Achieving Safe Harbor in Healthcare - Episode 1
July 12, 2016 •Walt Paley
After I cross-posted Ray Potter's HealthITSecurity.com editorial to one of my LinkedIn groups (HIPAA Survival Guide), it spawned a great conversation about the lack of clarity on the topic of encryption in healthcare IT. Ray's article and the subsequent debate raised new questions and new confusion, even among the most qualified and experienced folks in the group. It became obvious that additional guidance would be helpful, so here goes. This is Episode 1 of 4, to be posted each day this week.
First, let's do a rundown on a few of the acronyms and terminology crucial to understanding encryption in healthcare.
NIST is the National Institute of Standards and Technology. They are responsible for setting benchmarks and providing guidance for technological implementations. They also set minimum requirements for federal government agencies to follow. Because of this role, private sector companies use NIST guidance as a template even when it's not legally mandated.
FIPS 140-2 is the Federal Information Processing Standard 140 (Version 2). It governs cryptography, was written by NIST and is possibly their most well-known standard. NIST even established a department dedicated to the validation of encryption modules that meet the standard. FIPS 140-1 refers to the first version of the standard, while FIPS 140-2 is the current version. FIPS 140-3 is not an official version, although many use it to refer to a theoretical future revision.
FIPS 140-2 Level 1 is the appropriate validation level for software. Levels 2-4 are concerned with increasing levels physical security of hardware, including tamper resistance and seals that show evidence of attempted access. Cool stuff, but irrelevant for a software solution like those being deployed on healthcare providers' laptops and mobile devices.
CMVP is the Cryptographic Module Validation Program. It is the NIST department (mentioned above) that handles the testing and certification of encryption modules from the private sector. Their little sister department, CAVP, is the Cryptographic Algorithm Validation Program, which provides the certification of individual algorithms as a building block towards CMVP's FIPS 140-2 validation.
The CMVP maintains a public list of all modules that have been validated. If it's not listed, it didn't get tested, didn't qualify, or at least hasn't completed the process. (It used to take 12-18 months, before SafeLogic cut it down to 8 weeks.) Any technology vendor that has received FIPS 140-2 validation will proudly provide their certificate number upon request, and you should absolutely cross-reference it with the public list to confirm.
"FIPS validated" is the term for a certified algorithm or module. It will have a unique certificate number on the public list. "FIPS compliant" means that it is ready to be tested, but has not completed the process, so it cannot be confirmed. Likewise, "FIPS ready" or "designed for FIPS" or "pre-validated for FIPS" are not actual, verifiable claims.
So why do you care? Well, if you're working in health, a little thing called Safe Harbor provides a big motivation. This is the legal avoidance of notifying patients that their PHI (Protected Health Information) was exposed. Let's say that a physician's laptop is stolen. If you qualify under Safe Harbor, you're all good, just need to procure a new laptop for the poor doctor. If you don't qualify, you're embarking on a pretty terrible journey, letting people know that their data was lost and their identity is at risk of theft, and waiting for the penalty assessment from the Department of Health and Human Services (HHS) Office of Civil Rights (OCR). The most recent announcement was a $650k settlement with a nursing home. [Correction 7/15/16 - the nursing home had to report the breach, but the settlement was paid by the Business Associate directly responsible for the lost iPhone.] Not good. Even worse, this one was due to a Business Associate (BA) decision not to encrypt a device that had access to patient data. Organizations are no longer insulated from liability due to Business Associate Agreements (BAAs), so the stakes are very high. You need to know exactly what your vendors, partners, and Business Associates (BAs) are deploying, since they must be included in your risk assessments now.
Tomorrow, I will post Episode 2, diving into the HITECH Breach Notification for Unsecured Protected Health Information; Interim Final Rule itself. Stay tuned!

Walt Paley
Walter Paley is the VP of Communications for SafeLogic. He is responsible for strategy, content, marketing, and outreach. Walt has worked with a series of start-ups and companies in growth stages, including Nukona (acquired by Symantec), Qubole, Bitzer Mobile (acquired by Oracle), and TigerText, among others. An Alumnus of the psychology program at UC San Diego, Walt lives in Southern California with his wife, kids, and their black lab, Echo.
