Businessman pressing a SOX Compliance concept button

Top 5 Signs You’re Out of SOX Compliance

The Sarbanes-Oxley Act (SOX) became effective in 2006 and was implemented to hold all USA corporations accountable for their internal financial auditing controls to the Securities and Exchange Commission. This federal law was passed in response to a number of major corporate and accounting scandals. The Sarbanes-Oxley Act itself is organized into eleven sections, but sections 302, 404, 401, 409, 802 and 906 are the most important in terms of compliance. Failure to comply with regulations can result in fines up to $10 million and 30 years in prison for a corporation. We have compiled five signs for you to reference in order avoid the extensive civil and criminal penalties for non-compliance.

5 Signs You’re Non-SOX Compliant:

You Don’t Periodically Report the Effectiveness of Safeguards

Stated in Section 302.4.D you are required to have officers continuously generate a report based off the efficiency of the security system and clearly state their findings.

You Don’t Disclose Security Safeguards to Independent Auditors

Stated in Section 404.A.1.1, you are obligated to select auditors and hold them accountable to review control structures and procedures for financial reporting. All information that correlates with security framework and parties responsible for the operation of the security framework must be disclosed to the auditors.

You Don’t Disclose Failures of Security Safeguards to Independent Auditors

Stated in Section 404.B, you are required by auditors to be aware of and report on any drastic modification to internal controls and/or significant failures that could immediately affect internal controls.

You Don’t Ensure that Safeguards are Operational

Stated in section 302.4.C this demands that appointed officers are testing the durability of internal controls within 90 days prior to the previous report. This security framework needs to be constantly reviewed and made verified.

You Don’t Establish Verifiable Controls to Track Data Access

Stated in section 302.4.B this section requires internal controls over data, so that officers are aware of all relevant data. Data must exist in an internally controlled and verifiably secure framework.

If you have any questions on whether or not your company is in SOX compliance, allow Cognoscape to verify for you. Call and learn more today!

 

Silhouette of men on the duck hunting with his hunting dog highly advance tech gadgets.

Arming Your Hunting Dog with the Coolest Tech Gadgets

Are you ready for the hunt? Is your partner your hunting dog? There are traits every champion hunting dog should possess before he steps out on the field. But if you are ready to take you best pal to the next level, you should arm him with some of the coolest tech gadgets.

Love of Fetch

Finding the perfect hunting dog that possesses a keen sense of playing fetch is a number one trait! He should have an instinctive nature to chase the scent of game, but with the electronic handheld wind meter Wind Wizard II, you’ll be able to detect wind speed at a great value and help your dog accurately determine his trajectory of pursuit.

Great Nose

Every great champ needs to be able to sniff out his prize. If you’re looking to gain the upper hand over the game, look no further. Ozonics Hunting machine is a silent fan that circulates oxygen molecules into ozone molecules. This nifty tech gadget can be used next to a treestand or ground blind and covers the scent of you and your pup.

Disciplined

A winning dog is one who is the most disciplined. Do your buddy a favor and get him an odorless gas cartridge repellant. This simple tech gadget will keep mosquitoes and other flying insects away so he can focus on the hunt.

Genetically Gifted

Those who got the juice are born with the juice. The tech gadget, Garmin Astro, will help you stay connected to your hunting dog 24/7. The transmitter collar allows him freedom of tuning in to his naturally gifted talents while you track where he is running, sitting, or treeing a bird.

Water Lover

Perfect hunting dogs are not afraid of water or of gun shots. The Contour HD video camera is waterproof and rugged, and it fits snuggly behind the neck of your dog. This will help you watch what he was able to see the moment after take off.

Energetic

Your hunting dog is ready to go at the snap of a twig and has a thirst to catch his prey. Make his job that much easier with the Swann Outback Cam that straps to a tree and captures both video and photos. He will be able to exert his energy positively and more efficiently.

