Articles
What are the Risks Associated with Generative AI Code?
Written By: Damul Mahajan || The emergence of Generative artificial intelligence (Gen AI) in software engineering and security has generated novel compliance and privacy issues.
Proactive Cybersecurity Measures to Prevent Ransomware
By Careen Magaah, Manager, Compliance Services || In this era of digital transformation, organizations have made significant progress in enhancing their cybersecurity measures. However, the
HITRUST in Healthcare Interoperability
In the rapidly changing healthcare landscape, interoperability is critical for delivering high-quality care. It enables the seamless exchange of patient data and improves cross-departmental collaboration
Supply Chain Cybersecurity Risks Post SolarWinds Breach
Written By: Adarsh Hirenallur, Director and Principal Consultant, Compliance Services || The SolarWinds breach was a major cybersecurity attack where hackers embedded malicious code into
HIPAA Security rule changes for 2025
The U.S. Department of Health and Human Services (HHS) issued a notice to modify the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security
Ideal Approach to Cybersecurity’s Internal and External Staffing
Written By: By Sean Dowling, VP, Head of HITRUST and vCISO Services at Accorian || Building and maintaining a protected security team is more crucial than
How UCF Helps Secure PHI/PII Data (Unified Compliance Framework)
Written By: By Smita Jha & Prerna Shankar || With the rise in data breaches and new threats, the number of regulations governing organizations is
How Leveraging HITRUST AI RISK MANAGEMENT ASSESSMENT can benefit organizations
Written By: Sean Dowling, VP of Compliance and Head of HITRUST at Accorian || As artificial intelligence (AI) becomes a more significant part of our
Understanding PCI Compliance SAQ-SPoC
Written By: Eishu Richhariya & Arnav Shah || The Payment Card Industry (PCI) Self-Assessment Questionnaire (SAQ) for SPoC, which represents Software-based PIN Entry on COTS
What are the Common Project Risks in PT (Penetration Testing) Engagements
Written By: Darshana Mechanda || An essential part of an organization’s annual cybersecurity plan is having an independent entity conduct penetration testing across its assets.
What is HITRUST AI Risk Assessment: POV of Accorian’s VP of HITRUST
Written By: Sean Dowling || Have you ever considered what happens if your AI system makes an error or gets compromised? Especially if it’s Ai
The Role of HITRUST CSF in Achieving Cyber Resilience
Today, healthcare organizations’ essential function depends heavily on connected systems to provide essential services. However, this technological progress presents some serious threats, especially in the
From Risk to Resilience: Building Your SOC 2 Compliance Program
Written By: Anirudh Sumra || Service Organization Control 2, popularly known as SOC 2, is an AICPA auditing standard for service providers who store, transmit,
ISO/IEC 42001:2023 – The Crucial Artificial Intelligence (AI) Management System Standard for your Organization
Written By: Prateek Shetty & Sarthak Makkar || The Pressing Need for an AI Management System (AIMS) within Organizations The risk of unethical behavior and careless
Why TPRM (Third-Party Risk Management) is Essential for Your Business
Written By: Vignesh M R || Third-Party Risk Management is the process of analyzing and controlling the risks present in your organization that are caused by
Exploring Risk Management Framework NIST SP 800-39
Written By: Vigneswar Ravi || Don’t be a data disaster! Learn how the Risk Management Framework NIST SP 800-39 can save the day. In today’s
Protecting Data with GDPR (General Data Protection Regulation)
Written By: Vineet Kushalappa & Vignesh M R || What is the General Data Protection Regulation (GDPR)? The General Data Protection Regulation (GDPR) aims to
The Role of CSP Compliance for SaaS Companies in PCI DSS Certification
The rapid shift to cloud-based solutions is driven by speed, efficiency, and cost savings. With 94% of companies already adopting cloud services in 2023, the
GoRICO: The TPRM Tool for Third-party Vendor Assessment
With the advancement of technology, an organization’s reliance on third-party vendors to keep operations running has increased exponentially. However, increased dependence results in increased information
Leveraging HITRUST MyCSF Portal
In today’s dynamic cyber landscape, the HITRUST MyCSF portal empowers organizations to navigate complex information security requirements and ensure robust protection against threats. This is not just
What is HITRUST CSF in Healthcare?