Popular Posts
Search for posts
Tags
- FIPS 140 (102)
- FIPS validation (83)
- Encryption (68)
- cryptography (63)
- NIST (60)
- CryptoComply (58)
- SafeLogic (58)
- Industry News (54)
- cryptographic module (51)
- Conversations (49)
- CMVP (48)
- RapidCert (46)
- compliance (39)
- Ray Potter (33)
- SafeLogic News (33)
- Event (27)
- federal (27)
- CAVP (23)
- Cybersecurity (22)
- algorithm (22)
- #LoveOurCustomers (15)
- OpenSSL (14)
- government (14)
- CryptoCompact (13)
- Cryptology (12)
- DoD (12)
- FedRAMP (12)
- RSA (12)
- compatible (12)
- partners (12)
- NSA (11)
- healthcare (11)
- AES (9)
- Apple (9)
- Cloud (9)
- FIPS 140-3 (9)
- Wearable (9)
- award (9)
- health (9)
- security (9)
- time (9)
- HIPAA (8)
- Homeland Security (8)
- IoT (8)
- Suite B (8)
- hack (8)
- testing (8)
- whitepaper (8)
- CMMC (7)
- agency (7)
- client (7)
- constrained devices (7)
- Advisories (6)
- Approved Products List (APL) (6)
- HITECH (6)
- holiday (6)
- lab (6)
- vulnerability (6)
- Acumen (5)
- CEO (5)
- Dual EC DRBG (5)
- Google (5)
- Google Glass (5)
- ICMC (5)
- Microsoft (5)
- NIST 800-171 (5)
- NIST 800-53 (5)
- OpenSSL 3.0 (5)
- Safe Harbor (5)
- Wes Higaki (5)
- Whit Diffie (5)
- ePHI (5)
- healthIT (5)
- heartbleed (5)
- mHealth (5)
- procurement (5)
- vulnerable (5)
- C3PAO (4)
- HHS (4)
- HITECH Act (4)
- Mark Minnoch (4)
- Samsung (4)
- Vegas (4)
- archive (4)
- attack (4)
- blog (4)
- breach (4)
- breaches (4)
- deadline (4)
- encrypt (4)
- health IT (4)
- innovation (4)
- military (4)
- procure (4)
- AFCEA (3)
- Air Force (3)
- BSAFE (3)
- BouncyCastle (3)
- CSE (3)
- Common Criteria (3)
- DFARS (3)
- DISA (3)
- EMM (3)
- FIPS 186 (3)
- FIPS-approved (3)
- HIMSS (3)
- HIPAA Safe Harbor (3)
- HITECH Safe Harbor (3)
- Heartbleed Bug (3)
- Implementation Guidance (3)
- Implementation Under Testing (3)
- InfoSec (3)
- NVLAP (3)
- National Institute of Standards and Technology (3)
- New Year (3)
- OCR (3)
- OpenSSL 1.1.1 (3)
- PHI (3)
- POA&M (3)
- Snowden (3)
- advisor (3)
- blackberry (3)
- budget (3)
- bug (3)
- competition (3)
- connected (3)
- constrained (3)
- data at rest (3)
- editorial (3)
- forum (3)
- goals (3)
- healthcare IT (3)
- iPhone (3)
- liberty (3)
- magazine (3)
- open source (3)
- patriotic (3)
- privacy (3)
- public sector (3)
- queue (3)
- revalidation (3)
- software (3)
- speaking (3)
- transition (3)
- vulnerabilities (3)
- 3PAO (2)
- ACVP (2)
- BA (2)
- BAA (2)
- CIO (2)
- CSEC (2)
- CSP (2)
- CoIT (2)
- Coalfire (2)
- Cyber Defense Magazine (2)
- Cyberattack (2)
- DIY (2)
- Defense Industrial Base (2)
- Diffie-Hellman (2)
- ECDH (2)
- EHR (2)
- FBI (2)
- FIPS 197 (2)
- FIPS 199 (2)
- FIPS ready (2)
- Facebook (2)
- FinalCode (2)
- Firefox (2)
- Forbes (2)
- HIPAA security controls (2)
- Historical (2)
- Historical Status (2)
- IPsec (2)
- IPsec VPN (2)
- Java (2)
- Jawbone (2)
- Jawbone Up (2)
- Level 1 (2)
- Level 2 (2)
- Level 3 (2)
- Level 4 (2)
- MFA (2)
- MSFT (2)
- Maribel Lopez (2)
- Marine Corps (2)
- Marines (2)
- Mark (2)
- Marquess (2)