Having second thoughts if your canine is up to handle all these technical gadgets? Partner up with some IT experts who will focus on your business while you focus on helping your hunting dog.

Patient release of information form with HIPAA compliance regulations documents. Names, serial numbers, and/or dates, are random and any resemblance to actual products is purely coincidental.

Top 5 Signs You’re Out of HIPAA Compliance

HIPAA compliance refers to a set of regulations by the Health Insurance Portability and Accountability Act which sets the guidelines designed to protect important medical documents. Similar to constant technology updates, there are continual changes regarding HIPAA regulations. If you have any follow up questions or concerns in regards to HIPAA compliance, check out this handy checklist for protecting the privacy of personal health information. Here is a quick overview to check to see if you are currently out of HIPAA compliance.

Access Control

Have you assigned a unique name or number for identifying and tracking user identity? You should establish procedures that will help you obtain protected health information in case of an emergency. By implementing software that encrypts and decrypts electronic health information, you are ensuring clients’ protection.

Audit Controls

If you have not implemented tracking software that records and examines activity in information systems, which is the set of information resources that share the same common functionality,  then you are not properly protecting electronic health information.

Person or Entity Authentication

Do you have procedures that will confirm a person or entity who is seeking access to protected health information? Have you established policies and procedures that safeguard electronic health information from improper alteration or destruction? Be sure to implement appropriate security measures to guard against unauthorized access to electronic protected health information to ensure that documents are not modified without detection or improperly disposed of.

Transmission Security

Are you able to implement software to encrypt electronic health information whenever deemed appropriate? This will encompass all of the administrative, physical, and technical safeguards in your information systems.

Failure to follow HIPAA compliance can result in civil and criminal penalties. Make sure you are following the law and properly protecting the health information of individuals. If you are feeling lost, we will be able to help you get back on track. Call Cognoscape  today for a free consultation.  

 

CompTIA Report on IT Security

CompTIA Report on Security features Cognoscape

IT departments are struggling to build a sound security practice against the ongoing threats and hazards that are attacking IT channels. Companies from diverse backgrounds are just beginning to understand the benefits of IT security. A CompTIA report by author Seth Robinson, senior director for technology analysis, identifies several key takeaways for partner firms trying to build robust security practices.

  • There are channel companies who now offering more security services in their portfolios while others are focusing their business solely on security.
  • Channel firms reported that the security technologies and services that generate the most revenue are firewalls (38%) and antivirus (20%) – going forward that’s got to change.
  • Channel companies need to become more proactive with security when working with their customers. Conversations about the cost and return on investment of security are going to start taking place.
  • Partner firms need to take initiative in building their own company brand and breaking out as an individual entities rather than relying on the reputation of more commonly known security vendors.

The CompTIA report highlighted Cognoscape LLC’s ability to combine their technology processes and education in order to protect their partners digital assets. Cognoscape focuses on small and medium sized business and offers basic layers of security services – backup and disaster recovery, antivirus, antimalware, antispam and patch management. However, they also offer a more strenuous, advanced level of active monitoring services like network policy management and risk mitigation, and they are in the process of developing security information and event management as a service. Cognoscape is lighting the path for partners who aren’t taking the right precautionary measures in security technology and service practices.

According to the CompTIA report, there is a discrepancy between channel companies and the services provided. CompTIA states that only about one-third of partner firms balance vendor reputation and value added services, with 1 in 10 partners primarily relying on the strength of their own services or innovation. This lack of communication leaves room for worry. At the end of the report, ESG analyst Kevin Rhone said that he views security as one of the biggest transformative trends for partners.

A compass on top of a road map, ready to help you navigate through regulatory compliance

Our Spring eBook was Created for You to Understand Regulatory Compliance

Regulatory compliance for a company will ensure adherence to various state and federal laws, standards, procedures, and industry-specific requirements relevant to their success. Failure to comply to regulatory compliance will subject the company to legal punishments and federal fines.

