We are here to help you navigate compliance. Each engagement and service is developed to fit your organization’s size and infrastructure complexity. Regardless of your vertical or size, we are here to provide solutions and mitigate risks as they relate to your business productivity and continuity.
We perform in-depth control testing to determine if implemented controls are effective. The United States Department of Health and Human Services has stated that the NIST 800-30 guidance is an acceptable risk assessment strategy, and thus Intrinium performs our assessments according to this methodology.
After an engagement, a detailed report listing the compliance gaps for all administrative, physical, and technological safeguards will be provided, along with detailed recommendations for remediation of such issues.
The nine steps of this methodology that will be followed by Intrinium are:
If you are an organization that belongs to the category of a covered entity (U.S health plans, healthcare clearinghouses or healthcare providers) or business associates and you handle “protected health information” (PHI),” interfaces with medical or patient records, you must proceed with ensuring you are HIPAA compliant.
Credit Card Requirements
If you are an organization that stores, processes or transmits credit card data, you must proceed with ensuring you are PCI compliant.
If you are a financial institution that belongs to the entity of (banks, credit unions, investment firms or mortgage brokerage firm), you must proceed with ensuring you follow financial compliance bound by the FFIEC.
Intrinium has met the rigorous requirements of the PCI Security Standards Council to become Qualified Security Assessors, which is the only certification that authorizes auditors to complete your Attestation of Compliance and Report on Compliance. Our auditors have the experience necessary to assist in identifying the Self-Assessment Questionnaire (SAQ) and can assist in properly filling it out
With digital payment methods becoming a preferred method for many vendors and clients alike, it is more important than ever to secure your transactions. We are here to assist with streamlining your security to ensure your organization is PCI compliant as required by the Payment Card Industry Security Standards Council. The PCI DSS 3.0 standards apply to all organizations that store, process, or transmit credit card data. There are 12 major requirements, along with approximately 200 sub-requirements that include the following:
Requirements #1 and #2: Build and Maintain a Secure Network
Requirements #3 and #4: Protect Cardholder Data
Requirements #5 and #6: Maintain a Vulnerability and Management Program
Requirements #7, #8, and #9: Implement Strong Access Control Measures
Requirement #12: Maintain an Information Security Policy
Intrinium has over a decade of experience working in the healthcare space from regional healthcare centers to big-city hospitals, we have executed hundreds of comprehensive HIPAA Audit, Risk Assessment and Gap Analysis based on the HIPAA Audit program set forth by the U.S. Department of Health & Human Services Office of Civil Rights, bound to the NIST 800-30.
The OCR HIPAA Audit program analyzes processes, controls, and policies of selected covered entities pursuant to the HITECH Act audit mandate. OCR established a comprehensive audit protocol that contains the requirements to be assessed through these performance audits. The entire audit protocol is organized around modules, representing separate elements of privacy, security, and breach notification.
Change Control Procedures
Facility Access Procedures and Controls
Incident Response Policy, Plan and Procedures
Risk Management Program
Security Awareness Training
System Access Procedures and Standards
Vendor Management Program and Procedures
Site Visit to Review Physical Controls
Intrinium’s auditors are equipped to help you meet your compliance needs whether they
Chiara Morrison - Manager, Marketing 2018 has been the year of regulation in the Information Security community from General Data Protection Regulation (GDPR) to the California Consumer Policy Act (CCPA), privacy and security is more important than ever. 2019 is...
Chiara Morrison - Manager, Marketing As we wrap up the year, we wanted to share some of our favorite and most trafficked blog posts from our staff writers. We hope you enjoy! https://intrinium.com/smb-relay-attack-tutorial/ https://intrinium.com/events-2/...
How to Set Up and Configure Multi-Factor Authentication in the Office 365 Admin Center We recommend activating and configuring your multi-factor authentication to ensure you are optimizing your cybersecurity for your Office 365 platform. Before beginning, it is...
By Chiara Morrison - Manager, Marketing As we head into the holiday season, The National Cybersecurity & Communications Integration Center (NCCIC), reminds users to be aware of seasonal scams and malware attacks. As of the NCCIC release on November 19th, 2018,...
By Tracy Martin – Senior Information Security Consultant – Intrinium Developing a budget for your information security program can be challenging. Priorities have a way of changing throughout the year, regulations change, or new regulations, such as the GDPR, are...
By Sahan Fernando - Director, Managed Security - Intrinium Phishing is constant, relentless and a perpetually annoying threat for all Information Security professionals. As we move into year-end, it is important to remind your staff that phishing is all about being...
By Sahan Fernando - Director, Managed Security - Intrinium Budget success depends on having a strategic IT plan and vision, executed by a strong leader and supported by good processes. With the fiscal year 2019 right around the corner, this is something we all need! ...
By Chiara Morrison - Manager, Marketing - Intrinium October 2018 marks the 15th annual National Cybersecurity Awareness Month (NCSAM), which is an annual initiative to raise awareness about the importance of cybersecurity. NCSAM 2018 is a collaborative effort between...
By Ben Ross – Director, Managed IT – Intrinium It seems like everyone these days wants a piece of the cloud – it’s the buzzword that is supposed to solve your business problems in a snap. But is it really worth the hype? It can be an efficient way to utilize your...
Don’t even bother cracking NTLMv2 hashes gathered with Responder! Instead, just relay them to a target machine on the network and pop yourself into a LocalSystem shell. This attack uses the Responder toolkit to capture SMB authentication sessions on an internal network, and relays them to a target machine.