January 13, 2013 Added by:Larry Karisny
We start with one big problem. Internet architecture was never made for security. One of my earliest articles quoted the father of the Internet Vint Cerf by saying, "One of things incumbent on all of us is to introduce strong authentication into the fabric of the smart grid. We did not do that with the Internet."
January 05, 2013 Added by:Danny Lieberman
Patient data loss is a lot like planes disappearing in the Bermuda Triangle – no one really knows where the planes disappeared to, since the people on the planes never came back to tell the story. The same way we talk about patient data loss and never really consider how you can “lose” patient data and whether it can be “returned”.
December 27, 2012 Added by:Rebecca Herold
“By becoming ISO 27001 certified does that automatically mean we comply with HIPAA and HITECH requirements? Are there any requirements of HIPAA/HITECH that are not required to meet ISO 27001 standards?”
December 17, 2012 Added by:Randall Frietzsche
We need a well-conceived set of administrative and technical controls - our policy, while still acknowledging that every living creature on the planet is organically attached to a smart device, must dictate that the user will follow the policy at risk of termination...
December 10, 2012 Added by:Michelle Drolet
Two security firms, the established Rapid7 vulnerability manager and eGestalt, a cloud-based compliance management provider, have signed an OEM deal that will do something for the IT security industry that hasn’t been done before: a combination security and compliance posture management...
December 10, 2012 Added by:Hani Banayoti
Another year coming to a close and I am full of hope for new thinking on security for the road ahead. One particular aspect in our profession that I would like to see change in the very near future is the typical approach to incorporating security in contracts with IT Service Providers...
December 03, 2012 Added by:Randall Frietzsche
In the broad spectrum of activities which might be called Information Security, we must always first and foremost implement, execute and follow through with risk management. Risk management is the backbone or foundation of any good information security program...
November 28, 2012 Added by:Stacey Holleran
Small business owners often don't have someone who is versed in network security. So when they are told they need a “network penetration test” to comply with PCI DSS, many will contact the growing number of companies offering inexpensive testing services...
November 27, 2012 Added by:Thomas Fox
If you have not had the opportunity to attend a compliance-related conference tailored to the challenges of working in the Far East this would be the one for you. Even if you have attended such an event, this conference focuses on China and will give you insight into how to do business...
November 19, 2012 Added by:Bill Mathews
That’s right, I got an email with my username and password listed right there. That probably doesn’t anger normal people (let alone drive them to write an article about it), but I have never been accused of being normal so I’m pretty annoyed. Here, in no particular order, are my reasons for the anger and frustration...
November 12, 2012 Added by:Mary Shaddock Jones
Companies can be held liable for the acts of third parties acting on their behalf. The use of the contracting strategies will clearly communicate to the Agent and/ or Partner the seriousness of your company’s commitment to abiding by the law and spirit of the FCPA and similar anti-corruption laws and regulations...
November 09, 2012 Added by:Mikko Jakonen
Criminals or 'adversaries' do not care about your papers. Period. Only a skilled set of controls, wisdom, and discipline in management secures the environment. Attackers will utilize every means to gain access your beloved environment...
November 08, 2012 Added by:Danny Lieberman
Many technology vendors tout the idea of self management, and the advantages of mobile healthcare apps, virtual visits, tablets and e-detailing but in fact, a face-to-face relationship with a doctor is more powerful than a digital relationship alone. We don’t need Sherry Turkle to tell us that...
November 07, 2012 Added by:PCI Guru
The first part of the mythology revolves around what PCI compliant services Amazon Web Services (AWS) is actually providing. According to AWS’s Attestation Of Compliance, AWS is a Hosting Provider for Web and Hardware. The AOC calls out that the following services have been assessed PCI compliant...
October 29, 2012 Added by:Thomas Fox
I recently saw a White Paper released through Compliance Week, where an un-named author posited that there are seven essential features to create an effective hotline. I found this article to be useful for a compliance practitioner to quickly review how his or her company might set up a hotline...
October 23, 2012 Added by:Stephen Marchewitz
Whether you start from top-down management or are looking for bottom-up results, having a quantifiable approach to security risk management that aligns with a known standard such as ISO will put you in a better position than you are today...
Interoperability: A Much Needed Cloud Comput... ryan mccarthy on 04-18-2014
Is User Experience Part of Your Security Pla... Allan Pratt, MBA on 04-17-2014
Interoperability: A Much Needed Cloud Comput... ryan mccarthy on 04-17-2014