Author: Anwita

Anwita is a cybersecurity enthusiast and veteran blogger all rolled into one. Her love for everything cybersecurity started her journey into the world compliance. With multiple certifications on cybersecurity under her belt, she aims to simplify complex security related topics for all audiences. She loves to read nonfiction, listen to progressive rock, and watches sitcoms on the weekends.
    ,
    Due Diligence Questionnaire: Key Insights, Best Practices, and Examples for Compliance
    TL,DR: A due diligence questionnaire (DDQ) is a structured set of questions evaluating a vendor’s security controls, regulatory compliance, operational stability, and data protection practices before investments, mergers, or partnerships DDQs cover security policies and governance, data protection and privacy practices, regulatory compliance status, incident response capabilities, business continuity planning, and third-party relationship management Best…
    Penetration Testing: Strengthening Your Cybersecurity Defenses
    ,
    Penetration Testing: Strengthening Your Cybersecurity Defenses
    TL,DR: Penetration testing identifies security vulnerabilities by launching simulated attacks using the same tools and techniques that real-world attackers would use against networks, applications, APIs, and wireless infrastructure Five types exist: application testing, network testing, social engineering, API testing, and wireless testing. Three approaches determine tester knowledge levels: black box (no prior knowledge), white box…
    Healthcare cyber security
    , ,
    Healthcare Cybersecurity: Essential Practices for Protection
    In October 2021, a Japanese hospital was forced to shut down operations for months. Malicious actors encrypted medical data of 85,000 patients and threatened to leak it unless ransom was paid. This is not an isolated incident – businesses depend on the cloud to accelerate workflow but don’t secure it unless an incident occurs. Cybercriminals…
    What is a HIPAA Identifier and How is it Used
    ,
    What is a HIPAA Identifier and How is it Used?
    TL,DR: HIPAA identifiers are 18 specific data attributes that can identify an individual, including name, geographic location, dates, phone numbers, SSN, medical record numbers, IP addresses, biometric identifiers, and full-face photographs PHI is created only when any of the 18 identifiers are linked to health information. Direct identifiers (like SSN) identify a person alone, while…
    SOC for cybersecurity
    ,
    SOC for Cybersecurity: Requirements, Report, & Examination
    A growing concern for service and non-service organizations alike is the increasing threat to data. With an increase in cloud exploitation by 95% businesses are under pressure to take adequate measures against malicious actors. One way to demonstrate their seriousness toward security is through a globally accepted framework like SOC for cybersecurity.  In this article,…
    HIPAA consent form
    ,
    What Is a HIPAA Consent Form and Why It Matters?
    TL,DR: A HIPAA consent form lets covered entities use or disclose PHI under defined conditions. It should explain PHI use, patient permissions, privacy duties, complaint rights, contacts, purpose, and expiration. The article covers consent versus authorization, when HIPAA requires authorization, and includes a downloadable template. Healthcare practices and research centers access, transmit and store patient…