HIPAA

Ae27d21943468124221937d59167fff8

The Ethics of Monitoring Your Employees

September 03, 2013 Added by:Edwin Covert

As the GAO report makes clear, organizations are well within their legal rights to monitor employee activity online when using organization information technology resources.

Comments  (1)

Ee445365f5f87ac6a6017afd9411a04a

What Magneto's Helmet and Non-ICFR SSAE 16 Controls have in Common

July 04, 2013 Added by:Jon Long

Recently I have had opportunities to observe several auditors defend why they believe the controls contained in their client's SSAE 16 reports are relevant to internal controls over financial reporting (ICFR).

Comments  (0)

483d57221cc733958be20869f1c7e400

HIPAA in Public Cloud: The Rules Have Been Set

July 03, 2013 Added by:Phil Cox

On January 25, 2013, the U.S. Department of Health and Human Services (HHS) released the Omnibus Rule, which finalized all the former interim rules for Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) compliance.

Comments  (0)

369dec31d888693bba6b6e0f39c14ce3

Healthcare Interrupted - Top Five Vulnerabilities Hackers Can Use Right Now To Shut Down Medical Devices

June 24, 2013 Added by:Matt Neely

By performing penetration tests on hospital networks and medical devices, security researchers have found that many commonly used devices are insecure and can be easily compromised.

Comments  (0)

65c1700fde3e9a94cc060a7e3777287c

Identity & Access Management: Give Me a REST

June 19, 2013 Added by:Simon Moffatt

RESTful architectures have been the general buzz of websites for the last few years. The simplicity, scalability and statelessness of this approach to client-server communications has been adopted by many of the top social sites such as Twitter and Facebook. Why? Well, in their specific cases, developer adoption is a huge priority.

Comments  (0)

Ee445365f5f87ac6a6017afd9411a04a

Irregardless, Begs the Question, and SSAE 16 Certified

June 04, 2013 Added by:Jon Long

"Irregardless" is not a word, and is not a substitute for irrespective or regardless. "Begging the question" is a logical fallacy, not a substitute for "...which raises the question...", and there is no such thing as an "SSAE 16 certification".

Comments  (0)

6d117b57d55f63febe392e40a478011f

The Year of the Security Standard

May 09, 2013 Added by:Anthony M. Freed

Often in the security field we hear the question asked, “Who’s watching the watchers?” It occurred to me recently that one might make a similar rhetorical quip about other aspects of our field – in particular, the question of “Who’s standardizing the standards?”

Comments  (0)

D2b743b9ed2d7c357472fa8237d7adaf

Using Least Privilege to Effectively Meet PCI DSS Compliance

April 25, 2013 Added by:Andrew Avanessian

PCI DSS Requirement guidelines certainly reinforce how compliance has hardened from suggestive or advisory directives to true mandates with hefty fines and strict consequences for those failing to take heed.

Comments  (0)

E595c1d49bf4a26f8e14ce59812af80e

Conducting Secure Transactions On-the-go with VPNs

March 20, 2013 Added by:Patrick Oliver Graf

The safeguarding of private customer information has become a top priority for many organizations, thanks in no small part to government regulation and industry oversight, as we move toward an increasingly digital world.

Comments  (0)

959779642e6e758563e80b5d83150a9f

Celebrity Privacy Breaches and High School Physics

February 01, 2013 Added by:Danny Lieberman

In our previous post on patient privacy, we noted that patient data loss is a lot like planes disappearing in the Bermuda Triangle – no one really knows where the planes disappeared to, since the people on the planes never return to tell the story...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Fly First Class But Pay Economy for HIPAA Compliance

January 22, 2013 Added by:Danny Lieberman

After the sanity check with the team that constructed the threat scenarios, you and your HIPAA consultant need to calculate your Value at Risk. Calculating VaR will help shed light on where to save money and where to spend money...

Comments  (0)

48f758be63686a73484a7380e94f73d0

The Phoenix Project: A Review

January 16, 2013 Added by:Ed Bellis

Gene Kim was kind enough to provide me with an advanced review copy of The Phoenix Project who is a co-author of the book. Fair warning: the first half of this book brought back nails-on-a-chalkboard type memories of dealing with large-scale audits and everything that comes with it...

Comments  (0)

8a958994958cdf24f0dc051edfe29462

Common Sense Cybersecurity

January 13, 2013 Added by:Larry Karisny

We start with one big problem. Internet architecture was never made for security. One of my earliest articles quoted the father of the Internet Vint Cerf by saying, "One of things incumbent on all of us is to introduce strong authentication into the fabric of the smart grid. We did not do that with the Internet."

Comments  (0)

959779642e6e758563e80b5d83150a9f

The #1 Bermuda Triangle of Patient Privacy – debunking patient data loss

January 05, 2013 Added by:Danny Lieberman

Patient data loss is a lot like planes disappearing in the Bermuda Triangle – no one really knows where the planes disappeared to, since the people on the planes never came back to tell the story. The same way we talk about patient data loss and never really consider how you can “lose” patient data and whether it can be “returned”.

Comments  (2)

Ff632049ba1218ecd55b8122b2112642

All Aboard

December 17, 2012 Added by:Randall Frietzsche

We need a well-conceived set of administrative and technical controls - our policy, while still acknowledging that every living creature on the planet is organically attached to a smart device, must dictate that the user will follow the policy at risk of termination...

Comments  (0)

E85787adcaf7bca10e799cfd1cfd08f1

Compliance Combines with Vulnerability Scanning to Create Aegify

December 10, 2012 Added by:Michelle Drolet

Two security firms, the established Rapid7 vulnerability manager and eGestalt, a cloud-based compliance management provider, have signed an OEM deal that will do something for the IT security industry that hasn’t been done before: a combination security and compliance posture management...

Comments  (1)

Page « < 2 - 3 - 4 - 5 - 6 > »