism at…

Survey Management Tools When it comes to survey management tools, the anticipated functionality is to collect accurate feedback and usable business data. The tool should also be easy to use, for both the person building the survey and the person answering it. In terms of…

Top Risks in Third Party Management When you observe a business ecosystem, it’s important to note that it’s dynamic and constantly changing as it interacts with outside elements, such as a third party. These vary from distributors, vendors, suppliers, agencies, etcetera. If your business is…

What is business continuity management? A vital component of any healthy organization, business continuity management is the process of developing systems of prevention and recovery in response to potential threats a company can face. For most organizations, these threats include IT related issues, an interruption…

IT Compliance Management IT compliance management can be difficult for many organizations that don’t understand the requirements of cyber data, especially when you have to consider standards such as SOX, NERC CIP, PCI DSS, GLBA, etc. Today, let’s discuss IT compliance management and its importance…

Top Risks in Third Party Management When you observe a business ecosystem, it’s important to note that it’s dynamic and constantly changing as it interacts with outside elements, such as a third party. These vary from distributors, vendors, suppliers, agencies, etcetera. If your business is…

Service Provider Risk and Compliance In our continuing effort to educate on the importance of risk assessment and compliance, this week we wanted to touch base on service provider risk and what you can do to help reduce it. We’ve had many customers unclear on…

Top 5 Risks in Manufacturing When risks aren’t managed correctly, we often see the negative results plastered on the news and across social media. Delays, breaches, and quality issues are all prevalent in the manufacturing industry today. The key to preventing these issues in your…

Performing Supplier Audits If you’re in business with a supplier, you’re going to want to make sure you perform regular audits as their business practices directly impact yours. Supplier audits are essential to document the relationship between different companies and verify a supplier’s compliance with…

Importance of Implementing IT Compliance With the vast majority of businesses going digital, IT compliance is now more prevalent than ever. With that said, we wanted to utilize this blog post as an opportunity to educate our readers on the hot topic of IT compliance….

The Dangers of the Oil and Gas Industry The oil and gas industry easily has a large impact on the mass populations of the world, as they supply many useful products, the main one being gasoline. Though this industry is a large and prosperous one,…

The Unnecessary Torture of Security Audits From financial services to healthcare, nearly every industry gets audited for security, and no one looks forward to it. Just the thought of getting audited can generate chaos, stress and headaches to those involved. But what if I told…

The downfall of Convenience The continuous advancement of technology is evergreen because of its advantages like easy access and instant gratification. From being able to shop for groceries from their living room, to having vehicles that drive themselves, consumers are loving the convenience that the…

Financial Service Risk Over the last several years, the financial services industry has been hurdled with scandals and loss. Said scandals have cost financial companies millions of dollars and left them with a not so good look. Financial service risks are getting out of hand,…

A supplier can be defined as a person or organization that provides a product or service to a vendor. Most all organizations use suppliers to provide goods and/or services to them. Though most do it, it must be done with caution, as there is a…

A vendor can be defined as a person or a company that offers some service or product for a fee. Many companies hire third-party vendors to help get jobs done in certain areas. Outsourcing comes with some benefits, such as expertise knowledge, without the hassle…

What is it? ISO 27001 is an international standard that provides a process for an Information Security Management System (ISMS). An ISMS is a framework containing policies and procedures for an organization to follow throughout its information risk management process. Following the process will ensure…

Risk consultants are so busy managing risk for other companies that they often don’t realize that they themselves also have risks to face, such as: missing deadlines, misplacing client documents, difficulty scheduling client interviews and more. But overall, the biggest risk here is performance. How…

We live in a society where risk is ever present and impossible to avoid, no matter what industry you are in. It is no secret that some industries tend to face higher risk than others, therefor they must take additional precautions. PCI-DSS, HIPAA, and NERC-CIP-01…

What is GDPR? A trending topic these days is the latest data regulation that businesses all around the world will soon follow—GDPR. For those of you who don’t already know what GDPR is, let’s start with the basics. GDPR stands for General Data Protection Regulation…