With the advent of digitalization and AI, technology is becoming integral to how we handle sensitive patient data. But with this advancement comes a critical
LEARNING FROM THE CHANGE HEALTHCARE RANSOMWARE ATTACK
Written By Premal Parikh || One of the most significant cybersecurity attacks ever was that of Change Healthcare in February, 2024. It impacted healthcare services across
POV on AI-Generated Code
“Basics don’t change regardless of who or what wrote the code” – Aaditya Uthappa, Co-Founder & COO || Generative AI (GenAI) has redefined the way businesses
Achieving PCI DSS Certification for a SaaS company
Cloud-based solutions are gaining ground, driven by their key features: speed, efficiency, and cost savings. A staggering 94% of companies adopted cloud services in 2023,
NIST SP 800-39 – The Framework of Security
Written By: Vigneswar Ravi & Vedashree Venkatesh The ever-changing digital landscape poses a rising security challenge for organizations. Data security is not just a priority; it’s a
Debugging Misconfiguration: Ruby on Rails Remote Code Execution
Written By: Vivek Kumar Jaiswal || In the realm of web application security, even minor misconfigurations can have unforeseen consequences. This article delves into a
PCI Compliance: Mapping Credit Card Flow and Identifying Data Stores
Written By: Shorya Kansal || The e-commerce business thrives on the ease and convenience of online transactions, and credit cards are the foundation of this digital
How To Choose The Right PCI SAQ For Your Organization?
Written By: Eishu Richhariya and Neelabh Ghosh || The surge in ransomware attacks, with an average total cost of $5.13 million in 2023 (a 13% increase
Top 13 Best Practices To Secure An iPad
Always use the Telecom 5G network with a VPN; avoid any wireless connections Disable Face ID and enable fingerprint and Passcode (PIN) Download apps only
NIST Cybersecurity Framework Version 2.0: New Release
In a landmark move for cybersecurity, the National Institute of Standards and Technology (NIST) has released version 2.0 of the Cybersecurity Framework (CSF), an essential
How Does a Company Become PCI Compliant: Key Steps
Written By: Naga Chinmai and Arnav Shah Maintaining PCI compliance in the payment card industry demonstrates our dedication to ensuring a secure environment. According to recent research, data breaches
Are You Ready For PCI DSS v4.0?
Written By: Hari Koguru & Neelabh Ghosh With emerging tech comes new risks; therefore, assessing and mitigating these risks is critical for developing a secure future. In 2023,
What is the Cost of HITRUST Certification?
Small and medium-sized organizations often ask about the cost of HITRUST Certification. Patient data security is critical, so we always recommend considering HITRUST as a long-term goal
HIPAA Disaster Recovery Plan: Your Guide to Patient Data Security
In the dynamic cybersecurity landscape, 2023 statistics reveal an alarming 53% of incidents targeted healthcare providers, emphasizing the need to protect sensitive patient data under
WHY DO YOU NEED RED TEAMING?
Written By: Premal Parikh Over the past decade, companies have increasingly recognized the need to protect themselves against cybersecurity risks. This awareness can be attributed to
HITRUST Certification Made Simple: Key Steps to Get HITRUST Certified
In the dynamic healthcare landscape, where innovation meets responsibility, safeguarding sensitive data is paramount. The stark reality is that our data is consistently under siege.