Hacker is infiltrating a business’s network system from a remote location

Brief History of Information Technology Security

People are fiercely driven by ‘what is going to happen’ rather than ‘what has happened’. Due to the growing concern of intellectual property vulnerability, people have begun to investigate further into the past. By understanding the history of technology security you might be able to safeguard against potential threats. Information technology security protects sensitive assets and property through the use of technology processes and training. High concerns that stem directly from information security are protection of confidentiality, integrity, and availability.

“The more you know about the past, the better prepared you are for the future.” -Theodore Roosevelt

The Early Years

Despite the efforts of the “CIA Triad” (or more commonly known as the Parkerian Hexad) on confidentiality/control, information integrity, authenticity, availability, and utility, they were not able to guard against all threats. Early mainframes used by the military were connected to phone lines called ARPANET (precedent to today’s internet), which allowed integration of information between government data centers. A special ARPA squadron began to determine additional steps for better security by studying the unsecure points between the data centers and the public. Their studies jump started the first few precautions focused on mainframe operating systems. MIT, Bell Labs, and General Electric were the first pioneers to build multiple security levels and passwords into their mainframes.

The Boom of Hacking

Computer system hacking began in 1970’s with the boom of emerging telecommunication technology. Ready to ‘stick it to the man’, a group of hackers found a way to infiltrate the telephone and computer networks in order to make free long distance calls. Also known as “phreakers”, these groups were pioneers for organized crime against unsecured networks. After Ian Murphy’s crime of stealing information from military computers in 1986, the Computer Fraud and Abuse Act was created. The Emergency Response Team was created to alert computer users of network security issues after Robert Morris unleashed the Morris Worm to thousands of defenseless computers.

The Growing Concern

Although public use of the Internet is barely 20 years old, malicious Internet activity has turned into a major criminal enterprise for over a decade. Businesses are now under attack by big threats that can leave them defenseless and exposed. Growing concern for the safety of personal/business information comes from the accelerated worldwide use of electronic data and the heavy amount of business conducted over the internet. With this expedited advancement and expansion, more and more people are putting their personal information online, making them vulnerable for an attack. In 2010, a group of the nation’s top scientists concluded in a report to the Pentagon that “the cyber-universe is complex well beyond anyone’s understanding and exhibits behavior that no one predicted, and sometimes can’t even be explained well.”

We recognize that monitoring technology activities are important to continue to protect the safety and security of your business. If you have any questions or concerns about your technology contact Cognoscape today.  

Security-Technology-for-Guns

The Latest Security Technology for Guns

At the start of the new year, the White House announced plans for executive action in an effort to curb shooting deaths. President Obama directed the Departments of Justice, Defense, and Homeland Security to analyze and research various means to accomplish this mission. One approach that has been met with much controversy and debate is gun security technology.

This broad term covers a variety of devices intended to secure guns so that they will be inert if they fall into the wrong hands and prevented from firing altogether except by their lawful owners. While pro-gun factions initially opposed this security technology, claiming how this step toward gun control threatened their Second Amendment rights, both sides did agree on one aspect: the importance of gun safety.

Security technology for guns today is increasingly associated with “smart guns.” Smart guns are employed through electronic devices to ensure that they cannot be fired unless the lawful user is authenticated through pass codes, fingerprint scans, or similar methods. This technology has been around for decades, but there had never been any sort of widespread adoption of smart guns, largely in part due to opposing groups such as the NRA. Here are some new security technologies that have arrived in the gun market.

Smart Gun Technology

Armatix, a German gun manufacturer, sells a .22 caliber pistol that can only be fired if the shooter is wearing a watch that transmits a signal. The shooter must also enter a PIN number to activate the weapon while a delay timer automatically deactivates the pistol after a period of disuse. This renders the gun useless to anyone who does not know the PIN. Armatix also sells a lock inserted into a gun’s barrel that can only be removed by entering a passcode.