New Announcement Last month, we made an exciting announcement to our email subscribers. Now we want to expand more on that and share it with our blog subscribers too. RiskWatch is adopting a new delivery method for its software, and it’s called Software as a…

What is ISO 31000? ISO 31000 is a security analysis methodology, or risk management process, that is used in various risk programs across a range of different industries. It helps standardize the steps you take to evaluate and manage risk, leaving you with a formal…

What’s changed at RiskWatch this year? We’ve overhauled the entire application with a new, easy-to-use interface while simplifying and improving the process for performing assessments. Our new dashboard showcases and empowers you to perform comparative analytics using detailed graphics and reports. What are the results…

“Why You Should Stop Thinking about Risk When You Think about CIP-014’s R4” Often physical security professionals associate CIP-014’s R4 with the word risk. However, this interesting and informative webinar for physical security executives will include three surprising points: Why risk is inconsequential to CIP-014’s…

Have you ever been treated with a generic medicine or an over-the-counter (OTC) drug? Then chances are high that you have taken a medication made in India, China, or in other emerging drug markets. India is the second-largest exporter of OTC and generic medications to…

In wake of the April 2013 attack on PG&E’s Metcalf substation in San Jose, California, the Federal Energy Regulatory Commission (FERC) issued an order directing the North American Electric Reliability Corporation (NERC) to develop a physical security standard requiring transmission owners to identify risks posed…

The Securities and Exchange Commission (SEC) to require registered broker-dealers and registered investment advisers to conduct risk assessments to identify cybersecurity threats, vulnerabilities, and potential business consequences. Earlier this year on March 26, 2014, the U.S. Securities and Exchange Commission sponsored a Cybersecurity Roundtable. In…

The U.S. Food and Drug Administration (FDA) today proposed a rule to prevent food safety risks, that would require certain shippers, receivers, and carriers who transport food by motor or rail vehicles to take steps to prevent the contamination of human and animal food during…

USING SPREADSHEETS FOR RISK ASSESSMENTS – WHY IT IS SUCH A BAD IDEA? Spreadsheets are user-friendly, inexpensive, and easy to use, which are key attributes. However, they fall short in several key areas when using them to perform Risk Assessments and Security Audits. The temptation…

Nearly five years after the financial crisis made it more difficult for banks to approve small business loans, large lenders are loosening credit standards and allocating more capital to small business lending, according to research published today by Biz2Credit, which matches borrowers with lenders. The company…

Are you HIPAA compliant? Late last year, members of the U.S. Congress challenged The Director of Office of Civil Rights (OCR), Leon Rodriguez, to step up the enforcement of the Health Insurance Portability and Accountability Act (HIPAA). He intends to put its Fining Authority to…

If you are in any way connected with the world of third party risk assessments and compliance, then you would have encountered the terminology being used to describe the vast scope of an organization’s third party ecosystem.  ‘Third Party Network’ and ‘Third Party Vendors’ are…

Secretary Ernest Moniz is generally regarded by all parties as one of the brightest minds on energy. With that in mind, he made some statements last week that shed some light on the current administration and their motivations. President Obama and the current administration have…

After a lengthy and bitter Senate dispute over the filibuster as it applies to nominees, Gina McCarthy was confirmed as the head of the EPA about three weeks ago. She is already on the offensive, pushing a positive message and denying that policies championed by…

Last Thursday, a bill sponsored by Representative Bill Cassidy (R-Louisiana) passed the Republican majority house 232-181, with almost no Democratic support. The bill would effectively stall new regulations proposed by the Environmental Protection Agency until a report was submitted detailing the costs, benefits and job…

RiskWatch 360 product line now serving compliance risk assessment needs for the healthcare, physical security, credit union, banking, PCI, information systems and energy industries Sarasota, FL, June 18th, 2013 – RiskWatch International, LLC., today announced the expansion of its flagship Risk Assessment Software Solution: RiskWatch…

Republished from (https://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/shasta-agreement-press-release.html) FOR IMMEDIATE RELEASE HHS Press Office Thursday, June 13, 2013 (202) 690-6343(202) 690-6343 News Release Shasta Regional Medical Center (SRMC) has agreed to a comprehensive corrective action plan to settle a U.S. Department of Health and Human Services (HHS) investigation concerning potential…