Accorian’s Brand Security Program – Securing Against Cyber Threats
In today’s rapidly evolving digital arena, protecting your brand’s reputation and ensuring your organization’s security are paramount imperatives. Projections indicate that the financial impact of
CYBERSECURITY FOR MERGERS & ACQUISITIONS: Ensuring a Secure Transition
Written By Virendra Upadhyay & Mrinal Durani II The growing concern regarding cyber threats is particularly alarming in today’s digital landscape. In the first quarter of
Vendor Risk Management for Large Companies: Securing the Supply Chain with Compliance
Written By Vignesh M R II In today’s global business landscape, large corporations heavily rely on a vast network of vendors and suppliers to provide essential
Cyber Insurance for Your Business: A Complete Overview
Written By Kanav Gupta II According to Cybersecurity Ventures, cybercrime will cost $8 trillion globally in 2023, equivalent to the world’s third-largest economy after the
Open Source Software: Understanding and Ensuring Security
Written By Abhijeet Karve II The demand for innovative software solutions has thrived in today’s ever-changing dynamic world. The open-source services market is rising rapidly as
Mastering PCI Compliance: Key Challenges and Effective Solutions
Written By Kiran Murthy & Manisha Robbi II “Compliance is the armor that shields data from harm.” In today’s digital landscape, the significance of this
IT’S NOT THE WHO BUT THE HOW! – SOC 2 Compliance
Here’s why clients choose Accorian over their competitors for their SOC 2 Compliance. 1 Competitors: Often follow a traditional approach to SOC 2 compliance, which
Demystifying Vulnerability Scan Reports: Best Practices for Efficient Remediation
Written By Somya Agarwal II In today’s ever-evolving cybersecurity landscape, businesses face constant cyber threats and data breaches. The first quarter of 2023 alone has
HITRUST Framework – e1, i1, and r2 Assessments Explained
According to IBM Security, the average cost of a healthcare data breach has increased to $10.1 million in 2022. This significant rise in cost highlights
Insider Threat: Understanding the Risk Posed by Ex-Employees and the Importance of Access Reviews
Written By Vignesh M R II In today’s business landscape, organizations face a plethora of cybersecurity challenges, with insider threats being one of the most
SOC2 Trust Services Criteria (TSC) – A Comprehensive Guide
Written By Om Hazela & Sarthak Makkar ll Information security is a major concern for organizations, especially those that rely on third-party vendors such as cloud
PENETRATION TESTING – An ART or a SCIENCE? POV OF A VP PEN TESTER
Written By Ashritha Alva II Penetration testing is a crucial practice in today’s cybersecurity landscape. It involves assessing the systems, applications, security devices, etc. to identify
PCI DSS Compliance Penetration Testing
Written By Angad Bindra II “Compliance is no longer just about ticking boxes, but about embracing security as a mindset.” (Kevin Mitnick) It’s not enough
Kerberoasting and Evil Passwords – The Dark Side of an Active Directory
Written By Aakash Kumar II Imagine a world where you have to remember passwords for every website and network you want to use. You’d be
WHY HIRE A CREST ACCREDITED PENETRATION TESTING (PEN TESTING) FIRM?
“An ounce of prevention is worth a pound of cure” – a famous quote by Benjamin Franklin that perfectly captures cybersecurity’s importance in today’s digital
What is TISAX Certification (TRUSTED INFORMATION SECURITY ASSESSMENT EXCHANGE)
Written By Srishti Shukla & Virendra Upadhyay II TISAX Certification (Trusted Information Security Assessment Exchange) is a comprehensive standard that provides a structured framework for
CHOOSING THE RIGHT FIRM FOR YOUR PENETRATION TESTING SERVICES
Written by Premal Parikh II Numerous security firms perform penetration testing and red teaming. However, determining the security firm suitable for your organization is difficult.
HIPAA UPDATES 2023
Written By Vigneswar Ravi & Vignesh M R II The Latest on HIPAA Compliance HIPAA Compliance will be undergoing significant changes, this year in 2023,
THE vCISO SUPERPOWER: A Virtual Chief Information Security Officer for your Cybersecurity Goals
Introduction There is a famous adage by Spiderman in Marvel comics, “With great power, comes great responsibility,” and that’s how important a vCISO (Virtual Chief
WebSocket Vulnerabilities: Keep Your WebSocket Connection Safe
Written by Somya Agrawal II WebSocket is a powerful tool for sending and receiving messages over a network. It enables quick and reliable data exchange
UNDERSTANDING AI RMF 1.0 – The Artificial Intelligence Risk Management Framework
Written by Tathagat Katiyar & Harshitha Chondamma II Artificial Intelligence is undergoing continuous growth and development, with new technologies and applications being developed daily. As
ISO 27701 2019: THE KEY TO PERSONAL DATA PROTECTION
Written by Vigneswar Ravi & Vignesh M R II Personally Identifiable Information (PII) has never been more important than it is in today’s digital age.
