HITRUST | December 18, 2021
HITRUST today announced it is addressing the need for a continuously-relevant cybersecurity assessment that aligns and incorporates best practices and leverages the latest threat intelligence to maintain applicability with information security risks and emerging cyber threats, such as ransomware. The design and selection of the controls for the HITRUST Implemented 1-year (i1) Assessment puts it in a new class of information security assessment that is threat-adaptive – designed to maintain relevance over time as threats evolve and new risks emerge, while retiring controls no longer deemed material.
Most existing assessment approaches are not designed to keep pace with current and emerging threats; those that do, rely heavily on broad control requirements that raise questions about suitability of control and consistency of review that ultimately impact reliability of results. In contrast, HITRUST identifies information security controls relevant to mitigating known risks and leverages cyber threat intelligence data to influence the selection – and where necessary, updating – of technically-focused HITRUST CSF requirements included in the HITRUST i1 Assessment. As a result, the HITRUST i1 Assessment includes controls selected to address emerging cyber threats active today.
“The HITRUST i1 Assessment is unique in both selection of controls and the design of its assurance program. Effort towards completion is comparable to other moderate assurance vehicles while delivering a higher level of reliability,”
Jeremy Huval, HITRUST Chief Innovation Officer
The HITRUST i1 Assessment is the first information security assessment of its kind with attributes not available through other assurance programs:
Designed to maintain relevant control requirements to mitigate existing and emerging threats and provide updates as new threats are identified (It is threat-adaptive, prescriptive, and focused on controls relevant to risk)
Designed to sunset controls that have lost relevance and have limited assurance value based on effort required to comply or assess
Its unique controls selection and assurance program design deliver a higher level of reliability than other moderate assurance options
The level of time and effort to complete is comparable to other moderate assurance options in the market
Offers a forward-looking, 1-year certification
As the HITRUST i1 was designed around relevant information security risks and emerging cyber threats, it is not surprising it provides coverage for numerous standards, such as NIST 800-171, GLBA Safeguards Rule, HIPAA Security Rule, and Health Industry Cybersecurity Practices (HICP).
HITRUST will evaluate security controls and review threat intelligence data no less than quarterly, and for each subsequent major and minor release of the HITRUST CSF, to ensure the HITRUST i1 Assessment requirement selection remains relevant over time. Guidance documents will also drive enhancements to the HITRUST CSF and HITRUST i1 Assessment control sets as needed. While the HITRUST i1 Assessment is intended to adapt and evolve to maintain relevance, it’s important to note that HITRUST i1 Assessment certified organizations will not be impacted by changes to the HITRUST i1 Assessment control requirements until their next HITRUST assessment cycle.
HITRUST is hosting a webinar at 11 a.m. CT on Thursday, February 3, 2022, to discuss the HITRUST Implemented 1-year (i1) Assessment in more detail. To register, and for more information, click here: Next Generation HITRUST Information Security Assessment Focuses on Continuous Cyber Relevance
Since it was founded in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security, and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies.
LeanIX | March 11, 2022
LeanIX , the platform to plan and manage continuous transformation across the enterprise, today announced its membership in the Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.
LeanIX is published on CSA's Security, Trust, Assurance, and Risk (STAR) Registry, a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings. The company has maintained STAR Level ONE status on the registry since September 2020 and is now a registered SaaS Solution Provider with CSA.
LeanIX builds information technology tools that promote a culture capable of navigating all types of change, both planned and unexpected. Its enterprise-ready, secure, and trusted SaaS platform supports the needs of leading companies around the world by providing the data, insights and common language needed to master software complexity. Whether rationalizing IT landscapes, preparing for a major technology migration, enabling flexible approaches to SaaS management, or mapping value streams from code to customer, LeanIX is the trusted partner for turning change into a competitive advantage.
"SaaS depends on trust. We believe transparency around the protection of customer data and everything we do to ensure compliance and system availability helps build that trust. As proud CSA members, we share the organization's commitment to ensuring a trusted and secure cloud computing environment."
LeanIX Co-founder and CEO André Christ
"Publishing and maintaining Level ONE status on the STAR Registry is a testament to LeanIX's relentless commitment to information security, and we're thrilled to have the company as a member of the CSA," said Jim Reavis, CSA co-founder and CEO. "As a newly registered SaaS Solution Provider, our continued work with LeanIX will help promote excellent security practices and build on the foundation of trust for customers and the greater marketplace."
