2 minute read
FOR YOUR INFORMATION A cyBARR Quarterly
Quarterly Highlights
Service Line Spotlights: PCI DSS, HITRUST Assessments, Data Management
Advertisement
Hacker-Proof Headlines
Protecting Our Communities Through True Partnership
At the root of it all, cybersecurity is about community. It’s about working together to create a safer world. It’s about talking and building trust and creating solutions for growth. Kind of like a community garden—not enough would grow if you were the only gardener. But by working together, multiple gardeners can help get rid of the weeds and produce something fruitful.
Security is a public good. You don’t get as much of it if you try to only protect yourself as you do if you work to protect the whole community and others do the same.
—Tarah M. Wheeler
Since our founding, BARR has valued creating and nurturing a cyber-resilient community. Through the resources we’ve developed and partnerships we’ve established, we not only strive to provide the most up-to-date cyber information but also aim to work alongside organizations as true partners during their security and compliance journey.
As a partner, we value asking the right questions to deeply understand an organization’s specific needs. While we come with insight and expertise to guide you through the complexities of security and compliance, at the end of the day, it’s about working together to establish something that keeps us all protected.
Let’s take a closer look at how BARR serves as a true partner in the cybersecurity community through a few quarterly updates, recent findings, and the latest in cybersecurity best practices.
Verizon Data Breach Investigations Report Analysis BARR Belong Foundation A Word From Our Clients About Us
Work Smarter, Not Harder
HITRUST recently released CSF version 11, which added the e1 Assessment to its services and updated the i1 and r2 Assessments, allowing organizations to reuse work from lower-level HITRUST assessments and progressively achieve higher assurance by sharing common control requirements in inheritance. Now that’s something to put your (HI)TRUST in.
HITRUST Assessments Key Differences:
We’re All in this Together
Building and operating a data management plan can be time consuming and overwhelming. The good news is, you don’t have to go it alone. Here are some tips from Manager of Attest Services Dariek Howard on how he helps organizations build a data management plan.
Did You Know?
Compliance doesn’t equal security.
We don’t mean to confuse you, but the two have important distinctions. Security is often defined as being safe from danger or threat. On the other hand, compliance is following standards and guidelines applicable to your organization—a way to communicate your security posture for others to understand. Check out our recent blog on why compliance doesn’t equal security by Senior Associate Devin Olsen
Swipe Away, Securely
Does your organization store, process, or transmit credit card information? In today’s business world, it only takes the swipe of a card or click of a button to process customer payments—and with any type of financial transaction lies the opportunity for cardholder data theft.
No matter the size of your business, if you deal with credit card information, you’ll want to comply with the Payment Card Industry Data Security Standard (PCI DSS) in order to avoid hefty fines, and most importantly, keep your customer’s data secure.
Learn how BARR’s PCI DSS services can help, and encourage your customers to swipe away!
Creating a Data Management Plan:
Understand what data you have and where that data lives.
Implement security controls in order of priority. Leverage the assets that process, store, or otherwise support the data within your environment. Understand your organization’s unique risks.
We’ve got you covered on the latest cybersecurity headlines, so you can stay in the know with all things security and compliance.
[ICYMI]—New SEC Requirements
The Securities and Exchange Commission (SEC) just adopted new rules to enhance and standardize cybersecurity risk management, strategy, governance, and incident reporting disclosure practices by public companies and other market entities. The rules will have a sweeping impact on all public companies that are subject to the Securities Exchange Act of 1934. Read our whitepaper to learn more.