New regulations and threats to businesses, combined with new user habits have led to more tailored SaaS solutions from the 20-Year risk assessment solutions provider. Sarasota, FL, June 6th, 2013 – RiskWatch International, LLC., today announced the addition of 4 new product lines to their…

This Post is a direct quote from the U.S. Department of Health & Human Services’ official website found at the following URL: https://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/isu-agreement-press-release.html.html “Idaho State University Settles HIPAA Security Case for $400,000 FOR IMMEDIATE RELEASE HHS Press Office Tuesday, May 21, 2013 (202) 690-6343(202) 690-6343…


A Physical Security Threat Assessment Solution

Developed BY Security Professionals FOR Security Professionals

Read More…


A Compliance Assessment Solution

Assesses HIPAA, Hospital Security, IT/IS, Banking, and Credit Union Regulatory Compliance

Read More…

Classified Order Aims to Use Military to Protect Key IT Networks President Obama signed a classified presidential directive last month that enables the military to act more aggressively to frustrate cyberattacks on government and private computer networks. The White House confirmed the issuance of Presidential…

The positions “Risk Analysis,”  at  front-and-center in the first section of HIPAA – the Administrative Safeguards.  Yet,  it is rare to find that a formal IT Risk Assessment has been completed, and rarer still to find that the IT Risk Assessment addresses what the regulators…

In response to the recent release of a study sponsored in part by Johns Hopkins entitled “Hospital-Based Shootings in the United States: 2000-2011,” the International Association for Healthcare Security & Safety [IAHSS] believes there is some valuable information that was garnered from the evaluation of…

Nearly four out of five high-risk hospitals nationwide have failed to implement safeguards to secure radiological material that could be used in a “dirty bomb,” according to a draft report by congressional investigators. Eleven years after the Sept. 11, 2001, attacks focused attention on the…

Woman arrested at Le Bonheur hospital, accused of making threats A woman was arrested at Le Bonheur Children’s Hospital on Monday after allegedly claiming to have a gun and threatening to kill security officers. Police responded to the hospital shortly after 3 p.m., when security…

Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. (MEEI) has agreed to pay the U.S. Department of Health and Human Services (HHS) $1.5 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule….

HIPAA Investigation Leads to Sanctions For the second time in three months, federal authorities have issued a hefty financial penalty stemming from a HIPAA compliance investigation after a relatively small breach. The Department of Health and Human Services’ Office for Civil Rights has entered a…

Alaska’s Health and Social Services CSO Offers Lessons Learned Thor Ryan, chief security officer at the Alaska Department of Health and Social Services, offers lessons learned as a result of his organization’s $1.7 million settlement following a HIPAA compliance investigation triggered by a small breach…

Smaller Institutions Could Benefit from Regulators’ Help Last year, federal regulators issued FFIEC authentication guidance for online transactions. But, unfortunately, regulators apparently don’t plan to issue additional guidance on the security issues involved in mobile banking and cloud computing. Larger institutions don’t really need guidance…

Plank: Going Forward, President to Update Cyberdefenses The plank of the Democratic Party platform on cybersecurity suggests that President Obama will take unilateral action to safeguard the nation’s critical IT infrastructure because of Congress’ inability to enact comprehensive cybersecurity legislation. In the Democratic Party’s platform,…

Hospital, Attorney General, at Odds Over Records Access A criminal and public health investigation in New Hampshire involving a former hospital worker who allegedly infected dozens of patients with Hepatitis C is turning into a patient a privacy debate. New Hampshire’ attorney general next week…

What are the Key Steps to Controlling Skimming? Card fraud linked to pay-at-the-pump gas terminals is growing, and that trend will continue until more fraudster convictions are publicized, some security experts say. While they’re pleased that another skimming fraudster was sentenced last week, they say…

Federal Privacy Officer Offers Insights What’s the best way to prepare to comply with HITECH Stage 2 privacy and security requirements? Federal privacy officer Joy Pritts advises healthcare organizations to start by conducting a thorough risk assessment. A risk assessment helps hospitals and physicians “identify…