- Module in Process (2)
- Mozilla (2)
- NIST 800-111 (2)
- NIST 800-38 (2)
- NSS (2)
- Naughty List (2)
- Navy (2)
- Nest (2)
- Nest thermostat (2)
- Network Security Services (2)
- OpenSSL 1.0.2 (2)
- Pentagon (2)
- Poodle (2)
- President (2)
- RNG (2)
- RSA BSAFE (2)
- RSA Security (2)
- SHA (2)
- SPRS (2)
- SSL (2)
- SSL VPN (2)
- Samsung Galaxy Gear (2)
- San Francisco (2)
- Securonix (2)
- Silicon Valley (2)
- Smart Fridge (2)
- Steve Marquess (2)
- Suite A (2)
- TLS (2)
- TLS 1.3 (2)
- U.S. (2)
- U.S. Armed Forces (2)
- UK (2)
- US (2)
- US Armed Forces (2)
- USA (2)
- Up (2)
- VPN (2)
- Walt Paley (2)
- Webinar (2)
- Wired (2)
- accelerate (2)
- achieving safe harbor (2)
- achieving safe harbor in healthcare (2)
- acquisition (2)
- archive list (2)
- armed forces (2)
- article (2)
- backdoor (2)
- benchmark (2)
- breach notification (2)
- business associate (2)
- business associate agreement (2)
- case study (2)
- checkmark (2)
- code (2)
- competitor (2)
- constrained device (2)
- consultant (2)
- consultants (2)
- consulting (2)
- cost (2)
- cyber terrorism (2)
- data in motion (2)
- developer (2)
- doctor (2)
- entropy (2)
- excellence (2)
- fast (2)
- federal acquisition (2)
- federal procurement (2)
- federal shutdown (2)
- finance (2)
- firmware (2)
- founder (2)
- freedom (2)
- goal (2)
- gold (2)
- guest (2)
- hardware (2)
- hurdle (2)
- hybrid (2)
- iOS 6 (2)
- key management (2)
- leader (2)
- legacy (2)
- mandate (2)
- maturity (2)
- medal (2)
- overlap (2)
- patch (2)
- patches (2)
- patient (2)
- penalties (2)
- pilot (2)
- post-quantum cryptography (2)
- re-validation (2)
- regulated industry (2)
- research (2)
- rival (2)
- security breach (2)
- session (2)
- shutdown (2)
- solution (2)
- speed (2)
- sponsors (2)
- startup (2)
- sunset (2)
- support (2)
- team (2)
- technology (2)
- terrorism (2)
- terrorist (2)
- use case (2)
- vendor (2)
- year (2)
- year end (2)
- (ISC)2 (1)
- 21st Century Cures Act (1)
- Active Status (1)
- Alliance for Digital Innovation (1)
- Amazon (1)
- Android (1)
- Army (1)
- BYOD (1)
- Boeing (1)
- Brent Cook (1)
- Bruce Schneier (1)
- CCEVS (1)
- CES (1)
- CIO Prime Views (1)
- CIO Story (1)
- CIOstory (1)
- CNET (1)
- CNN (1)
- CNSA (1)
- CNSS (1)
- COTS (1)
- CSF (1)
- CTR_DRBG (1)
- CUI (1)
- Cameron (1)
- Chris Conlon (1)
- Columbia University (1)
- Commercial Solutions for Classified (1)
- Cryptographic Technology Group (1)
- Cryptsoft (1)
- CsfC (1)
- Cupertino (1)
- Cyber Monday (1)
- D-FLIP (1)
- DEA (1)
- DES (1)
- DHS (1)
- DIU (1)
- DIUx (1)
- DNA (1)
- DOJ (1)
- Daniel Franke (1)
- David Cameron (1)
- David Hook (1)
- EPCS (1)
- Erlich Bachman (1)
- Extended Support (1)
- FCA (1)
- FF1 (1)
- FF3 (1)
- FIPS Compliance (1)
- FISMA (1)
- FITARA (1)
- FOM (1)
- FOM 2.0 (1)
- FPE (1)
- FUD (1)
- False Claims Act (1)
- Fear and Loathing (1)
- Fed (1)
- Federal IT Sales Summit (1)
- Fitbit (1)
- Florida (1)
- Forbes Magazine (1)
- Fourth of July (1)
- Frank McDonough (1)
- G.18 (1)
- GCHQ (1)
- GNU (1)
- GNU Project (1)
- GSA (1)
