Category: Uncategorized

Every year we look to continue to be a company that has equal goals of profit with purpose, so the last 4 years we have created a theme (and corresponding t-shirt) to express that goal. This year we wanted our theme to have multiple meanings. We spent a lot of time thinking about what would be the best way we could help the world but also translate that idea into our clients. They are truly the ones that make this possible so why not do both. After a few iterations we landed on the theme – ‘Be YOU!’. 

We are kicking of 2014 with a new member to our Garland Heart team….Eric English. His background and experience in Network Administration in the banking industry along with his CISSP certification will allow Eric to hit the ground running as a consultant for us. We are all excited…especially the very busy consultants…. to have him come work at Garland Heart!

We are excited to kickoff a series of videos that will give our audience insight to what life looks like at Garland Heart.  We want to share things such as:

• Strategies we use to grow our business
• Insight to our employees and our culture
• How we impact lives of others through our Heartbeat initiatives
• Client success stories
• Thought Leadership topics in Regulation Compliance & Information Security
• More…..as we get suggestions from you!

We have always taken the stance on the importance of education in all that we do. It is, after all, the “E” in our H.E.A.R.T.! 

(more…)

Vulnerability assessments and penetration tests are both important components of threat management, but there’s often quite a bit of confusion surrounding the difference between the two. This confusion often leads to wasted resources and inefficient risk management strategies. Both methods can be performed internally or externally depending on your company’s industry, environment and internal skill set. Internal vulnerability tests are required by guidance acts like GLBA and HIPAA, so it’s important to know distinctions among various methods of risk assessments to determine your risk of a cybersecurity breach.

(more…)

You don’t have to be overwhelmed planning your IT risk management for 2016. Simply follow the four steps outlined over these two posts to create your 2016 budget. 

Planning

First, define the security policies and controls that you’ll use to protect your company’s assets. As an example, you might implement the security policy “employees must change their passwords every 60 days” to protect your company. Your policies must meet standards and regulations such as HIPAA, SOX, FFIEC, GLBA, ISO 27001 and NIST.

(more…)

Once again, it’s time to plan your security budget for the next year. In our last post, we discussed planning and implementing as the first two steps of planning your 2016 security budget. Now, let’s look at the final two steps: execution and analysis.

Execution

Successful execution of a security plan involves detecting new risks and monitoring the enforcement of security policies. Is your system configured to enforce the policies you put in place during steps one and two? Ideally, your system should allow you to identify, understand and address any potential threats on a daily basis.

(more…)