Experts Sort Through Privacy, Security Provisions Some privacy and security experts that have dug into the 1,446 pages of final rules for Stage 2 of the HITECH electronic health record incentive program say they are mostly pleased with provisions included to protect patient data (see:…

First Time Authorities Seize Domain Names Involving Mobile Apps U.S. federal authorities say they’ve seized three website domain names that distributed illegal copies of copyrighted Android cell phone applications, the first time website domains involving cell phone app marketplaces have been confiscated. Visitors to the…

As the Gulf Coast braces for Tropical storm Isaac,  it’s forecast that thousands could lose power. Is your data secured? If not, consider calling Riskwatch International and let us show you how you can always be secure during any emergency. What about a flood? An…

Hospital Staffer Targeted Accident Victims’ Records, FBI Says A former staff member at Florida Hospital Celebration was arrested last week for allegedly inappropriately accessing more than 760,000 electronic health records with the intent to disclose, transfer or sell certain information for personal gain. Dale Munroe,…

FBI Warning Reiterates Citadel Malware Threats Banking institutions need to take action to thwart the latest generation of targeted ransomware and malware attacks that hijack computer operating systems and launch keyloggers to steal online banking credentials and other financial information. The attacks, fueled by the…

With the Senate failing to advance the Cybersecurity Act of 2012 (S.3414) to a full vote earlier this month, we must take this opportunity to engage in an honest dialogue about the risks that exist to our nation’s critical and cyber infrastructure. In order to…

Michaels craft stores. TRICARE. Global Payments Inc. These are among the most recent and prominent examples of third-party data breaches that adversely impacted financial institutions, healthcare providers and other affiliated entities. How prepared is your organization to respond to a third-party breach – not just…

The Office of the National Coordinator for Health IT is studying use of mobile devices in small healthcare environments. The goal: new mobile security guidance that will be released in 2013. The Office of the National Coordinator for Health IT next spring will release a…

Expert: Nation States, Crime Rings Pose Increasing Threat Banks and the U.S. payments infrastructure are prime targets for international cyberattacks. And it’s not just money hackers are after, says Bill Wansley of Booz Allen Hamilton. What else is at risk? Wansley, a financial fraud and…

Having completed an initial 20 HIPAA privacy and security compliance audits since last fall, and with 95 additional audits in the pipeline, OCR has just released its HIPAA privacy and security audit protocol, together with information about the audit pilot program.  As always, information like…

A man whose jet ski failed him in New York’s Jamaica Bay swam to John F. Kennedy airport, where he was easily able to penetrate the airport $100 million, state-of-the art security system. Daniel Casillo, 31, was able to swim up to and enter the…

Penalty Resulted from Deceptive Cookie Practices Search engine giant Google Inc. will pay $22.5 million to settle Federal Trade Commission charges that it misrepresented its privacy promises to users of the Apple Safari web browser. The fine is the largest civil penalty the FTC has…

The National Institute of Standards and Technology has issued a revision of its guidance to help organizations establish programs to manage computer security incidents. NIST, in Special Publication 800-61 Revision 2: Computer Security Incident Handling Guide, spells out what incident-response capabilities are necessary to rapidly…

Cyber Benefits from Shift to Enterprise Risk Management Flipping through the 150-page 2012 RIMS Benchmark Survey, in preparation for an interview on the study’s findings (see Social Media Risks: Weigh Pros, Cons), I noticed lots of figures on payouts for auto, aviation, fiduciary, marine, malpractice,…

Public-Private Partnership Focuses On Prevention The Obama administration has launched a new public-private collaborative effort to help prevent healthcare insurance fraud. The voluntary group includes healthcare organizations and associations, health insurers, federal and state agencies, and anti-fraud groups that together aim to combat healthcare fraud…

The FBI is treating a mass shooting on Sunday at a Milwaukee-area Sikh Temple as a possible act of domestic terrorism, officials announced in a press conference Monday. Wade Michael Page, a 40-year-old Army veteran and suspected white supremacist, is believed to be the gunman…

NIST Revising Guide on Detection, Prevention Software Intrusion detection and prevention software has become a necessary addition to the information security infrastructure of many organizations, so the National Institute of Standards and Technology is updating its guidance to help organizations to employ the appropriate programs….