- Galaxy (1)
- Galaxy Gear (1)
- Gartner (1)
- Gartner Symposium (1)
- Gavin Belson (1)
- Globo (1)
- GnuPG (1)
- GoBe (1)
- Golden Globes (1)
- Govie (1)
- Govies (1)
- Grammy (1)
- Grammys (1)
- HASH_DRBG (1)
- HBO (1)
- HIIPA (1)
- HIPPA (1)
- HIT (1)
- HITRUST (1)
- HITRUST CSF (1)
- HMAC (1)
- HMAC_DRBG (1)
- HUD (1)
- Healbe (1)
- Heartbeat (1)
- Hebdo (1)
- Hooli (1)
- Hummer (1)
- Humvee (1)
- Hunter S. Thompson (1)
- IBM (1)
- ICMC 2013 (1)
- ICS (1)
- ICS-ISAC (1)
- IPB (1)
- ISO (1)
- ISO 19790 (1)
- ISO 24759 (1)
- ITexpo (1)
- ITexpo West (1)
- ITexpo West 2014 (1)
- Immix (1)
- In Progress (1)
- In Progress List (1)
- Inauguration (1)
- Industrial Control System (1)
- Infogard (1)
- Intel (1)
- Investigatory Powers Bill (1)
- Iron Mountain (1)
- JAR (1)
- JCE (1)
- JITC (1)
- JLTV (1)
- JSSE (1)
- Jack Barker (1)
- Jawbone Up24 (1)
- Joint Light Tactical Vehicles (1)
- KAS (1)
- KBKDF (1)
- Kamala Harris (1)
- Katie Arrington (1)
- Kestler (1)
- Kris van Riper (1)
- LRSB (1)
- Lee (1)
- Lee Kestler (1)
- Legacy List (1)
- Legacy Validation List (1)
- Legion (1)
- LibreSSL (1)
- LinkedIn (1)
- Linux (1)
- Lockheed (1)
- Lockheed Martin (1)
- Lopez Research (1)
- MDMPP (1)
- MDPP (1)
- MIT (1)
- MWC (1)
- Macintosh (1)
- Marissa Mayer (1)
- Mark Amtower (1)
- Matt Caswell (1)
- Matt Cornelius (1)
- Matthew Cornelius (1)
- Matthew Green (1)
- Maturity Model (1)
- Memorial Day (1)
- Michael Leonard (1)
- MicroStrategy (1)
- Microsoft Surface (1)
- Miramar (1)
- Multifactor (1)
- NCSL (1)
- NSA Suite B (1)
- Nevada (1)
- Nike+ (1)
- Nobel (1)
- North Korea (1)
- Northrup (1)
- Northrup Grumman (1)
- OCS (1)
- OMB (1)
- ONC (1)
- OSL (1)
- OSSL 1.1 (1)
- OSSL Foundation (1)
- OVS (1)
- Office 365 (1)
- Oracle (1)
- Orlando (1)
- Oscars (1)
- Osh Kosh (1)
- Oshkosh (1)
- Outlook (1)
- Oval Office (1)
- P-256 (1)
- P-384 (1)
- PC Mag (1)
- PCI (1)
- PCI-DSS (1)
- PIN (1)
- PIN code (1)
- PIN number (1)
- PM (1)
- PQC (1)
- PRISM (1)
- Padding Oracle On Downgraded Legacy Encryption (1)
- Palazzo (1)
- Palo Alto (1)
- Paris (1)
- Pence (1)
- Pied Piper (1)
- Pilgrims (1)
- Poison (1)
- Poodlebleed (1)
- Presidency (1)
- Prime Minister (1)
- Prius (1)
- Protection Profiles (1)
- Pulse Secure (1)
- Q4 (1)
- Quantum Dawn (1)
- Quest (1)
- RAR (1)
- REDCOM (1)
- RFP (1)
- Ralph C. Jensen (1)
- Ralph Jensen (1)
- Raytheon (1)
- Readiness Assessment Report (1)
- Rebranding (1)
- Redmond (1)
- Richard Hendricks (1)
- Rijndael (1)
- Rohit Sethi (1)
- Ryan Thomas (1)
- SC Magazine (1)
- SC-13 (1)
- SC-28 (1)
- SC-8 (1)
- SLED (1)
- SP (1)
- SP 800-113 (1)
- SP 800-56 (1)
- SP 800-77 (1)
- SP800-131A (1)
- SP800-90A (1)
- SSLv3 (1)
- Samsung Galaxy (1)
- Sands (1)
- Sands Expo (1)
- Satcom (1)
- Schneier (1)
- Sean Kerner (1)
- SecureAuth (1)
- Security B-Sides (1)
- Security Compass (1)
- SecurityToday (1)
- September 22 (1)
- Sergey Brin (1)
- Seth Rosenblatt (1)
- Sethi (1)
- Signal Magazine (1)
- Simon (1)
- Skipjack (1)
- Skunk Works (1)
- Skunkworks (1)
- Skydrive (1)
