IT and PCI Compliance
The Cloud Security Equation: Balancing Protection in Shared Environments
Cloud computing has transformed how businesses deploy, manage, and scale their digital infrastructure. But with increased flexibility comes greater responsibility. While cloud providers offer powerful security tools and infrastructure, the onus is still on the customer to configure them correctly, enforce proper access controls, and ensure compliance with regional and industry-specific regulations.In “The C..
Auditing with IT Control Frameworks (NIST, COBIT, HiTrust, ISOs)
In an era of increasing regulatory scrutiny, digital transformation, and growing cybersecurity threats, IT governance has become more critical than ever. Organizations must have effective controls in place to manage risk, ensure compliance, and align IT strategy with business goals. But with so many IT control frameworks available, it can be overwhelming to determine which one is best suited for your organi..
Defending Your Code: Business Strategies for Web And Application Security
Despite advances in cloud infrastructure, DevOps practices, and agile development, application vulnerabilities remain one of the leading causes of data breaches worldwide. Often, the gap lies not in the capabilities of development teams, but in the misalignment between business strategy and secure development practices. That’s where this session, “Defending Your Code: Business Strategies for Web & Appli..
COBIT 5 Framework: Master the Skills to Review Implementation
Designed to make IT auditors familiar with the ways the COBIT®5 Framework can be effectively integrated into the general IT Audit process. The webinar will explore the major changes incorporated in COBIT®5 and their impact on the effective execution of IT audits as well as the integration of COBIT®5 into other internationally recognized standards and frameworks, including the ISO-27001, ISO-27002, ISO-27005..
Auditing Information Security Using ISO 27001
ISO 27001 describes how to manage information security in a company. According to its documentation. ISO 27001 was developed to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system." By applying ISO 27001 standards effectively in your organization you can ensure robust security for your organization's vital inf..
PCI Compliance – What Your Company Needs to Do to Get There
Your company must be PCI compliant if it receives payments in the form of credit cards, checks and wires? As our technology base in the world has improved and made our lives easier, so has the threat of having our identities stolen. Each year we hear of several companies that have experienced data breaches and the major negative impact it has on all consumers. Data breaches are not only detrimental to consu..
Technical Managers: Hired for hard skills & fired for soft skills
The basics of great management are the same whether in the technical or non-technical sphere because you are dealing with human beings. The key is to develop a plan to implement all assignments by delegating the detailed tasks to technical professionals to execute using proven methodologies and keeping individuals motivated. Coaching each person to get the results you are responsible for and helping each pe..
HIPAA Audits – an Insiders Perspective
I will be speaking to real life audits conducted by the Federal government for Phase 2 and beyond (I’ve been on both sides of these audits) what your highest risks are for being fined (some of the risk factors may surprise you). It seems almost daily I am receiving calls from nervous practice managers and compliance officers all over the USA regarding a HIPAA audit letter or call they have received. This le..
HIPAA training for the Compliance Officer
This webinar will be addressing how practice/business managers (or compliance offers) need to get their HIPAA house in order before the imminent audits occur. It will also address major changes under the Omnibus Rule and any other applicable updates for 2018. Areas also covered will be texting, email, encryption, medical messaging, voice data and risk factors as they relate to IT. The primary goal is to ens..
HIPAA vs SAMHSA (42 CFR Part 2)
This lesson will be addressing how practice/business managers (or compliance offers) need to ensure their organization is complying with the Federal Substance Abuse and Mental Health Administration (SAMHSA) regulations (42 CFR Part 2) and how this differs from the HIPAA (Health Insurance Portability and Accountability Act) Privacy and Security Regulations. Both regulations carry significant civil and even c..
How ISO/IEC 27001 Can Help Achieve GDPR Compliance & Reduce Data Breach Risks
Organizational IT usage categorization can be either support transaction processing or decision-making. Transaction-based information systems process data for routine business activities, whereas a decision-based information system commonly advises managers and professionals in non-routine judgments. Accordingly, information systems represent an architectural component that collects data, processes transact..
How to Apply ISO 27001 Principles to Enterprise Risk Management In 2018
ISO 27001 describes how to manage information security in a company. According to its documentation, ISO 27001 was developed to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system." By applying ISO 27001 standards effectively in your organization you can ensure robust security for your organization's vital inf..
Information Cyber Security Planning for Governance, Risk and Compliance (GRC) Framework - Organization and Responsibilities
Information Cyber Security Planning for Governance, Risk and Compliance (GRC) is essential in this world of new technologies, cyber events, natural and manmade disasters. GRC refers to a company's coordinated strategy for managing the broad issues of corporate governance, enterprise risk management (ERM) and corporate compliance with regard to regulatory requirementsEnterprise IT Governance, Risk, Complianc..
Medical Device Software 62304 Compliance
The webinar will leave you with the information needed to create and maintain good documentation that meets FDA compliance standards. You will learn about what must be done and what must not be done. In addition, you’ll learn about the various computer system validation deliverables and how to document them. This session will provide insight into the IEC 62304 standard as it is applied to medical device sof..
Office 365 Demystified: Groups, Teams & SharePoint
Often the user community has moved from a well-understood structure of network shared drives and email attachments to, what must seem like, the wild west. In this program, we will pull back the covers on the structures used to organize people and share information in an Office 365 world. You’ll get a look at Teams App, Outlook, SharePoint, and how these work together to create a collaboration platform for y..