DATA SECURITY

HITRUST i1 Assessment control selection leverages security best practices, threat intelligence

HITRUST | December 18, 2021

HITRUST today announced it is addressing the need for a continuously-relevant cybersecurity assessment that aligns and incorporates best practices and leverages the latest threat intelligence to maintain applicability with information security risks and emerging cyber threats, such as ransomware. The design and selection of the controls for the HITRUST Implemented 1-year (i1) Assessment puts it in a new class of information security assessment that is threat-adaptive – designed to maintain relevance over time as threats evolve and new risks emerge, while retiring controls no longer deemed material.

Most existing assessment approaches are not designed to keep pace with current and emerging threats; those that do, rely heavily on broad control requirements that raise questions about suitability of control and consistency of review that ultimately impact reliability of results. In contrast, HITRUST identifies information security controls relevant to mitigating known risks and leverages cyber threat intelligence data to influence the selection – and where necessary, updating – of technically-focused HITRUST CSF requirements included in the HITRUST i1 Assessment. As a result, the HITRUST i1 Assessment includes controls selected to address emerging cyber threats active today.

“The HITRUST i1 Assessment is unique in both selection of controls and the design of its assurance program. Effort towards completion is comparable to other moderate assurance vehicles while delivering a higher level of reliability,” 

Jeremy Huval, HITRUST Chief Innovation Officer

The HITRUST i1 Assessment is the first information security assessment of its kind with attributes not available through other assurance programs:

  • Designed to maintain relevant control requirements to mitigate existing and emerging threats and provide updates as new threats are identified (It is threat-adaptive, prescriptive, and focused on controls relevant to risk)
  • Designed to sunset controls that have lost relevance and have limited assurance value based on effort required to comply or assess
  • Its unique controls selection and assurance program design deliver a higher level of reliability than other moderate assurance options
  • The level of time and effort to complete is comparable to other moderate assurance options in the market
  • Offers a forward-looking, 1-year certification

As the HITRUST i1 was designed around relevant information security risks and emerging cyber threats, it is not surprising it provides coverage for numerous standards, such as NIST 800-171, GLBA Safeguards Rule, HIPAA Security Rule, and Health Industry Cybersecurity Practices (HICP).

HITRUST will evaluate security controls and review threat intelligence data no less than quarterly, and for each subsequent major and minor release of the HITRUST CSF, to ensure the HITRUST i1 Assessment requirement selection remains relevant over time. Guidance documents will also drive enhancements to the HITRUST CSF and HITRUST i1 Assessment control sets as needed. While the HITRUST i1 Assessment is intended to adapt and evolve to maintain relevance, it’s important to note that HITRUST i1 Assessment certified organizations will not be impacted by changes to the HITRUST i1 Assessment control requirements until their next HITRUST assessment cycle.

HITRUST is hosting a webinar at 11 a.m. CT on Thursday, February 3, 2022, to discuss the HITRUST Implemented 1-year (i1) Assessment in more detail. To register, and for more information, click here: Next Generation HITRUST Information Security Assessment Focuses on Continuous Cyber Relevance

About HITRUST
Since it was founded in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security, and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies.

Spotlight

Digital transformation is changing the way every enterprise operates. The trailblazers who were first on the journey are now looking at dividing the data workload across public and private cloud, but many are finding that protecting data across multiple platforms is a significant challenge.

Spotlight

Digital transformation is changing the way every enterprise operates. The trailblazers who were first on the journey are now looking at dividing the data workload across public and private cloud, but many are finding that protecting data across multiple platforms is a significant challenge.

Related News

DATA SECURITY

Blu Ventures Expands Cybersecurity Strategy

Blu Venture Investors | May 24, 2021

Blu Venture Investors, a primary source risk capital firm, today announced the launch of the BVI Cyber Fund, a $25M fund targeted at Series A growth companies in cybersecurity. This fund builds on the success and momentum Blu Ventures has established in supporting the cybersecurity ecosystem within the Mid-Atlantic region and beyond. "With over 800 cybersecurity firms within the Washington, D.C. region, Blu Ventures is seated at the middle of the cyber/intelligence ecosystem," said Michael Sutton, Investment member and former CSO of Zscaler. "We are excited to continue helping fast-growing cyber companies scale and tackle the foremost difficult cybersecurity challenges facing commercial and government organizations today." The timing of the BVI Cyber Fund comes at a pivotal time given the record-breaking increase in sophisticated breaches and cyberattacks and President Biden's May 12, 2021 Executive Order on Improving the Nation's Cybersecurity. Blu Ventures has and can still invest in forward-looking cybersecurity technologies within core areas that include Endpoint Detection & Response, Data Storage; Web & Cloud; Messaging; Network; Industrial & Internet of Things (IoT); Threat Intel; Mobile; Fraud Protection & Transaction; Risk, Compliance & Training; Specialized Threat Analysis & Protection and Security Ops & Incident Response. About Blu Venture Investors Founded in 2010, Blu Ventures has deployed $85MM in capital so far in early-stage cyber and enterprise software firms. Currently, the firm is invested in 35 cyber companies to incorporate ID.me, Cybrary, Huntress Labs, Ostendio and Threat Quotient. As a primary source risk capital firm, Blu's principals bring expertise across a spread of industries and an investment perspective closely aligned with entrepreneurs.

