Focus on What You CAN Manage: People, Process and Technology
By adopting prudent information practices aligned with the size, complexity and culture of your organization, you have positioned the people, process and technology to best defend your network and data.
NAIC Insurance Data Security Model Law Update
There are two interesting updates to the progress of the NAIC Model Law. First, there are four states working to add the Model Law to their 2018 legislative calendars: South Carolina, Rhode Island, Vermont and the District of Columbia....
NAIC Insurance Data Security Model Law
On October 24, 2017 the NAIC passed the Insurance Data Security Model Law which establishes standards for data security and for the investigation of and notification to the Commissioner of a Cybersecurity event...
What is 23 NYCRR 500?
The NYDFS Cybersecurity Regulation, 23 NYCRR 500, requires New York banks, financial services companies and insurance companies, including non-New York insurance companies who do business in New York...
Larger than WannaCry: EternalRocks Worm Spreads Using 7 Leaked NSA Exploits
A new worm, EternalRocks that exploits Windows SMB (Server Message Block) vulnerabilities has been discovered by a security researcher. EternalRocks uses seven SMB-specific NSA tools, while WannaCry used only two...
What is WannaCry, WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor and how to Protect Yourself from Ransomware
WannaCry, Wanna Crypt, WannaCrypt0r 2.0 is a type of Trojan virus called ‘ransomware’, which holds the infected computer hostage until ransom is paid by the computer owner. Over the weekend (May 13-14, 2017) the world has experienced a major impact by the WannaCry ransomware attack...
NCUA Examiner Insight for 2017
The 12th annual CUISPA (Credit Union Information Security Professionals Association) conference was held on February 21 & 22 in San Antonio. SCA routinely participates in this conference to network with credit union information technology and risk management professionals, and just as importantly, to engage NCUA examiners about items on their priority list...
Washington State DCU Selects SCA to Deliver IT Examinations
Security Compliance Associates (SCA) is pleased to announce that the company has recently been awarded as the primary vendor to assist in the completion of IT examinations for credit unions regulated by the Washington State Department of Financial Institutions, Division of Credit Unions...
Vulnerability Scan vs. Pen Test – What’s the Difference?
The term “penetration test” is getting some attention lately. I’ve been hearing that auditors, not necessarily state or NCUA examiners, are asking for pen test results. Pen test is one of the most overused, and as a result misunderstood, terms in the information security industry...
Medical Records Worth More Than Credit Card Info
There has been a lot of information all over the news about recent large breaches in the healthcare industry. Millions of individuals have been affected by these breaches in the healthcare industry. The healthcare market is the hottest place for cyber-criminals to attack...