Curtis Jones, Author at ConfidentVMS

Vendor Risk Assessment Best Practice #3 – Maintain a Comprehensive List

May 23, 2022Curtis Jones3rd Party Management, Healthcare third party risk management, Healthcare vendor risk management, Third Party Risk, Third Party Risk Management, Vendor Management, Vendor Risk

The first and most fundamental mistake most organizations make in managing vendor risk is not maintaining a comprehensive list of active vendors. This may strike you as so obvious that it seems silly to note at all, much less cite as mistake number one. However, you will be surprised to learn that “nearly two-thirds of IT security professionals surveyed stated that their organizations do not maintain a comprehensive list of third-party vendors and dependencies.”

Vendor Risk Assessment Best Practice #1 – Periodically Reassess

Apr 5, 2022Curtis JonesThird Party Risk, Third Party Risk Management, Vendor evaluation tool, Vendor Risk

Evaluating vendor products and services on a schedule is a difficult yet imperative practice to implement. You need the right vendor evaluation tool.

DoorDash Breach – Surprises and Mistakes in Managing Vendor Risk

Dec 5, 2019Curtis Jones3rd Party Management, Breach, Confidentiality, Third Party Risk, Third Party Risk Management, Vendor Management, Vendor Risk

Dependence on vendors in your delivery of services or products is a common and necessary part of doing business effectively and efficiently in the 21st century. DoorDash is not alone in relying heavily on third party vendors to deliver their service. Some details about this breach incident recently in the news may surprise you. Other details illuminate how to avoid six common mistakes made by organizations who handle sensitive data.

Overlooked but critical themes for any SDLC plan

Sep 18, 2019Curtis JonesInfoSec, Software Development

The main purpose of any organization’s Software/Systems Development Life Cycle (SDLC) plan is to outline the process it employs to design, develop, test, implement, and maintain high-quality software applications and systems with the goal to meet or exceed customer expectations. If you ever are asked to evaluate an organization’s (SDLC) plan, or to compose or […]

First team defense for cybersecurity

Aug 15, 2019Curtis JonesAvailability, Backups, Data Integrity, PatchesAutomation, Backups, Patching

There are a number of fundamental habits and disciplines you need to adopt for cybersecurity. Right at the top is having an automated, or semi-automated, system for patches and backups. The more systematic and automated you can make this process, the better. However, be careful. Always provide plenty of checks and balances in place to […]

Data Integrity: Accuracy, Reliability, & Non-repudiation

Jun 15, 2019Curtis JonesData Integrity, InfoSec

Protecting data integrity means assuring the accuracy and reliability of data during its immediate involvement in processing, as well as over its longer term lifecycle. It must be accounted for in the design, implementation, and usage of data in any system by implementing controls for data’s validity in processing, transit, and storage. The number and […]

Ransomware hits Baltimore city government network

May 9, 2019Curtis JonesRansomware

Baltimore city government revealed Tuesday its network had been infected by a ransomware attack for the second time in a year, according to a Baltimore Sun article. Lester Davis, spokesman for the Mayor, said that critical systems, including 911 and 311, were not affected, but that the majority of city servers were shut down. The […]

Ransomware in healthcare – Expert tips to prevent and prepare

May 8, 2019Curtis Jones1 CommentRansomware

CBS on its show “60 Minutes” this week devoted a couple of segments to the growing problem of ransomware in healthcare. In one segment, they interviewed two cybersecurity experts, and one hospital CEO who recently lived through a ransomware attack, to learn some fundamental tips. Every healthcare CIO, CTO, or IT Director should review these […]

Confidentiality: Concepts, Strategy, and Frameworks

Apr 13, 2019Curtis JonesConfidentiality, InfoSec, Security Frameworks

Confidentially, in InfoSec, is the protection of information from unauthorized people and processes. It’s one of the three pillars of InfoSec’s CIA triad, along with integrity and availability. Ensuring confidentiality means taking adequate measures to ensure the protection of the secrecy of data objects, or resources. Note that it does not mean taking every measure […]

Total Cost of a Data Breach Keeps Growing

Mar 15, 2019Curtis JonesBreach Cost

Interesting facts surface and covered in this report. Includes good points and quotes from people with recent experience about hidden costs that you may not be considering when you think of the impact of a breach. Average cost across all industries for each record involved in breach is $148. Average cost for healthcare organizations for […]