Read More

ENTERPRISE SECURITY

AE Industrial Partners Acquires PCI, a Leading Provider of Cybersecurity IT Solutions for the Intelligence and Defense Communities

prnewswire | October 26, 2020

AE Industrial Partners, LP , a private value firm specializing in Aerospace, Defense and Government Services, Power Generation, and Specialty Industrial markets, declared today that it has obtained PCI , a main supplier of cybersecurity, PC network operations , cloud, systems designing, enterprise IT, and information analytics to the knowledge and defense communities. Terms of the transaction were not disclosed. The acquisition of PCI represents AEI's ninth stage investment in AE Industrial Partners Fund II, LP, which closed in 2018 with $1.36 billion in value commitments, and the thirteenth transaction closed by AEI in 2020. PCI is an exceptional stage investment for AEI as the firm continues its energy and ongoing success in the Defense and Government Services market, and will furnish PCI with extra venture into the defense, knowledge, and public security communities. PCI is an innovation focused organization that provides cybersecurity and CNO, cloud designing and IT infrastructure, information analytics, and system designing solutions and services. PCI is a trusted advisor to the U.S. Insight Community, Department of Defense, and Federal Government, creating driving edge mission solutions using rising technologies and demonstrated practices to solve the most intricate cybersecurity, cloud, and enterprise IT challenges of its customers. Established in 2008 via Sean Battle, Don Whitfield, Josh Kinley, and Vance Mitzner, PCI is based in Columbia, Maryland, with extra operations all through the United States and all around the world. The Company has been named a best work environment by the Baltimore Sun, selected for the 2020 Inc. 5000 list of fastest-developing privately owned businesses in America, and has also been perceived for its responsibility to network inclusion and commitment. "PCI is a trusted provider of critical technology services in support of some of the most enduring national security missions across the federal government," said Jeffrey Hart, a Principal at AEI. "Cyber threats faced by the defense and intelligence communities are at an all-time high, and the government can't afford to lag our adversaries in critical technology domains such as cyber and computer network operations, where PCI excels. We believe that PCI, with its full spectrum of solutions and premier relationships, is well-positioned and aligned with the national security community's most strategic priorities. We look forward to working closely with the world-class team at PCI." "With the backing of AEI, we will have the resources to invest in the technology and talent required to meet the growing needs of our customers," said Sean Battle, CEO of PCI. "AEI knows our sector well, and we are confident that PCI will reach its next level of growth with their guidance, relationships, and partnership." "We are very excited to partner with Sean and the rest of the PCI team," said Kirk Konert, Partner at AEI. "They have built a great platform in their core intelligence and defense end markets and have a depth of experience supporting customers on missions critical to national security. We look forward to working with PCI and accelerating the growth of the business." Kirkland and Ellis LLP served as lawful advisor, and Ernst and Young LLP served as budgetary advisor to AEI. Miles and Stockbridge P.C. served as legitimate advisor, and Aronson Capital Partners served as money related advisor to PCI. About PCI Founded in 2008, PCI is a technology-focused company that provides cybersecurity and CNO, cloud engineering and IT infrastructure, data analytics, and system engineering solutions and services to the federal government and intelligence community. Based in Columbia, Maryland, and with a corporate office and training facility in Lexington, Massachusetts, PCI operates in 14 states and internationally. For more information About AE Industrial Partners AE Industrial Partners is a private equity firm specializing in Aerospace, Defense & Government Services, Power Generation, and Specialty Industrial markets. AE Industrial Partners invests in market-leading companies that can benefit from our deep industry knowledge, operating experience, and relationships throughout our target markets.

Read More

DATA SECURITY

Trend Micro Global Capture the Flag Winners Show Cybersecurity Excellence

prnewswire | December 21, 2020

Pattern Micro Incorporated , the pioneer in cloud security, today declared the victors of its worldwide Capture the Flag (CTF) rivalry, a yearly occasion that exhibits the absolute most noteworthy cybersecurity ability on the planet in a straight on fight. The previous year has prompted an exceptional degree of corporate computerized presence because of monetary and social movements identified with the COVID-19 pandemic. With this move comes an interest for expanded cybersecurity, the same number of associations around the globe have relocated quite a bit of their labor force on the web and their IT foundation to crossover cloud models. The CTF was planned by Trend Micro analysts to show true cybersecurity situations. Occasions like this fill in as a significant piece of Trend Micro's way to deal with tending to the cybersecurity abilities lack by rousing future ability and building a cybersecurity labor force devoted to securing an associated advanced world. "In a time where we can't be together in person, opportunities to unite under the common interest of guarding against cybercrime are increasingly important," said Mike Gibson, vice president of threat research for Trend Micro. "The excellent display of talent, competition, and comradery of this event bolsters Trend Micro's mission of making the world safe for securing digital information. In today's threat landscape, the success of any organization rests on its ability to remain agile while also achieving a high standard of security. With events like our Global CTF, it is our goal to train defenders to successfully navigate this landscape." While the challenge incorporates a virtual segment each year in the online qualifier, which occurred on October 3-4, this year a virtual last was held unexpectedly on December 19-20, 2020. Groups from across the globe contended in difficulties zeroed in on figuring out, legal sciences/misuse, open-source knowledge (OSINT), versatile, IoT, AI, and radio recurrence (RF) frameworks. RF was incorporated unexpectedly after a profoundly effective commitment with the cybersecurity network in isolated Capture the Signal occasions in the course of recent years. About Trend Micro Trend Micro, a global leader in cybersecurity, helps make the world safe for exchanging digital information. Leveraging over 30 years of security expertise, global threat research, and continuous innovation, Trend Micro enables resilience for businesses, governments, and consumers with connected solutions across cloud workloads, endpoints, email, IIoT, and networks. Our XGen™ security strategy powers our solutions with a cross-generational blend of threat-defense techniques that are optimized for key environments and leverage shared threat intelligence for better, faster protection. With over 6,700 employees in 65 countries, and the world's most advanced global threat research and intelligence, Trend Micro enables organizations to secure their connected world.

Read More