Hepatitis C Scandal Exposes Costly Hiring Flaws How could this happen? I received word last week that I’m one of 6,000 individuals who should be tested for hepatitis C amidst the healthcare scandal unraveling in Exeter, N.H. It’s frightening how little most organizations know, or…

 List Grows to 464 Incidents Since September 2009 A total of 464 major U.S. health information breaches have affected 20.8 million individuals since September 2009, according to the latest federal tally, which was recently updated with 29 new incidents. The 29 breaches affecting 740,000 individuals…

Slew of Amendments Expected as Senators Begin Debate The Cybersecurity Act of 2012 will finally come up for debate on the Senate floor on July 30, and a number of senators say they’ll introduce amendments to tweak the bill to their liking. On July 26,…

A report from Accenture, “The Changing Face of Risk Management,” talks about how risk management within financial services firms (with a focus on insurance) is changing — and in my opinion, in a very positive way. Will other industries follow this lead?   Key Quotes:…

The obvious question after a horrible tragedy such as the one in Aurora, Colorado, is what can we do to prevent such a tragedy in the future? The answer to that question isn’t simple and is usually peppered with political points or incorrect information. We may never…

Introduction Over the past decade, several methods of viewing have come into use – ActiveX, Java applets, client-server, thin client etc. But recently the buzz has been about zero footprint viewing. What does zero footprint viewing mean, and how different is it from other viewing…

By Marisa Peacock (@marisacp51)   Jul 18, 2012 Recently, Symantec revealed what they learned from those in attendance during Microsoft’s TechEd conference in June. This week Proofpoint released its findings from the same conference about trends in email and information security, and the results are…

LONDON (AP) — Yahoo Inc. said Thursday it is investigating reports of a security breach that may have exposed nearly half a million users’ email addresses and passwords. The company said it was looking into “claims of a compromise of Yahoo! user IDs” but did…

NSA Chief: Cybercrime constitutes the “greatest transfer of wealth in history”  The loss of industrial information and intellectual property through cyber espionage constitutes the “greatest transfer of wealth in history,” the nation’s top cyber warrior Gen. Keith Alexander said Monday. U.S. companies lose about $250…

As more small-business employees share larger files, the security risk is growing, according to a Symantec survey. By: Nathan Eddy As the prevalence of online sharing grows, small and midsize businesses are increasingly at risk due to employees adopting unmanaged, personal-use online file-sharing solutions without…

The damage and destruction from the path of a tornado is incredible – and only matched by the sad stories of the survivors, if they are lucky enough to survive. If there’s one thing that social media has improved – it is the ability of…

Fortune 100 Risk Assessment Fortune 500 Company Conducts Ground-breaking Risk Assessment Across the Organization. One of the Fortune 500, a global electronics manufacturer with over 120,000 employees needed to quickly develop a global view of how their Information Security standards were implemented across the entire…

Operation Safe Commerce Operation Safe Commerce Analysis Arrives in Port. The Department of Homeland Security and the Bush Administration funded a $28 million dollar grant to over fifteen companies to try innovative security solutions and allow TSA to analyze their supply chains into the U.S….

Thailand Case Study Study #11 Retail Store Bombing in Asia A large international retail chain has been the victim of a bomb where a security guard was killed. The store chain wants to make sure that all the stores are protected against future violence. How…

The True Value of the Hospital Security Program By Caroline Ramsey-Hamilton Overview Violence in hospitals and against healthcare staff has been steadily increasing since 2004. A recent article in the Journal of the American Medical Association (JAMA), cited the National Institute for Occupational Safety and…

The Future of Security The Integration of Information Security, Integrated Systems Security and Physical Security By Caroline Ramsey-Hamilton This article was originally published as the cover story for Security Technology & Design Magazine, April 2004. The single most important trend in security in the next…