HITRUST And HIPAA Compliance Helps Organizations Create More Walls Around Their Customer Information
Cybercriminals are often attracted to the data held by healthcare companies. Patient data, banking information, and other personal identifying information (PII) are gathered by healthcare
Questions to Ask my SOC2 Auditor before Signing up for a SOC 2 Compliance Audit
Written By Om Hazela & Sarthak Makkar || Ideally You want to find a service provider to take you from SOC 2 readiness to report. SOC
What is ISO 22301 Certification: The Business Continuity Management System Standard
Written by Kiran Murthy | Naga Chinmai | Eishu Richhariya | What is ISO 22301 Certification? ISO 22301 Certification provides a framework to plan, establish,
What is HITRUST CSF in Healthcare?
Being HITRUST-certified is one-way companies can demonstrate their commitment to security and privacy to clients and partners Healthcare is one of the most highly regulated industries
Penetration Testing: Search Engine based Reconnaissance
Written by Vivek Jaiswal II Reconnaissance is an essential phase in Penetration Testing, before actively testing targets for vulnerabilities. It helps you widen the scope
ISO 27001 AND ISO 27002 CHANGES FOR 2022
(ISO/IEC 27001:2022 and ISO/IEC 27002:2022) Written by Kiran Murthy & Eishu Richariya II Recently a publication notice was released regarding the ISO 27001 and ISO
ISO 27001 AND ISO 27002 Correlation & Differences in the updated versions of 2022
(ISO/IEC 27001:2022 and ISO/IEC 27002:2022) Written by Kiran Murthy & Tathagat Katiyar II ISO 27001 – A Framework for Information Security Management Systems ISO 27001
WHAT IS SOC 2 COMPLIANCE
Everything you need to know about getting your SOC 2 Written by Om Hazela Accorian has aided 100s of companies in attaining SOC 2 compliance
Compromising the Domain Controller using Multiple Misconfigurations
A story of how Security Misconfiguration led to Compromising the Domain Controller What is an Assured Breach? Assumed breach, as the name suggests, is when
PCIDSS 4.0 from PCIDSS 3.2.1- Part 1
Written by Kiran Murthy & Eishu Richhariya Introduction PCI-DSS stands for Payment Card Industry Data Security Standard. This standard first came into the picture in
Spring4Shell
Last week a Remote Code Execution vulnerability was disclosed in Spring. Spring is an open-source application framework that provides infrastructure support for creating Java applications
HITRUST® introduces the leaner version of the Validated HITRUST Assessment – The Implemented, 1-Year (i1) Validated Assessment + Certification
HITRUST, recently, announced the implementation of a new annual HITRUST Assessment + Certification, the i1. The aim of this release is to provide a cybersecurity
Penetration Testing Anecdote Series
Authentication bypass due to weak verification of SAML Token What is authentication bypass in web applications? The web application vulnerability – authentication bypass occurs when
Why Being HIPAA compliant is not enough
If there is a central key aspect of healthcare security, it is HIPAA. The Health Insurance Portability and Accountability Act of 1996 changed the way
Pre-Placement & hiring in times of Covid
Accorian at UPES, Dehradun Despite industry-wide hiring freezes as a result of COVID, Accorian has established its first university recruitment channel with UPES Dehradun for
A Cloak with holes: CSP Provided Security
The last 2-3 years have seen a spike in the adoption of cloud especially among organizations who had possibly never thought about moving to a
The Privacy and security issues of expanding Telehealth
Telehealth is the distribution of health-related services and information via electronic channels allowing long-distance patient and clinician contact, care, advice, reminders, education, intervention, monitoring, and
The Journey from HIPAA Compliance to HITRUST Certification
In today’s complex technological world, there is always the danger of a hostile threat environment lurking around the corner, waiting to manipulate the potholes in
Adobe’s Common Controls Framework of Industry-acclaimed security standards
Today’s world is an ever-changing scenario with changes to the technology sector happening more frequently than ever due to emerging technologies. The case is quite
Securing your O365
E-mails are the most used productivity tool by employees. They are also a treasure trove of information and are a lucrative target for hackers as