Winchester Safes

Venerable gun maker Winchester proudly proclaims how they “Won the West” with their line of firearms, and now offer new versions of the traditional method for storing guns – the home safe. Different sized models with names like Bandit and Big Daddy are large enough to store many guns, including longer rifles, along with ammunition or other valuables. High-end models like the Legacy Premier stand six feet tall and weigh 1,600 pounds. The safes are opened or closed with a hand crank, and locked or unlocked with a passcode.

GunVault

GunVault is a Las Vegas-based company that provides smaller safes to secure individual weapons. However, it’s upcoming ARVault is only large enough to store a rifle once it has been disassembled. The real innovation behind this invention is in the locking mechanisms, which rely on a biometric scanner to verify the owner’s fingerprints.

Identilock

Identilock is another promising device using biometrics, this time as a lock that fits over the trigger guard, leaving the gun unusable. A handy fingerprint scanner above the trigger verifies the user for easy release. This security technology allows the owner to add or remove other shooters via fingerprint scans. A friend at the gun range could be easily added and removed later. Another family member could be added for home defense, or removed if showing suicidal or violent tendencies.

Brief-History-of-Information-Technology-Security

IT Security and its Evolution

Technology has advanced thanks to the hard work and innovation of many people over several decades throughout history. Although information technology – the application of any computers and software to process, store, retrieve, and transmit electronic data – is a major part of our lives today, there was a simpler time before the revolutionary spark of digitization. Few predicted how significant information technology and IT security would become in our lives and the way we conduct business. Here is an overview of the development of IT security throughout history.

1970s

The 1970s marked a time in information technology history that saw an emergence in the exploration of microcomputers. At this time, Steve Jobs and Steve Wozniak – pioneers of the personal computer revolution – met and eventually collaborated on what would become Apple computers. The first modern day hackers also appeared during this time and invented a way to circumvent phone systems to make free calls – a practice that later become known as “phreaking.” It was this decade that witnessed the convergence of technology and commerce. Computers, video games, cars, and space exploration are only a few of the many technologies which developed and improved tremendously within these ten years.

1980s

There are a surprising number of tech gadgets from the 80s that define life as we know it today. The first IBM personal computer, called “Acorn,” was introduced using Microsoft’s MS-DOS operating system. Sears & Roebuck and Computerland sold the machines, and this was when the term PC was popularized.

Apple invented “Lisa,” the first personal computer to offer a GUI (graphical user interface), with features like a drop-down menu and icons in a machine aimed at individual business users. In 1985, Microsoft announced Windows in response to Apple’s GUI. This decade subsequently brought about the era of malware, with the first computer virus for MS-DOS called “Brian.”

1990s

Mosaic, known as the original web browser accredited to popularizing the World Wide Web, was released. By allowing users with little to no technical expertise to browse the online realm, this fueled a period of massive growth of the Internet as well as the community of online users. The 1990s also brought upon the dawn of the modern IT security industry. AOL suffered through the first real phishing attacks as hackers began stealing users’ credentials. Tim Berners-Lee, a researcher at a high-energy physics lab in Geneva, invented HyperText Markup Language (HTML) – giving rise to the World Wide Web.

In 1997, Microsoft invested $150 million in Apple – which was struggling at the time – ending Apple’s court case against Microsoft in which it alleged that Microsoft copied the “look and feel” of its operating system.

The 2000s and Beyond

The 21st Century saw a swarm of new computer viruses, such as ILOVEYOU, spread fervently across the Internet, taking advantage of security holes in software made by Microsoft and other major tech companies. Adware and spyware entered the scene with programs such as Conducent and CometCursor. In 2003, the amount of data created surpassed the amount of all information created in the rest of human history combined. The Internet became so central to commerce that opportunities for hackers grew exponentially.