- Snooper's Charter (1)
- Softshell (1)
- Sony (1)
- Speck (1)
- Squanto (1)
- St Regis (1)
- StateRAMP (1)
- Steve Jobs (1)
- Surface (1)
- Susan McAndrew (1)
- Sweet32 (1)
- Symantec (1)
- TLS 1.1 (1)
- TLS 1.2 (1)
- TSMC (1)
- Taming the Transition (1)
- Taming the Transition: Marketing & Sales Tacti (1)
- Tanuj Gulati (1)
- Target (1)
- Target breach (1)
- Tesla (1)
- Theresa May (1)
- Thomas (1)
- Tim Hudson (1)
- Tisquantum (1)
- Tizen (1)
- Tom Cruise (1)
- Toyota (1)
- Toyota Prius (1)
- Triple DES (1)
- Trump (1)
- U.K. (1)
- U.S. Air Force (1)
- U.S. Army (1)
- U.S. Marines (1)
- U.S. Military (1)
- U.S. Navy (1)
- US Air Force (1)
- US Army (1)
- US Marines (1)
- US Military (1)
- US Navy (1)
- USMC (1)
- United Kingdom (1)
- United States (1)
- United States of America (1)
- Up24 (1)
- Vectra (1)
- Vectra Networks (1)
- Venetian (1)
- Verify (1)
- WEST (1)
- WEST 2020 (1)
- Wall Street (1)
- Weaved (1)
- Websense (1)
- WhatsApp (1)
- White House (1)
- Wiebe (1)
- Wired.co.uk (1)
- Wireless U (1)
- WolfSSL (1)
- Yahoo (1)
- Yier Jin (1)
- Yoics (1)
- You're fired! (1)
- Yubico (1)
- abbreviation (1)
- abbreviations (1)
- achieve (1)
- acronym (1)
- acronyms (1)
- administration (1)
- advantage (1)
- appointee (1)
- archival (1)
- assurance (1)
- authentication (1)
- autumn (1)
- aviation (1)
- background (1)
- ban (1)
- banish (1)
- banished (1)
- banishment (1)
- banned (1)
- batterygate (1)
- benchmarks (1)
- best (1)
- bid (1)
- blue angel (1)
- blue angels (1)
- bold (1)
- browser (1)
- bugs (1)
- calendar (1)
- capitol (1)
- certicom (1)
- challenge (1)
- champ (1)
- champion (1)
- channel (1)
- checklist (1)
- checkmarks (1)
- chief (1)
- chip (1)
- chipgate (1)
- choice (1)
- choose (1)
- chosen (1)
- cipher (1)
- citizen (1)
- citizenship (1)
- co-founder (1)
- codebase (1)
- codies (1)
- comment period (1)
- comparison (1)
- compete (1)
- competitive (1)
- competitive advantage (1)
- complaint (1)
- complaints (1)
- complete (1)
- concurrent (1)
- confusion (1)
- congress (1)
- contract (1)
- crime (1)
- criminal (1)
- critical infrastructure (1)
- cryptographer (1)
- cybertech (1)
- data (1)
- data center (1)
- data centers (1)
- data security (1)
- dates (1)
- david hume (1)
- debt ceiling (1)
- decryption (1)
- deploy (1)
- deployment (1)
- development (1)
- dictionary (1)
- differentiator (1)
- disambiguate (1)
- download (1)
- drones (1)
- eBay (1)
- eBay breach (1)
- eHealth (1)
- eWeek (1)
- editor (1)
- editor-in-chief (1)
- effort (1)
- elliptic curve cryptography (1)
- embedded (1)
- emerging (1)
- engineer (1)
- engineering (1)
- enterprise security (1)
- executive (1)
- exhibit (1)
- exhibit hall (1)
- expectations (1)
- expert (1)
- expertise (1)
- experts (1)
- expiration (1)
- expire (1)
- extended (1)
- fall (1)
- faq (1)
- finalist (1)
- finalists (1)
- financial (1)
- fines (1)
- fintech (1)
- fips inside (1)
- fiscal (1)
- fiscal year (1)
- fitness tracker (1)
- fitness trackers (1)
- fix (1)
- fixes (1)
- flight (1)
- forecast (1)
- format-preserving (1)
