Compliance

959779642e6e758563e80b5d83150a9f

Celebrity Privacy Breaches and High School Physics

February 01, 2013 Added by:Danny Lieberman

In our previous post on patient privacy, we noted that patient data loss is a lot like planes disappearing in the Bermuda Triangle – no one really knows where the planes disappeared to, since the people on the planes never return to tell the story...

Comments  (0)

65be44ae7088566069cc3bef454174a7

Implementing a Data De-Identification Framework

January 29, 2013 Added by:Rebecca Herold

Marketing organizations salivate at the prospects of doing advanced analysis with such data to discover new trends and marketing possibilities. The government wants to use it for investigations. Historians want to use it for, yes, marking historical events. And the list could go on...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Privacy Crusaders – Their Own Worst Enemies

January 28, 2013 Added by:Danny Lieberman

It is no accident that the largest healthcare organizations have the highest rate of patient-privacy breaches. The old saying – “the bigger they are, the harder they fall” is true, but more than that is happening when it comes to patient-privacy breaches in America as a whole...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Pre-Authorization Data – The Card Brands Weigh In

January 28, 2013 Added by:PCI Guru

Acquiring banks, for the most part, cannot answer basic questions about the PCI DSS, so we are supposed to believe that they are experts on retention of pre-authorization data based on a company’s vertical market and region? Talk about passing the buck...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Fly First Class But Pay Economy for HIPAA Compliance

January 22, 2013 Added by:Danny Lieberman

After the sanity check with the team that constructed the threat scenarios, you and your HIPAA consultant need to calculate your Value at Risk. Calculating VaR will help shed light on where to save money and where to spend money...

Comments  (0)

59d9b46aa00c70238bb89056cfeb96c0

Tribute to Stan The Man and 11 Rules for Compliance Success

January 21, 2013 Added by:Thomas Fox

These insights could help you improve your compliance program. And while it doesn’t have quite the same rhyming scheme as Paul Simon’s Mrs. Robinson, here’s to you Stan ‘The Man’ Musial. I hope that you enjoy an inning or two at the great game in the hereafter...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Are you meeting your perceived security obligations?

January 19, 2013 Added by:Tripwire Inc

Security professionals today identify lack of qualified talent and lack of organizational funding as a key problem to their daily job; which probably implies that they are doing what they can with what they have; which likely may not meet expectations...

Comments  (0)

48f758be63686a73484a7380e94f73d0

The Phoenix Project: A Review

January 16, 2013 Added by:Ed Bellis

Gene Kim was kind enough to provide me with an advanced review copy of The Phoenix Project who is a co-author of the book. Fair warning: the first half of this book brought back nails-on-a-chalkboard type memories of dealing with large-scale audits and everything that comes with it...

Comments  (0)

F29746c6cb299c1755e4087e6126a816

Identity Thieves Take a Bite Out of Apple

January 15, 2013 Added by:Kelly Colgan

Scammers are taking advantage of a product financing offer that presents identity thieves with the opportunity to fraudulently obtain instant credit approval to make online purchases. The crime is simple to carry out. All scammers need are the basic types of information commonly exposed in data breaches...

Comments  (1)

8a958994958cdf24f0dc051edfe29462

Common Sense Cybersecurity

January 13, 2013 Added by:Larry Karisny

We start with one big problem. Internet architecture was never made for security. One of my earliest articles quoted the father of the Internet Vint Cerf by saying, "One of things incumbent on all of us is to introduce strong authentication into the fabric of the smart grid. We did not do that with the Internet."

Comments  (0)

959779642e6e758563e80b5d83150a9f

The #1 Bermuda Triangle of Patient Privacy – debunking patient data loss

January 05, 2013 Added by:Danny Lieberman

Patient data loss is a lot like planes disappearing in the Bermuda Triangle – no one really knows where the planes disappeared to, since the people on the planes never came back to tell the story. The same way we talk about patient data loss and never really consider how you can “lose” patient data and whether it can be “returned”.

Comments  (2)

65be44ae7088566069cc3bef454174a7

ISMS Certification Does Not Equal Regulatory Compliance

December 27, 2012 Added by:Rebecca Herold

“By becoming ISO 27001 certified does that automatically mean we comply with HIPAA and HITECH requirements? Are there any requirements of HIPAA/HITECH that are not required to meet ISO 27001 standards?”

Comments  (0)

Ff632049ba1218ecd55b8122b2112642

All Aboard

December 17, 2012 Added by:Randall Frietzsche

We need a well-conceived set of administrative and technical controls - our policy, while still acknowledging that every living creature on the planet is organically attached to a smart device, must dictate that the user will follow the policy at risk of termination...

Comments  (0)

Bd86d2b4bd72ac0ca847696eec3759f3

Compliance Combines with Vulnerability Scanning to Create Aegify

December 10, 2012 Added by:Michelle Drolet

Two security firms, the established Rapid7 vulnerability manager and eGestalt, a cloud-based compliance management provider, have signed an OEM deal that will do something for the IT security industry that hasn’t been done before: a combination security and compliance posture management...

Comments  (1)

3071bd3c5c013c8c3defcccad0259c16

If you are not serious enough about your security don’t expect your IT service provider to care

December 10, 2012 Added by:Hani Banayoti

Another year coming to a close and I am full of hope for new thinking on security for the road ahead. One particular aspect in our profession that I would like to see change in the very near future is the typical approach to incorporating security in contracts with IT Service Providers...

Comments  (0)

Ff632049ba1218ecd55b8122b2112642

Risky Business

December 03, 2012 Added by:Randall Frietzsche

In the broad spectrum of activities which might be called Information Security, we must always first and foremost implement, execute and follow through with risk management. Risk management is the backbone or foundation of any good information security program...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »