EmberSec
  • Home
  • Solutions
    • Services >
      • Technical Services
      • Managed Detection & Response
      • Governance, Risk, & Compliance
    • vCISO
    • Remote Work
    • Utilities
  • Resources
    • Partner Program
    • Blog
    • Webinars
  • About
    • Why EmberSec
    • News
  • Partners
    • FireEye
    • Fortinet
    • ATT
  • Contact

Blog

HITRUST CSF BLOG PART 2

6/5/2020

 

By Fairuz Rafique

In the previous blog we discussed the process an organization must execute in order to prepare for and undergo their HITRUST CSF certification. This blog will focus on the HITRUST CSF interim assessment process. The interim assessment is required for all organizations that have successfully achieved their HITRUST CSF certification. As discussed in the previous blog in this series, an organization is required to complete their assessment process successfully without exhibiting any control gaps. However, acceptable weaknesses in control implementation is tolerated during the assessment process.

Read More

EmberSec Unveils Virtual CISO Program

5/14/2020

 
Executive-Level Security Expertise that Delivers Cybersecurity Readiness to Meet Corporate Goals
MCLEAN, Va.—May 14, 2020--EmberSec, the advanced cybersecurity services and solutions division of By Light Professional IT Services LLC, today unveiled the Virtual Chief Information Security Officer (vCISO) Program, which provides deep risk management and cybersecurity expertise and ongoing program management for companies in need of security leadership.

Read More

HITRUST CSF BLOG PART 1

5/13/2020

 

By Fairuz Rafique 

The Healthcare Information Trust Alliance (HITRUST)™ was formed in 2007 with the goal to provide a means for organizations to protect healthcare information in a streamlined and systematic method that was conducive of a successful cybersecurity program. As a result, HITRUST developed the Common Security Framework (CSF)®, for organizations to incorporate a comprehensive risk management framework in environments with complex business and regulatory considerations. It allows organizations that create, access, store, or exchange Protected Health Information (PHI) a means to systematically protect the PHI per multiple industry guidance, directives, laws, regulations, frameworks and standards.

Read More

Protecting Healthcare IT and OT in the Face of a Global Pandemic

4/13/2020

 

By Fairuz Rafique

The ongoing Coronavirus (COVID-19) pandemic has placed immeasurable strain on the healthcare industry, demanding an “all-in” approach to empowering nurses, doctors, and all of the other heroic medical practitioners and their support staff with as many critical resources as possible. The needs for these resources span from personal protective equipment (PPE) to various medical devices, the physical space to provide care, to new technologies that help detect, prevent, track and stabilize the spread of COVID-19 infections. While medical professionals and the healthcare supply chain scramble to meet these needs, there’s a parallel and simultaneous challenge to prevent cyber criminals from disrupting daily operations, response times, and the overall unobstructed delivery of healthcare services.

Read More

Secure Remote Work

3/23/2020

 

By Luke Willadsen

As many organizations move to a remote-work posture due to the rapid spread of COVID-19, it’s important that those responsible for IT and IT security can ensure their organization’s remote work policies and technologies are securely implemented and capable.  No two organizations are alike, and exact security requirements are unique to your organization.
​
The bottom line is that remote work technologies and policies should be designed to prevent unauthorized access to your network, systems, and confidential and/ or proprietary data.  There is no one-size-fits-all approach to this, organizations must develop a true understanding of their threat profile to better determine which security controls are right for them.

Read More

Two-part Series: How the Coronavirus Impacts Cybersecurity Best Practices

3/13/2020

 
By Bradley Wolfenden
 Part 2- Top 5 Things to Keep in Mind as You Implement Remote Work Policies  
​

It’s likely that by now you’ve either heard of or have been personally impacted by recent cancellations of major industry conferences, closed campuses, travel limitations, or remote work mandates as a result of the continued spread of the novel Coronavirus (COVID-19). All of these actions are a reflection of the Center for Disease Control’s recommendations and proactive efforts focused on lessening the spread and impact of this virus.  

Read More

Two-part Series: How the Coronavirus Impacts Cybersecurity Best Practices

3/10/2020

 

By Bradley Wolfenden

Part 1- The Coronavirus Isn’t Just Taking a Toll on Healthcare Patients 
Preying on fearful, distracted and overworked individuals during times of global concern is a tried-and-true tactic for cyber criminals. And as news around the spread of the Coronavirus (COVID-19) continues to dominate headlines, malicious actors across the world are licking their chops at the opportunities this pandemic presents for planning and launching targeted and timely cyber-attacks.  

Read More

​Data Privacy and Cybersecurity Issues in Mergers & Acquisitions

2/27/2020

 

By Bradley Wolfenden

Cyberattacks on businesses do more than violate laws and regulations. Insufficient investment into cybersecurity best practices can lead to devastating consequences to the victim company’s reputation, business continuity, and growth opportunities. One of the most vulnerable windows during which malicious actors target enterprise networks is during a merger and acquisition (M&A) process. In these cases, a successful compromise can hamper or even kill these efforts by reducing the value of the target’s assets, tarnishing its brand and ultimately derailing the acquisition as a result.
​

Read More

Understanding Compliance in the Cloud, Part II

2/19/2020

 

By Adrian Gerber

We recently explored the growing data storage options for organizations in the healthcare industry, such as cloud migration or a hybrid of cloud and on-premises. Regardless of which option an organization chooses, there are many factors to consider when moving data to the cloud to ensure the entity is HIPAA compliant and HITRUST certified.
 
Understanding the compliance-related pros and cons of both cloud and on-premises storage will help healthcare organizations create the infrastructure that fits their particular needs, addresses compliance and certification, and reduces the risk of a breach that can be costly from a financial and reputation standpoint.
 ​

Read More

Exploring Microsoft Teams Rooms (MTR) Console as a Potential Attack Vector

2/13/2020

 

By Jimmy Bayne

​Introduction
Microsoft Teams Rooms (MTR), formerly known as Skype Room System and Lync Room Systems, is the latest and greatest solution from Microsoft for managing online collaborative meetings. In many businesses across the globe, a Teams Rooms console (“Teams console”) is the lifeblood of the conference room. The console typically consists of a supported computer system, management dock, camera, and output device(s). The Teams Room application suite runs on Windows 10 Enterprise or Windows 10 Enterprise IoT. 
For offensive security testers, this post will cover a simple case where attacking Teams gear may be beneficial when conducting a physical or internal penetration test.  For defenders and system administrators, this post will highlight opportunities to reduce the attack surface of your expensive, often forgotten conferencing equipment.  Let’s get started…

Read More
<<Previous
Forward>>

    Archives

    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019

    Categories

    All

    RSS Feed

Home 
Services 

About 
Events
​Resources
​Contact​
Contact Us
​ (703) 224-1000
info [at] embercybersecurity.com
8484 Westpark Dr.
Suite 600, McLean, VA, 22102
Home 
Services 
About

Events
Resources
​Contact​
Contact Us
​ (703) 224-1000
info [at] embercybersecurity.com
8484 Westpark Dr.
Suite 600, McLean, VA, 22102
Privacy Policy
Picture
© 2020 By Light Professional IT Services LLC. All Rights Reserved.
  • Home
  • Solutions
    • Services >
      • Technical Services
      • Managed Detection & Response
      • Governance, Risk, & Compliance
    • vCISO
    • Remote Work
    • Utilities
  • Resources
    • Partner Program
    • Blog
    • Webinars
  • About
    • Why EmberSec
    • News
  • Partners
    • FireEye
    • Fortinet
    • ATT
  • Contact