- format-preserving encryption (1)
- fraud (1)
- frempetitor (1)
- frempetitors (1)
- frenemies (1)
- frenemy (1)
- furlough (1)
- future (1)
- global (1)
- globee (1)
- glossary (1)
- goose (1)
- gotcha (1)
- gov (1)
- gov't (1)
- guest blog (1)
- guest post (1)
- hashed (1)
- head-to-head (1)
- heads up displays (1)
- hill (1)
- hiring freeze (1)
- history (1)
- home automation (1)
- homeland (1)
- honor (1)
- honored (1)
- hospital (1)
- human rights (1)
- hume (1)
- humor (1)
- hurdles (1)
- iMessage (1)
- iOS (1)
- iOS 7 (1)
- iPad (1)
- iToilet (1)
- industry (1)
- intellectual property (1)
- interim final rule (1)
- international (1)
- interview (1)
- issues (1)
- kratos (1)
- launch (1)
- law enforcement (1)
- libgcrypt (1)
- malicious (1)
- maverick (1)
- medals (1)
- medical (1)
- medicine (1)
- meek (1)
- milestone (1)
- mobile security (1)
- mobility (1)
- mocana (1)
- money (1)
- multi-factor (1)
- multi-factor authentication (1)
- musings (1)
- national cybersecurity strategy (1)
- naval aviator (1)
- need for speed (1)
- neglect (1)
- network (1)
- new (1)
- new OSSL (1)
- news (1)
- nominate (1)
- nominated (1)
- nominee (1)
- nominees (1)
- offload (1)
- opportunities (1)
- opportunity (1)
- outsource (1)
- panel (1)
- parallel (1)
- passwords (1)
- past (1)
- patient data (1)
- philosopher (1)
- philosophy (1)
- physician (1)
- piece (1)
- pilots (1)
- plane (1)
- plans (1)
- platinum (1)
- post (1)
- presentation (1)
- press release (1)
- priorities (1)
- priority (1)
- prize (1)
- profile (1)
- proposal (1)
- proposed (1)
- proud (1)
- provider (1)
- public (1)
- public comment (1)
- public comment period (1)
- public list (1)
- quant (1)
- quant self (1)
- quantified (1)
- quantified self (1)
- queue length (1)
- quinquennial (1)
- re-validate (1)
- reflection (1)
- regulations (1)
- representatives (1)
- required (1)
- requirement (1)
- researchers (1)
- reseller (1)
- revalidate (1)
- revenue (1)
- revoke (1)
- revoked (1)
- rights (1)
- rivals (1)
- roadblock (1)
- roadmap (1)
- rsa conference (1)
- sales (1)
- salted (1)
- savings (1)
- scalability (1)
- season (1)
- security software (1)
- select (1)
- selected (1)
- selection (1)
- self-driving (1)
- self-driving car (1)
- senate (1)
- senators (1)
- server (1)
- servers (1)
- silver (1)
- simplify (1)
- smart cars (1)
- smart home (1)
- smart toilet (1)
- smartwatch (1)
- sole source provider (1)
- sole-source (1)
- speak (1)
- speaking session (1)
- specialization (1)
- stand for (1)
- standards (1)
- start-up (1)
- state (1)
- stealth mode (1)
- stigma (1)
- story (1)
- strategy (1)
- success (1)
- summer (1)
- sunet (1)
- sunset date (1)
- sunsetted (1)
- symposium (1)
- talk (1)
- tech (1)
- technical (1)
- term (1)
- terminology (1)
- terms (1)
- threat detection (1)
- threats (1)
- toilet (1)
- top gun (1)
- training (1)
- trophy (1)
- unicorn (1)
- use cases (1)
- value (1)
- vendors (1)
- website (1)
- whining (1)
- whistleblower (1)
- whistleblowing (1)
- wifi (1)
- wrap (1)
- wrap-up (1)