Achieving government regulatory compliance–PCI, SOX, HIPAA– isn’t a one-time exercise. It requires careful planning and implementation of a compliant IT infrastructure and continuous maintenance. Compliance strategy is an ongoing process that works to protect your organization from penalties and your data from hacks. Though each form of compliance looks for similar items and configurations, the goal and focus of each are different. WSM can make compliance testing a part of your overall digital transformation strategy and ensure that your infrastructure meets guidelines.
Types of compliance we help with
If your business accepts, transmits, or stores card payment data through the phone, online, or physical scanning, you are required to meet Payment Card Industry Data Security Standard (PCI DSS) regulations. PCI Compliance applies to any company of any size; however, different merchant levels based on transaction number per year apply.
PCI compliance is not a one-time exam, but an ongoing process that works to protect your company and your customers. Businesses are required to submit quarterly scans to ensure there are no failing vulnerabilities found and that data is safe. WSM can help you meet PCI compliance by finding and fixing your vulnerabilities, as well as completing the necessary quarterly scans.
HIPAA compliance focuses on user access to patient records. Any way a human could accidentally or intentionally disclose protected patient data is investigated. HIPAA compliance includes:
- Checking to make sure all users have a unique username and password
- Understanding how patient records are moved from location to location
- Performing penetration and vulnerability testing
- Ensuring backup encryption verification
WSM can help plan up your infrastructure and perform regular penetration and vulnerability testing to ensure you meet HIPAA compliance regulations.
SOX stands for “Sarbanes-Oxley Act” and is directed at mostly public-held corporations. Corporations susceptible to SOX compliance are required to create internal standards and procedures for handling and reporting financial information. This requires the IT network to be configured in a way that demonstrates compliance to every aspect of SOX. A SOX audit focuses on how data is being entered, stored, and retained. For IT security officers, this means that SOX requires evidence that financial applications and supporting systems and services are adequately secured.
WSM can help identify key IT systems and processes involved in your organization’s financial information. This can involve security testing, verification of software integration and automated process testing with the goal of ensuring all IT procedures support the safe transmission of financial data.
AWS Security Best Practices
Migrating to an AWS infrastructure? Time to start thinking about AWS security best practices. Securing your new AWS infrastructure does not fall on the IaaS provider, but on your organization as well. To avoid risk in the cloud, keep in mind some AWS security best practices before you make the move. The below list is not at all exhaustive but meant to get you started.
451 Report: Cloud is Driving Shift in Security Spending
Security spending is on the rise according to recent 451 Research report, “Cloud is Driving Shift in Security Spending.” Their predictions are in line with what we predicted for 2018.
Hot Trend: Managed Security Services
A recent CSO magazine article, 8 hot cybersecurity trends (and 4 going cold), includes advice from security pros, including our own CTO, Jeremy Steinert.