George Grachis
star Advisor
IDG Contributor Network
Want to Join?
Opinions expressed by ICN authors are their own.
A senior security and compliance specialist, George Grachis has over 25 years’ experience in the tech sector. Some of his experience includes over a decade supporting the Space Shuttle program for Computer Sciences Corporation & Grumman Aerospace, security management for CFE Federal Credit Union, IT auditing & consulting for Deloitte and serving as Chief Security Officer for Satcom Direct.
George holds both the CISSP, and CISA certifications. George received the ISSA fellow Designation in 2016 and is currently an active senior board member of ISSA. George has been interviewed by WFTV ABC TV and Fortune Magazine. When not working he enjoys spending time with family & friends, Big Brothers Big Sisters, Playing the Drums, motorcycling, fitness, and writing articles for his CSOonline.com blog, Virtual CISO.
The opinions expressed in this blog are those of George Grachis and do not necessarily represent those of IDG Communications Inc. or its parent, subsidiary or affiliated companies.
Automating cloud compliance
The cloud is here, Its dynamic,scalable and ever changing. yesterdays bi yearly or yearly audit snap shots don't meet this new computing platforms needs to achieve compliance. It's time for continuous audits and a single risk...
Your dream job is waiting!
I'm a senior Cloud Compliance Architect, but how did I get here? Lots of mountains to climb, education, experience and certifications. I hope to inspire our young people to never give up, keep focused, have a passion for what you do...
Achieving compliance in the cloud
More and more organizations are moving towards cloud technologies for scalability, cost reduction, and new service offerings. In this short article we will review cloud basics and look at auditing for compliance challenges.
Continuous IT audits are needed to combat today's cyber threats
It's time to shift to continuous audits as cyber threats are dynamic and constantly changing, we can no longer afford to take a static snapshot of critical IT systems.
HIPAA compliance report card
The HIPAA data breaches immediately followed the US government's directive to push healthcare data online as part of the American Recovery and Reinvestment Act Jan 1 2014. HIPAA is a law that is implemented with IT frameworks like...
Make cybersecurity great again!
We are losing the battle of cybersecurity, cyber criminals put 100% into planning and attacks and we cant even fund a cyber security role for all internet-connect businesses!
Law firms subject to same cyber risk as others, but is compliance required?
Law firms are handling some of the most sensitive and private information, this includes but is not limited to healthcare, private business deals, financial assets, mergers and acquisitions, intellectual property, credit cards and so...
2016: A reflection of the year in cybercrime
A look back at 2016 predictions in cyber crime and how it all actually played out.
Hillary or Donald: Who is more cybersecurity savvy?
Cybersecurity and the role of the President. What they say is one thing, what about their track record is something else altogether.
IT audits must consider the cyber kill chain and much more!
Its not enough to perform an IT audit to achieve compliance alone, Today's threat landscape includes sophisticated APT's, Advanced Persistent Threats, Remote access Trojans and Ransomeware to name a few, In order for an IT audit to...
Florida privacy law adds breach notification and strengthens compliance
A brief intro to US State and Federal Law and how they work to govern the United States, An intro to the FIPA (Florida Information Protection Act) and how it works with existing compliance to strengthen it and better protect business...
A pen test a day keeps hackers away
Penetration testing has evolved from a nice to have test to a mandatory test, Besides compliance a PEN test will tell you just how secure your organizations data really is. Your network is being scanned and attacked daily, don't wait...
Is your healthcare organization leaking data?
Recent news headlines and research has illustrated that healthcare organizations are either leaking data from various servers and medical devices or they are being hit with ransomware. This article looks at some of the reasons why...
Third-party vendors must abide by HIPAA privacy rules as well
This month I cover the HIPAA business associate rule, the FIPA, (Florida Information Protection Act) and summarize the latest FDA cyber security medical device guidance.
Privacy at what cost? Apple vs the US government
The Federal Government, and the FBI need access to the phone as in any shooting to help solve the crime, to look for links to other possible shooters. But Apple CEO Tim Cook says we can’t do that, to do so jeopardizes the technologies...
What every IT department needs to know about IT audits
Today's IT departments are faced with deadlines to deploy and fix an ever increasing array of advanced technology. All of this while trying to maintain some sort of security and compliance posture. Add to this budget cuts and staff...
Preventing data breaches is a business problem not an IT issue
One data breach after another, does anyone ask what's the root cause? We have the Verizon data breach investigations report and many more that shed light on the problem and it's that many intrusions are far too easily accomplished....
Cyber risk management in healthcare
If you are a Risk Manager in healthcare you face the same challenges as in any other internet connected business. For example; we are all familiar with the Target and Home Depot data breaches.
Why healthcare providers need to take HIPAA risk assessments seriously
It’s important to get an independent outside consultant to perform this critical assessment.