A Practical Guide to Choosing the Right Frameworks for Your Organization
Navigating compliance in 2025 feels like standing in front of a wall of acronyms — SOC 2, HIPAA, PCI DSS, NIST CSF, CIS Controls, CMMC — each promising to solve your security and regulatory challenges. For managed service providers and IT organizations, this abundance of frameworks creates a paradox of choice that can paralyze decision-making […]
Demystifying NIST: A De Facto Framework for MSPs
This post is adapted from the Blacksmith Infosec book, Forging Trust. The NIST Cybersecurity Framework (CSF) is widely regarded as the foundational standard for cybersecurity risk management in the United States and internationally. Originally developed to improve critical infrastructure cybersecurity, the framework has evolved to address the needs of organizations of all sizes and sectors, […]
HIPAA Compliance in 2025: Persistent and Evolving Challenges
It’s been nearly three decades since HIPAA was enacted, yet compliance remains a significant challenge for healthcare providers and other entities handling protected health information (PHI). The regulatory landscape continues tightening. Cyber threats grow more sophisticated. In the wake of it, organizations must address both longstanding and emerging obstacles to avoid costly penalties and protect […]
HIPAA-Covered Entity Strikes Back With Lawsuit
The MTL vs. Ntirety Lawsuit: Establishing New Precedent for Business Associate Accountability In an unprecedented legal move that could reshape healthcare data protection standards, Molecular Testing Labs (MTL) has filed suit against its MSP following a significant data breach. The Vancouver, Washington-based laboratory specializing in precision diagnostics discovered on March 12, 2025, that patient data […]
Demystifying NY Education Law § 2-d
We want to help businesses better understand what the New York State Education Department (NYSED) Law § 2-d is and what they can do to comply with it. We’ll be discussing the importance of NYSED Law § 2-d, covering Personally Identifiable Information (PII), who the law applies to, the requirements of NYSED Law § 2-d […]
Demystifying HIPAA
We want to help businesses better understand what the Health Insurance Portability and Accountability Act (HIPAA) is and what they can do to comply with it. We’ll be discussing the importance of HIPAA, covering Protected Health Information (PHI), who HIPAA applies to, the HIPAA Privacy and Security rules, as well as what the repercussions of […]
Demystifying NY DFS NYCRR Part 500
Keeping customer data safe is more critical than ever, especially for financial companies. New York State has taken a big step to ensure this safety through a set of rules known as New York Codes, Rules and Regulations (NYCRR) Part 500. These rules, introduced by the New York State Department of Financial Services (NYDFS) in […]
Demystifying NIST CSF 2.0
Today we’re going to talk about the National Institutes for Standards and Technology (NIST) Cybersecurity Framework (CSF). It’s an important tool for SMB’s designed to help strengthen their defenses against these cyber risks. NIST CSF has been an industry standard, providing the baseline definition for a well-run cybersecurity program for over a decade. Just like […]