Any organization that has access to electronic Protected Health Information (ePHI) must comply with HIPAA. If your organization needs to be compliant, this isn’t something you can delay or phase in gradually because failure to meet HIPAA compliance can carry steep penalties. (On the positive side, becoming HIPAA compliant can be a tremendous business driver if you’re interested in starting a company, entering a new market, attracting new customers, or reducing the time it takes to obtain approvals.) Read more “HIPAA Compliance Checklist”
The current version of the PCI DSS is 3.2.1, published in May 2018. Requirement 6 states that you must “Develop and maintain secure systems and applications.” Sure, no problem. That’s totally clear and straightforward — at least for anyone who’s never tried to develop and maintain secure systems and applications! For the rest of us, that’s a tall order. Read more “How to Address PCI DSS Requirement 6.6 — A Two-For-One Solution From Threat Stack”
Trash Taxi: A Lifecycle Management Tool for
Superuser Discovery & Cleanup
Whenever I join a new team, my first task is fostering and nurturing a good working relationship with the developers. Why? If there is good chemistry between testers and developers, the quality of work improves as the quality of communication increases.
The relationship between developer and tester shouldn’t be one of artist and art critic. Rather, it should be like the relationship between a writer and a copy editor, where each contributes to the quality of the final product.
Developing a good working relationship with developers can be tricky. I am really fortunate working here at Threat Stack where my work is valued and my ideas are appreciated, but in my career — like many of you — I have had my struggles.
With that in mind, here are five tips that I’ve found helpful in nurturing and developing relationships with my developer teammates. Read more “Five Tips On How Testers Can Collaborate With Software Developers”
The Payment Card Industry Data Security Standards (PCI DSS) provides a rigorous security framework and best practices for businesses that store, transmit, or process credit card information.
The PCI DSS is a set of technical and operational requirements that govern modern payment processing. Businesses and organizations in the payments industry must achieve and maintain compliance, or they may become liable to consequences that include increased risk of data breaches, damage to brand reputation, heavy fines, and other sanctions.
With more companies using cloud computing than ever before, PCI compliance in the cloud — such as AWS PCI Compliance — is a growing need. Companies can reduce their risk and streamline compliance by leveraging the right tools. Platforms such as Threat Stack’s Cloud Security Platform®, which offers continuous cloud compliance, can strengthen your organization’s security posture and build compliance into your technology stack to help you meet PCI DSS requirements as well as compliance requirements for other regulatory frameworks.
To help as you embark on the journey to PCI compliance, we have compiled a list of 50 PCI compliance tips from payment security experts and thought leaders. To make the list manageable, we have divided the tips and quotes into the following five categories: Read more “50 Valuable PCI Compliance Tips”
Stratasan provides web-based software and professional services that are designed to help healthcare organizations maximize strategic growth through convenient access to useful information on healthcare markets. Healthcare providers, specifically hospitals and hospital systems, struggle to discover the best opportunities in their market for strategic growth, find the right patient populations in their service area, and track their performance and progress against their strategic growth goals.
By delivering intelligence through proprietary web-based software and a team of seasoned healthcare professionals, Stratasan establishes a foundation for growth in strategic planning, marketing, physician relations, and expansion. Partnering with nearly 1,000 hospitals across 40 states, Stratasan helps them achieve efficiency and effectiveness in their strategic planning initiatives.
This blog post outlines how Stratasan uses Threat Stack to gain the visibility, multiple tiers of monitoring, and auditable data, it needs to address its growing security and compliance needs. Read more “How Stratasan Addresses Its Growing Security & Compliance Needs for Healthcare IT and Services Using Threat Stack”
PCI DSS stands for Payment Card Industry Data Security Standard. These standards are in place to help businesses protect themselves and their customers by outlining how sensitive personal information, like credit card data, gets stored. If you process payments using debit or credit cards, you must meet PCI DSS, or you might be fined or have your ability to process cards revoked altogether. Read more “PCI Compliance Checklist”
As the security industry finally leaves Las Vegas after a full week of Black Hat, Defcon, and Bsides, we wanted to set aside some time to take stock and think about all the trainings, presentations, research, and conversations during our week in the desert. One of the overarching takeaways that was cemented by Dino Dai Zovi’s keynote is the critical need for security to become embedded in our culture. Read more “Black Hat 2019 Recap: Transformation & the New Cybersecurity Culture”
Booth #2009 | August 7 – 8 | Las Vegas, NV
Hope we see you at Black Hat next week for one of the world’s leading info security events. The show has something for everyone — research, training, latest trends, networking opportunities, a broad range of security products & solutions presented by Black Hat sponsors — and as always — fantastic social events.
Threat Stack is a proud Silver Plus sponsor this year, and we’re bringing out our A-Team of security and compliance experts. Read more “Join Threat Stack & 19,000 InfoSec Professionals at Black Hat USA 2019”
Meeting compliance requirements can be a challenge, but it can also open up new markets, speed your sales process, and improve your company’s overall security posture. When it comes to improving your security maturity, compliance can be a useful part of your strategy.
Whether you’re targeting specific industry verticals or going after international customers, entering new markets requires continuous education about the latest in compliance and regulatory standards as they relate to data privacy and security. With that in mind, this post takes a brief look at key standards in order to give you insights into the security and privacy requirements that may be pertinent to the way your SaaS company engages with prospects and customers and handles sensitive data. Read more “How SaaS Companies Can Build a Compliance Roadmap”