Risk Management Framework – Managing & Measuring what matters
A risk management program allows you to manage overall information security risk. It is an approach to identify, quantify, mitigate, and monitor risks. The reason
Data Privacy & Protection – Why you should be concerned
In the digital age data privacy & protection is a huge concern for company of all sizes. In part, because data breaches are happening daily,
Unsecured APIs – Underlying threat waiting to be realized
APIs & Web Services are essential supporting building blocks for today’s applications. They’re not only the connective tissue between applications, systems, and data, but also
Cybersecurity in a time of Covid-19
No one event has had the focus of the world at this scale in the last decade. As IT teams are working round the clock
1 Minute Guide to the Updated HITRUST Scoring & Metrics for 2020
At the start of the year, HITRUST released an updated methodology for scoring requirements. This will ensure that organizations focus on maintaining a robust program
The role of the modern CTO with regards to Cybersecurity
How the times have changed. 15 years ago, cyber-security consisted of making sure you had an anti-virus program running on your machines. It didn’t matter
How do you prepare for a Penetration test?
A penetration test (Pen Test) is one of the best ways a company can test their IT assets for vulnerabilities that a hacker could exploit
Insider Threats – Healthcare’s Crippling Reality
We often learn about the latest security issues, threats, vulnerabilities, attacks, and ransoms every day. While much of the advertised information we read is about
HITRUST just released Version 9.3 of the HITRUST CSF. How will that affect your company?
On October 28, 2019, HITRUST announced the release of version 9.3 of the HITRUST CSF information risk and compliance management framework. The HITRUST CSF is
Five Important Concerns of Cybersecurity Today
October is National Cybersecurity Awareness Month and it’s a reminder that we need to be vigilant about protecting our privacy and our business from possible cyber attacks.
Deepfake videos are everywhere. So how do we know what’s real?
Remember the phrase “Seeing is believing?” Deepfake videos have people second guessing what they are watching. Deepfakes are videos manufactured by AI technology that can
Who should prepare for the California Consumer Privacy Act?
Any for-profit company that does business or has customers in California should prepare for the California Consumer Privacy Act (CCPA). Here’s why they should. The
Lessons from our recent HITRUST Community Extension Program.
On August 27, 2019, Accorian, facilitated a successful HITRUST Community Extension Program in New York city. Security and Technology professionals from organizations in healthcare, finance
Are we forgetting to “lock the front door” when we invest in Cybersecurity? Lessons from the Capital One and Equifax data breach.
Like my high school coach always said, “Stick to your basics”. The Equifax and CapitalOne breaches reminds us that cyber-attacks don’t always come from sophisticated
Should you be concerned about the security of FaceApp?
FaceApp, the AI-powered picture-editing program, is trending in social media. We’ve all seen the pictures of celebrities using FaceApp to make themselves look older or
How can your company prevent a data breach through a third-party vendor?
Companies of all sizes are doing a good job beefing up their cybersecurity and that’s great. But… many are forgetting an often overlooked target –
Can you afford to stay in the dark about cybersecurity?
Small and Medium Businesses (SMBs) are often unsure of where they stand when it comes to cybersecurity. While larger companies treat cybersecurity with white gloves
7 Ways to protect your Healthcare Data in 2019
In 2018, 15 million patient records were breached during 503 healthcare cyber-attacks. That’s three times the amount of reported incidents in 2017*. As breaches continue
10 reasons why just buying a security product is not a strategy.
With the number of security breaches occurring right now there is a tremendous focus on cybersecurity in companies of all sizes. In many cases, the
How to Make Risk Assessments Work for Healthcare
Risk assessments are the backbone to any good security and risk plan. Risk assessments test your current information system and reveal any areas where data
Recipients can either scan the code on a phone or tablet to access the form