Aaron Weismann

Aaron Weismann is a healthcare industry CISO with over a decade of strategic management, technology, and information security experience. He deepest experience is in managing and securing sophisticated and highly regulated environments. His expertise includes: - Driving IT and data governance strategy - Managing complex security landscapes across sites, endpoints, and cloud structures. - Translating highly technical information security, technology, and governance concepts into communications for all organizational levels In The Press Recent citations of Aaron's writing include: BitDefender: Recent cybersecurity study reveals top US states to suffer data breaches MSSP Alert: Managed Security Services Provider (MSSP) Market News: 22 February 2023 R Street Institute: Considerations for Florida’s 2023 Privacy Journey Help Net Security: 10 US states that suffered the most devastating data breaches in 2022 Beckers Hospital Review: Georgia health system's operations disrupted by cyberattack

internal penetration testing

When Information Technology and Information Security leaders want to test the security weaknesses and cyber resilience of their organization, they turn to penetration testing. There is no better way of validating organizational security posture than by running pen tests. What is a pen test? Why would you want to conduct internal pen tests instead of […]

Internal Penetration Testing: The What, When & Why You Should Do It Read More »

HITRUST certification costs

If you’re thinking about embarking on your HITRUST Common Security Framework (CSF) certification process, you’re probably wondering how much it’ll set you back. It’s an important consideration and, frankly, may force a decision not to certify your organization’s security controls against the HITRUST CSF. I think it’s critical to make the case for an informed

How Much Does HITRUST Certification Cost? 7 Key Factors Read More »

HITRUST gap assessments

Depending on who you talk to, the definition of a HITRUST “Gap Assessment” may sound very different. That’s because the HITRUST CSF nomenclature departs slightly from common security parlance. That’s a good thing, in my opinion, because the HITRUST CSF is exacting with pre- and post-certification process requirements. In this article, we’ll dig into what

Explained: HITRUST Gap Assessments Are Not Like The Others Read More »

gdpr penetration testing

If you’re a company that needs to comply with the General Data Protection Regulation (GDPR), you’re probably wondering whether or not you need to run penetration tests. Penetration testing assessing and evaluating corporate infrastructure is a critical part of any security program, but is it needed by law to protect personal data from a data

Why Do Penetration Testing for GDPR? Article 32 & Much More Read More »

penetration testing for iso 27001

ISO 27001 is a robust security framework that comprehensively evaluates and certifies an organization’s security posture. What does it have to say about an organization’s exposure to security vulnerabilities? What requirements are there for ISO 27001 penetration testing? In this article, I’ll work to answer those questions and more. My goal is to demystify ISO

Should You Do Penetration Testing for ISO 27001? A CISO Explains Read More »

hipaa penetration testing

Many healthcare providers, covered entities, and business associates are unclear about whether they need penetration testing for HIPAA compliance. As a healthcare industry CISO, this has never surprised me: The documentation on this point is at times unclear, and even compliance consultants have been known to advise on it inaccurately. In this article, I’ll attempt

Penetration Testing for HIPAA: Requirements, Costs & More Read More »

penetration testing for small business

Penetration testing is an imposing term. A lot of small businesses don’t understand what it is, why they need it, or how much it costs. Or if they do, they understand the consequences: expensive technology investments. Consequently, penetration testing is a daunting proposition. What many a small company doesn’t understand is that their business’ success

Penetration Testing for Small Business: The What, Why & How Much Read More »

If you’re asking this question, it’s usually for one of two reasons: I get it. Pen tests can be a daunting proposition. They can be expensive and they reveal security weaknesses. They’re also critical for driving and developing attack-resistant security strategy. As a CISO, I believe a penetration test is a vital tool for any

Why Do We Need Penetration Testing? For These 4 Reasons Read More »

penetration testing for SOC 2

Many people wonder: does an SSAE 18 SOC 2 assessment require a penetration test? The answer is a resounding “no.” That being said, there are many good reasons to conduct regular penetration testing. Coordinating that testing with other audit functions promotes economies of scale and may even help with responses to those audits. (NOTE: If

Does SOC 2 Require a Penetration Test? Not Really. Read More »

SOC 2 type 1 vs type 2

Navigating the SOC audit process can be daunting. There are a few options for audits and while the standards are consistent among auditors, each auditor has their own unique style for conducting the audit. In this article, I’m going to break down the primary distinctions between a SOC 2 Type 1 vs Type 2 audit.

SOC 2 Type 1 vs Type 2: How to Decide Which is Right Read More »

Network Assured on Facebook     Network Assured on Twitter
Copyright © 2022 Network Assured