In 2010, a group of the nation’s top scientists concluded in a report to the Pentagon that “the cyber-universe is complex well beyond anyone’s understanding and exhibits behavior that no one predicted, and sometimes can’t even be explained well.” In 2015, Apple released the Apple Watch while Microsoft released Windows 10.

motion-sensors-security

Using Motion Sensors To Protect Your Home

The Incorporation of Motion Sensors in Home Security Systems

More people than ever are using technology to protect their homes and businesses. If you wanted to have a security system back in the day, the best you could do was analog video, which produced tapes that you could evaluate at a later date. But technological advances have come far enough to where you can have a digital video security system that live-streams directly to your smartphone, tablet, or computer over the internet. One of the biggest new features that homeowners and business leaders are taking advantage of is motion sensors. Motion sensors take technology that used to only be available to the military, and make it available to those who want to keep their homes or enterprise facilities safe from intruders. Although motion sensors are primarily used as anti-theft technology, they have other uses too — such as informing you if a teenager has missed curfew and is arriving home late or alerting you if a customer has entered your business. Motion sensor technology works by using microwave pulses, infrared sensors, or a combination of both to detect movement. Once detected, notifications are sent to your monitoring center, letting you know exactly where the motion was found.

Different Types of Motion Sensors

There are several different types of motion sensors that you can use to keep your home or business safe. Passive infrared, or PIR motion detectors, detect body heat. They are the most common form of motion detectors used in home-based security systems. Microwave, or MW motion detectors, are another option. They send out microwave pulses, which reflect off of a moving object, tripping the sensor. Although these sensors can cover large areas, they aren’t as widely used because they are prone to electrical interference issues. There is also the option of choosing a dual technology motion sensor, which combines both of the features of the MW and PIR sensors.

Different Ways You Can Use Home Security Systems

Although motion sensor technology is typically used to protect against theft and home invasion, you can also use them for other purposes. You might connect your motion sensors to your lights, for example, and save money by only having the lights on while you are moving in a particular room. You can use motion detectors to restrict the movement of pets or small children while you are in the house as well. Motion sensors can alert you to when a friend or neighbor is at the door, so you know to expect them before they ring the doorbell. Motion sensors are versatile and can meet all of your home/business security and safety needs.

PCI-Compliance-IT-Security

4 Signs that You’re Out of PCI Compliance

Compliance with the standards set by the Payment Card Industry (PCI) Security Standards Council can be cumbersome and flat out difficult. And the punishment for non-compliance can be stiff penalties and fines – or even worse, non-compliance could allow a hacker or data thief to get into your company’s systems and steal critical data from you or your customers. To avoid these unsavory outcomes, it is best to make sure that your business gets PCI compliant and maintain that compliance status. It is critical that you know if your company is PCI compliant so that you can keep your business protected from fines and hackers alike. Here are some of the ways that you can know if your business is not compliant. If any of these signs describe your business, then it is time to make a change and get back into compliance.

You Store Cardholder Data

Storing cardholder data means that you have highly sensitive information that can be stolen on your systems. To maintain PCI compliance, you should not save or store any cardholder data, whether in digital or written form. To avoid storing cardholder data, you can use a card reader, POS terminal, or a payment processor that doesn’t retain that information. That way, you don’t have to think about protecting or encrypting that data on your systems.

You Don’t Have A Separate Network For Payment Processing

PCI compliance can put extra pressure and security measures on your network. That’s why it is a good idea to have a separate system for your regular business connection just for payment processing. This is especially relevant if you are using IP-based credit card terminals.

You Don’t Automatically Log Customers Out

When your customers log in and make a purchase, they might be doing so on a public computer or at a public kiosk. When they leave that computer, they might forget to log out, allowing another person to stumble upon their open session and make unauthorized purchases. Make sure that you avoid these kinds of scenarios by automatically logging your users out of their sessions after a set period. If for example, users are automatically logged out after five minutes being idle, you have a significantly higher chance of stopping unauthorized purchases.

Your Employees Don’t Have Unique Login Information

To be PCI compliant, all of your employees need to have their unique login information for sensitive systems. That way, if there an issue, you know which employee was responsible.