What is 23 NYCRR 500?
The NYDFS Cybersecurity Regulation, 23 NYCRR 500, requires New York banks, financial services companies and insurance companies, including non-New York insurance companies who do business in New York...
Larger than WannaCry: EternalRocks Worm Spreads Using 7 Leaked NSA Exploits
A new worm, EternalRocks that exploits Windows SMB (Server Message Block) vulnerabilities has been discovered by a security researcher. EternalRocks uses seven SMB-specific NSA tools, while WannaCry used only two...
What is WannaCry, WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor and how to Protect Yourself from Ransomware
WannaCry, Wanna Crypt, WannaCrypt0r 2.0 is a type of Trojan virus called ‘ransomware’, which holds the infected computer hostage until ransom is paid by the computer owner. Over the weekend (May 13-14, 2017) the world has experienced a major impact by the WannaCry ransomware attack...
NCUA Examiner Insight for 2017
The 12th annual CUISPA (Credit Union Information Security Professionals Association) conference was held on February 21 & 22 in San Antonio. SCA routinely participates in this conference to network with credit union information technology and risk management professionals, and just as importantly, to engage NCUA examiners about items on their priority list...
Washington State DCU Selects SCA to Deliver IT Examinations
Security Compliance Associates (SCA) is pleased to announce that the company has recently been awarded as the primary vendor to assist in the completion of IT examinations for credit unions regulated by the Washington State Department of Financial Institutions, Division of Credit Unions...
Vulnerability Scan vs. Pen Test – What’s the Difference?
The term “penetration test” is getting some attention lately. I’ve been hearing that auditors, not necessarily state or NCUA examiners, are asking for pen test results. Pen test is one of the most overused, and as a result misunderstood, terms in the information security industry...
Medical Records Worth More Than Credit Card Info
There has been a lot of information all over the news about recent large breaches in the healthcare industry. Millions of individuals have been affected by these breaches in the healthcare industry. The healthcare market is the hottest place for cyber-criminals to attack...
SCA Announces Strategic Partnership With Fidelity National Title Group
Security Compliance Associates, (SCA), a leading information security provider for financial institutions, healthcare facilities and real estate entities, announced that it has entered into a preferred vendor arrangement with Fidelity National Title Group...
Technical Vulnerability Scan is a REQUIREMENT for HIPAA Security Risk Assessments and Meaningful Use Security Risk Analysis
After being asked on numerous occasions if technical vulnerability scans are required or if a checklist will suffice repeatedly by practices I felt it would be worthwhile to see if there is another way for me to say…
HIPAA Security Risk Assessment Key Points to Remember
I have been asked many times in the past few months, what constitutes a Risk Assessment? Is there a check list I can follow?...