Do you offer consulting services to help me through
these regulations?
A: Yes. We offer professional services to assist with
getting you started and then helping to get you through
the various tasks and requirements that are needed to
become compliant with regulations such as PCI and
HIPAA. From policy writing to training of your staff, to
CISO-as-a-service offerings, we can help you through the
maze of compliance regulations.
Why do I need File Integrity Monitoring?
A: File Integrity Monitoring is very important protection
for your PC’s and servers that watch over your program
and system files and can raise alarms when something
changes. Some changes to these files are acceptable (like
Windows Updates), but other changes may not come from
a trusted software publisher and need to be investigated
and possibly remediated. If you do not have a system like
a FIM tool watching over your system, you may not realize
what has changed without your knowledge.
What is the difference between patching solutions
for the Operating System (OS) only and 3rd party
patching?
A: Operating Systems patching only covers the operating
system itself (such as Windows, LINUX, etc.) whereas the
3rd party application patching can cover a wide variety
of applications you may have installed on your systems,
such as Java or Adobe.
Why would I need to scan for sensitive data such as
PCI and Healthcare Data?
A: Scanning for sensitive data is important to ensure that
you are not storing any data that should not be stored. It
can also be useful to determine if your staff has copied
data in error or tried to remove data from your systems.
I know I must comply with HIPAA, but do I have to
comply with PCI too?
A: If you are a healthcare entity that must comply with
HIPAA, and your business accepts payments from
patients via credit card, then you most likely will need to
comply with PCI regulations as well. PCI mandates that
all merchants (those that accept credit cards) comply in
one way or another with PCI standards. Discounts are
available for customers who may require both packages.
Why do I need a network diagram with data flows?
A: A complete network diagram is required by regulations
such as PCI. It is also important to document the way
your network has been designed so that troubleshooting
can occur when needed. Under PCI ASV scanning rules,
for instance, you may not be able to pass a filed exception
to failed scans if you do not have a network diagram that
shows open ports and direction of allowed application
data.