Due Diligence NOT dENY, dENY, dENY

Another Example of Needing to hire Third Party Risk Management Consultants

June 24, 2017

Please read the article from Cleveland.com (link below)

 

http://www.cleveland.com/metro/index.ssf/2017/06/health_information_of_1708_aet.html

 

Health information of 1,708 Aetna clients in Ohio exposed online

2
Updated on June 23, 2017 at 7:53 PM Posted on June 23, 2017 at 5:40 PM

244
shares
BY PLAIN DEALER STAFF
CLEVELAND, Ohio -- Personal health information for 1,708 Ohio residents who have health insurance through Aetna was exposed online, Aetna Inc. said in a statement Friday.

The...

Read more

PCI - DSS

May 5, 2017

PCI – DSS
Payment Card Industry – Data Security Standards


The 12 Security Required Controls* apply to all system components that are included in or connected to the payment card data environment:

Build and Maintain a Secure Network and Systems


Install and maintain firewall configuration to protect credit card data
Do not use vendor defaults for system passwords and other security parameters

Protect Cardholder Data
Protect stored Credit Card Data
Encrypt transmission of credit card data...

Read more

Information Security

May 4, 2017

 

Information Security: Three Main Types of Controls and Examples


Administrative

o Laws
o Regulations
o Policies
o Practices
o Guidelines


 Logical

o Virtual
o Application
o Technical Controls: Firewalls, Antivirus software, Encryption


Physical

o Video surveillance
o Keyed/Secured/Bio-security access
o Barricades
o Guards
o Monitoring

 

Read more

SOX Highlights

April 11, 2017

SOX (Sarbanes – Oxley Act 2002)
High Points and Clarity

How it came about:
• A result of the Enron Scandal

What does it do:
• Provides more regulation of securities trading and expands the Securities & Exchange Act of 1934

Securities and Exchange Commission (SEC) regulates the Securities Trading Industry and:
• General rule maker authority for SOX
• Established the Public Company Accounting Oversight Board PCAOB
• Reviews sanctions/penalties determined by PCAOB
• Final Authority on accounting...

Read more

Risk Management: Data Protection & Third Party Vendors

April 2, 2017

RISK MANAGEMENT: DATA PROTECTION AND THIRD PARTY VENDORS

By: Lisa Marie Waugh, MJ

Corporate Intelligence Consultant


DEFINITION
A Third Party Vendor is a vendor or supplier that is involved in a business’s (“Primary”) process/services/goods that are provided or sold to another party (“Client”) but is not party to the agreement between the Primary and Client. In fact, the Client normally does not even know that there is a third party involved in the production of goods or services.


...

Read more
<< Previous