The Criticality of Security in Florida Hospitals By Caroline Ramsey-Hamilton Overview Violence in hospitals and against healthcare staff has been steadily increasing since 2004. A recent article in the Journal of the American Medical Association (JAMA), cited the National Institute for Occupational Safety and Health,…

Journal of Healthcare Protection Management International Association of Hospital Security and Safety (IAHSS). By James Sawyer and Caroline Ramsey-Hamilton Background Every IAHSS reader knows that violence in hospitals is increasing at an increasing rate. The Joint Commission has issued Sentinel Alerts, the Journal of the…

The American Association of Workplace Violence Prevention (www.aawvp.org) has designated April 2012 as official Workplace Violence Awareness Month! You can celebrate in your office by suggesting ways to reduce workplace violence in your own environment.  At AAWVP, they stress that workplace violence also happens to…

Companies often don’t think about preventing workplace violence until there is an incident that affects them, or a company similar to them, or geographically close.  As soon as something happens close to home, they want to get serious and do something about it right away….

Suicidal Man Triggers an Evacuation in Denton, Texas. The emergency department at Texas Health Presbyterian Hospital was evacuated after an armed man threatened to shoot himself in the hospital’s parking lot, as reported in a newspaper article. The man had sent suicidal messages to his…

Security measures in place are being questioned in Kissimmee, Florida at Osceola Regional Medical Center after clerk passes as a physicians assistant! Hospital security procedures, including staff screening practices at Osceola Regional Medical Center, are getting a second look after a 17-year-old passed himself off…

Whether it is Spring tornados or spring-summer thunderstorms and hurricanes.  We officially enter the season of severe weather across the U.S. A major focus at the beginning of each severe weather season, take a few minute to get ready and make sure you are prepared,…

The damage and destruction from the path of a tornado is incredible – and only matched by the sad stories of the survivors, if they are lucky enough to survive. If there’s one thing that social media has improved – it is the ability of…

Security programs can be dramatically improved by using a metrics-based assessment to focus them on the areas of greatest threat, and to use metrics as a management tool to keep the security program targeted on the areas that need the most attention. Using a data-driven…

I just finished reading a new book called HALT THE VIOLENCE, written and edited by Patricia Biles and her Alliance Against Workplace Violence group.  Here are some of my thoughts on it, if your organization has been evaluating workplace violence issues: Here’s my review and…

As a risk assessment professional, when I get into a risk discussion, most security people want to talk about THREAT!  Threat is the most sexy and exciting part of doing a risk assessment. Threats are exciting all by themselves.  Think about all the threats you…

Why Violence in Hospitals is Increasing Violence is not a concept that people usually associate with hospitals.  For years, hospitals have been seen as almost a sanctuary of care for the sick and wounded in our society.   However, the perception of hospitals has been changing…

This New Year’s Eve, I thought at times my neighbors were using a rocket launcher and several assault rifles to shoot up the New Year.  Lucky for me,  I spent the awake time to contemplate the outlook for risk, threat and security issues for 2012…

Workplace Violent Incidents have been on the rise in several specific organizations, including hospitals, home health organizations, social workers who do in home visit, and also late-night retail stores. On September 8, 2011, OSHA suddenly released their internal Directive on what their OSHA investigators look…

People tell me all the time that their management doesn’t want them to do a risk analysis, even if it’s a requirement.  Sometime they say that they have no budget to fix anything – so why bother? Even if it’s a requirement, like new workplace…

On September 8, OSHA issued a new directive about enforcement activity on workplace violence issues.  This directive (CPL 02-01-052) takes effective on Sept. 8, 2011 and is called Enforcement Procedures for Investigating or Inspecting Workplace Violence Incidents.  It details new procedures for the OSHA inspectors,…

Welcome to our Blog

We post on different topics, mostly related to risk and compliance. Let us know if there’s anything in particular you want us to cover and if we can’t make a blog out of it, we’ll try to send you some information. Be sure to subscribe so you don’t miss out!

Subscribe for our latest posts

Join us to get the latest news from Riskwatch.


Try any of our products, for free.

Riskwatch products are easy to use, free to try, and can be customized to fit your business needs.

Categories