About the Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA's activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem.
LeanIX's Continuous Transformation Platform® is trusted by Corporate IT and Product IT to achieve comprehensive visibility and superior governance. Global customers organize, plan and manage IT landscapes with LeanIX's automated and data-driven approach. Offering SaaS for Enterprise Architecture Management, SaaS Management, and Value Stream Management, LeanIX helps organizations make sound decisions and accelerate transformation journeys. LeanIX has hundreds of customers globally, including Adidas, Atlassian, Bosch, Dropbox, Santander or Workday. The company is headquartered in Bonn, Germany, with offices in Boston, Hyderabad and around the world.
SecurityScorecard | January 28, 2022
SecurityScorecard, the global leader in cybersecurity ratings, today announced a collaboration with Marsh McLennan, the world's leading professional services firm in the areas of risk, strategy and people, to enable organizations around the world to improve their cyber resilience.
As part of the collaboration, Marsh McLennan's Cyber Risk Analytics Center will leverage SecurityScorecard's data and analytics to gain real-time cyber risk insights and define risk mitigation strategies for the Company's global client base. The companies will also collaborate on joint research aimed at increasing awareness of cyber risk and educating the market on risk management strategies.
"We are excited to work with Marsh McLennan, which understands that to stay competitive, you must stay innovative," said Prashant Pai, Senior Vice President and General Manager of Strategic Initiatives at SecurityScorecard. "Given how fast the cyber risk landscape evolves, it's essential that business leaders have access to the most up-to-date and complete view of a client's cybersecurity posture."
"Cyber risk evolves minute-to-minute, making it challenging to build data-driven risk management strategies,SecurityScorecard's data and analytics are a valuable addition to our proprietary insights, furthering our ability to help our clients stay on top of emerging vulnerabilities and threats that may impact their businesses."
Scott Stransky, Managing Director, Marsh McLennan Cyber Risk Analytics Center
SecurityScorecard continuously monitors millions of entities worldwide and non-intrusively assesses their security posture across 10 risk categories including DNS health, IP reputation, web application security, network security, leaked information, hacker chatter, endpoint security and patching cadence.
Funded by world-class investors including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight.
SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every organization has the universal right to their trusted and transparent Instant SecurityScorecard rating.
Bluum | June 14, 2022
Bluum, North America's leading education technology solutions provider, recently announced the launch of a comprehensive cybersecurity offering to schools. Cybersecurity needs and solutions for schools have evolved in recent years – even beyond those brought about by hybrid and remote learning – so Bluum responded with security solutions for people, processes and technology.
According to the SecurityScorecard 2018 report, education ranks last out of 17 industries in terms of cybersecurity, demonstrating that a legacy solution that only includes a first-generation firewall and antivirus software has long been rendered obsolete. Since 2016, there have been more than 1,300 publicly disclosed attacks in the U.S., which averages out to more than one K-12 cyber incident per school day. More than three million students have been affected by cybersecurity breakdowns since February 2018, with education institutions spending an average of $2.73 million to address the impact of a ransomware attack.
"With limited budgets, highly skilled IT personnel and time, K-12 organizations are hard-pressed to create a solid cybersecurity plan. "Cybersecurity is an incredibly technical and extensive area in IT that is rapidly evolving and needs to stay ahead of ever-evolving attack methods. Historically, school IT budget constraints have resulted in ineffective and outdated systems, so Bluum has developed comprehensive countermeasures to fill that void."
Bluum Vice President of Product Strategy and Growth Andre Vashilko
Whether cybersecurity incidents are caused externally or self-inflicted, Bluum can assist in preventative measures before, during and after the incidents and attacks. To get started, Bluum has debuted easy-to-use services to help schools assess their cybersecurity needs and identify immediate and future solutions.
Vulnerability scans and penetration testing will detect critical areas of concern and exposure in the infrastructure, while a complementary customer survey will provide further insights into a school's specific needs.
Bluum empowers educators with technology solutions that improve learning and make it more accessible, assisting more than 27 million students grow and flourish.