Administrative Safeguards

HIPAA Terms

According to the Office for Civil Rights, the Security Rule defines administrative safeguards as, “administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information (ePHI) and to manage the conduct of the covered entity’s workforce in the relation to the protection of that information.”

Examples of administrative controls can be things like employee training, security awareness, written policies and procedures, incident response plans, business associate agreements, and background checks.

API Pen Testing

Pen Testing Terms

Whether you use a SOAP or REST API, a poorly secured API can open security gaps for anything that it is associated with. API penetration testing looks for vulnerabilities in the endpoints of your API, as well as configuration issues that could be exploited. In fact, some of the most common vulnerabilities are improper authentication and authorization issues within the API.

Assertion

General

An official examination of an organization’s systems, controls, processes, and documents against a specified framework that is conducted by independent internal or third-party persons (See also: third-party attestation, independent opinion, and internal audit).

Audit

General

An official examination of an organization’s systems, controls, processes, and documents against a specified framework that is conducted by independent internal or third-party persons (See also: third-party attestation, independent opinion, and internal audit).

Business Associates

HIPAA Terms

Business associates are defined as “A person or an entity that creates, receives, maintains, or transmits PHI for a regulated healthcare function.”

Cardholder Data

PCI DSS Terms

PCI DSS defines cardholder data as: “At a minimum, cardholder data consists of the full PAN. Cardholder data may also appear in the form of the full PAN plus any of the following: cardholder name, expiration date and/or service code.” In short, as the name implies, cardholder data is any data stored related to a user’s card number or payment information.

CCPA

GDPR & Privacy Terms

In June 2018, California Governor Jerry Brown signed into law AB 375, enacting The California Consumer Privacy Act of 2018 (CCPA) which went into effect on January 1, 2020. The purpose of CCPA is to give consumers more rights related to their personal data, while also requiring businesses to be more transparent about the way personal data is used and shared. Because of California’s reputation as a hub for technology development, this law speaks to the needs of its consumers which continue to evolve with technological advancements and the resulting privacy implications surrounding the collection, use, and protection of personal information.

Code Review

Pen Testing Terms

Let’s face it: no one can write 100% bug-free code all the time. Code review takes a hybrid approach that includes both automation and manual assessment to uncover flaws in your code and potential vulnerabilities. A code review looks for logic issues, security issues, and anything that would be exploitable if discovered and abused, and can also look at general code best practices for ongoing safety and security.