FoxPointe Security Hub

information risk management

Subscribe to the blog

Receive articles and resources from the information risk management experts at FoxPointe.

This article was written by Ryan Krawczyk, Security Consultant I at FoxPointe Solutions Man-in-the-Middle Attack Phishing and malware attacks have become well known methods of cyber security attacks. But there is another,  less common, but equally dangerous method of attacking: Man-in-the-Middle or Eavesdropping attacks. A Man-in-the-middle attack involves an individual...

This blog was written and produced by Nick Cozzolino, CISSP, Director of Information Security at The Bonadio Group. FoxPointe Solutions is The Bonadio Group’s dedicated cybersecurity division. Looking to get in touch with Nick? Reach out today: Nick Cozzolino ncozzolino@bonadio.com. “Data is the new oil.” We have heard that frequently...

Is your organization involved in HITRUST or looking to take that path in the near future? If so, there are some important changes to be aware of that may change your timeline and approach. Throughout each year, HITRUST releases Advisories as needed, in one of two categories: Assurance Change Advisories...

What is a SOC 1 Report A SOC 1 report, also known as the Statement on Standards for Attestation Engagements (SSAE) 18, focuses on a service organization’s controls that are likely to be relevant to an audit of a user entity’s (customer’s) financial statements. SOC 1 reports cover a service...

Since the regulation came into effect in March 2019, the New York State Department of Financial Services (DFS) continues to strengthen the way that it enforces the Cybersecurity Regulation 23 NYCRR Part 500. With 23 distinct sections of the regulation, DFS requires a comprehensive cybersecurity program for “Covered Entities”, including...

In this day and age, the risk of cybersecurity threats is becoming a concerning topic for organizations. Reducing the risk of data breach has become a top priority for many businesses. When it comes to minimizing risk, an often-overlooked area is third-party risk. Many organizations include an initial vetting process...

On April 2, 2021, it was confirmed that a malicious user published the phone numbers and personal data of hundreds of millions of Facebook users for free online. The information, spanning from users across the globe, includes phone numbers, user IDs, full names, locations, birthdates, and some email addresses. A...

The year 2020 will be forever remembered for the impacts of how the global pandemic forced the adoption of innovative production, logistics, and workforce solutions. Many best practices emerged from the experiences of COVID-19, we continue to learn that these new methods can pay significant dividends in 2021 and in...

In our increasingly digital world, individual’s personal information resides on hundreds, if not thousands, of servers across the globe resulting in a huge rise in identity theft. Defined as “the crime of obtaining the personal or financial information of another person to use their identity to commit fraud or deception,...