7 Things to Know about the NIST CSF Update

Posted on May 24th, 2018 in Cybersecurity by Szuyin Leow

On April 16, 2018, the National Institute of Standards and Technology (NIST), released updates to their Cybersecurity Framework (CSF) titled “Framework for Improving Critical Infrastructure Cybersecurity Version 1.1”...The updates work seamlessly with the original framework and are intended to be implemented by first time and current framework users. 


LogicGate Helps You Meet OIG's 7 Key Elements of Compliance

Posted on May 16th, 2018 in Policy Management, Compliance by Gary Elens

There are many complex issues in the healthcare industry. With looming government regulation and drastic changes in policy, 2018 is projected to be a year of unknowns and change. In addition to implementing new regulations, the industry must still meet current compliance requirements without fail.The Office of Inspector General’s (OIG) 7 Key Elements of Compliance are the minimum standard and mandatory for all hospitals. Using an automated system that will streamline and reduce potential risk while also adapting to the needs of an individual hospital is paramount in this uncertain climate.


Transform Your Incident Response Plan from a Static Policy Document to an Interactive Process

Posted on April 26th, 2018 in Incident Management by Jon Siegler

Benjamin Franklin supposedly said, “if you fail to plan, you are planning to fail.” Although, this sentiment is never more true than in an organization’s preparation for risk “only twenty-five percent [of organizations] have an Incident-Response (IR) plan applied consistently across the organization, and twenty-three percent have no incident response plan at all,” according to the Ponemon Institute. In order to protect your organization from risk, it is imperative to transform your Incident-Response plan from a static document to an interactive process. 


Why Compliance Controls Should be Embedded into Your Business Processes

Posted on April 19th, 2018 in Compliance, GRC by Gary Elens

Compliance is an intricate and difficult practice that many enterprises have siloed into departmental issues and concerns, but it is essential for the success of an organization. The difficulty with compliance is enterprises are attempting to regulate all rules and processes with a disorganized, inadequate, and an unregulated system. Compliance is defined as “the process of conforming with external rules and regulations and internally defined directives and standards.” In order to fully meet compliance standards, every internal and external rule and regulation must be considered and embedded into the process. If controls are not embedded into the process, the organization is vulnerable to risks and attacks that could be expensive if not detrimental.


The Power of a Graph Database

Posted on April 4th, 2018 in Graph Database, Risk Management by Dan Campbell

Recently, LogicGate's engineering team undertook the effort to migrate our application from a relational database to a graph database. To better understand this decision and its benefit to LogicGate users, it's important to know a little bit about LogicGate and a little bit about databases in general. 


Identifying Gaps in Your Information Security Risk Assessments

Posted on March 29th, 2018 in Information Security Risk by Gary Elens

Information security risk assessments are vital to the health and longevity of every organization, but they can often be a confusing process with terms that vary across industries and organizations. One of the major gaps within information security risk assessments is the lack of information regarding threat actors and threat events. Without these two key pieces of information corporations and enterprises are wasting valuable time, money, and other resources on extensive information security risk assessments and walk away without knowing any details about the very real threats to their business.


Designing an Effective Process to Track Employee Policy Attestations and Certifications

Posted on March 21st, 2018 in Policy Management by Matt Kunkel

Most organizations today have multiple compliance requirements and contractual obligations that require all employees to attest that policies and procedures have been read and acknowledged. However, it is generally just good business practice to validate that employees have truly read and understand the requirements of an organization. It’s important to build an effective process that tracks employee attestations and certifications to ensure that policies are being met and procedures are being followed.


GDPR Industry Focus: Impact of GDPR on Healthcare, Pharma, and PHI

Posted on March 12th, 2018 in GDPR, Regulations, Compliance by Szuyin Leow

The May 2018 implementation of the GDPR will impact the healthcare industry with numerous requirements that will necessitate stringent policies and procedures for compliance. The healthcare industry will be required to be even more diligent with personal data than current requirements demand. Within the GDPR, companies will be required to show how they are in compliance, not just report that they are in compliance. 


GDPR Industry Focus: How Does GDPR Impact the Tech Industry

Posted on February 26th, 2018 in GDPR, Compliance, Regulations by Szuyin Leow

With the continuing growth of ‘big data’, the tech industry will be greatly impacted by the implementation of the GDPR. Top data companies like GoogleFacebookAmazon, and Microsoft, along with all tech companies, will be required to restructure many of their policies and procedures in order to become GDPR compliant before its implementation.


GDPR Industry Focus: How does the GDPR impact Financial Services?

Posted on February 21st, 2018 in GDPR, Regulations, Compliance by Jon Siegler

The May 2018 implementation of the GDPR will soon impact many organizations in the financial services industry -- with numerous regulations that specifically require stringent policies and procedures for compliance. Banks are presumed to be a likely target for audits and enforcement actions. Here we cover what you need to know as a member of your organizations compliance or risk management functions.