HIPAA

Default-avatar

Four Steps to An Effective Privacy Program

April 27, 2015 Added by:Angela Matney

Privacy is not just a concern for large, multinational corporations. Today, businesses of all sizes collect and store more personal data than ever before.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Why Requirement 5 Must Change

April 21, 2015 Added by:PCI Guru

The issue is the ineffectiveness of anti-virus solutions and why they are ineffective.

Comments  (0)

0ead717779244d9aab5c1699308850d2

PCI DSS 3.1 Sets Deadline for SSL Migration

April 16, 2015 Added by:Brian Prince

The PCI Security Standards Council (PCI SSC) has released the latest version of the PCI Data Security Standard (PCI DSS) with an eye towards addressing security concerns related to the Secure Sockets Layer (SSL) protocol.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

ASV Guidance for SSL/TLS Vulnerabilities

April 16, 2015 Added by:PCI Guru

Hidden by all of the news about v3.1 of the PCI DSS being published, is a notice that was sent to all PCI approved scanning vendors (ASV) from the PCI SSC regarding how to handle SSL and “early TLS” vulnerabilities.

Comments  (0)

6a71825dbf6d876764b845e0fd664e0b

Cybersecurity Trends for SMBs: Mobile, Security and the Cloud

April 10, 2015 Added by:Paul Lipman

While SMBs are vulnerable to many of the same types of attacks as the companies making headlines (Target, JP Morgan, Home Depot, Anthem, etc.), they must defend themselves with vastly smaller IT teams and budgets. SMBs are finding they have a unique set of challenges and vulnerabilities that require a comprehensive but tailored approach to security.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

PCI Issues Penetration Testing Information Supplement

April 06, 2015 Added by:PCI Guru

Not surprisingly, I have a number of comments based on what I have read. There are some good things that have come out of this effort. But in my opinion, the committee missed the boat in a few areas and those will lead to even more confusion between penetration testers, QSAs and clients.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

PCI Swot Analysis

March 30, 2015 Added by:PCI Guru

I had someone ask me about my thoughts on this sort of analysis of the PCI DSS. While these comments are PCI focused, I found that they actually apply to all security frameworks.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

You Make the Rules

March 23, 2015 Added by:PCI Guru

For years organizations have complained that they receive varying advice from different QSAs even when the QSAs are from the same firm...To address this situation, the Council is telling all PCI stakeholders that it is up to the organizations being assessed to define the rules of the assessment.

Comments  (0)

D36d0936f0c839be7bf2b20d59eaa76d

Dangers Accelerate: Increasing Global Threats Loom Over Information Security Landscape

March 19, 2015 Added by:Steve Durbin

The pace and scale of information security threats continues to accelerate, endangering the integrity and reputation of today’s most trusted organizations. Attackers have become more organized, attacks are more refined, and all threats are more dangerous, and pose more risks, to an organization’s reputation than ever before.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

The 2015 Verizon PCI Report

March 16, 2015 Added by:PCI Guru

The Verizon report is a great read and provides a lot of insights. Everyone should get a copy and read it, take it to heart and address your organization’s security shortcomings.

Comments  (3)

959779642e6e758563e80b5d83150a9f

It’s Friends and Family Breaching Patient Privacy – Not Estonian Hackers

March 12, 2015 Added by:Danny Lieberman

A 2011 HIPAA patient privacy violation in Canada, where an imaging technician accessed the medical records of her ex-husband’s girlfriend is illustrative of unauthorized disclosure of patient information by authorized people.

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

An Audit Versus an Assessment

March 10, 2015 Added by:PCI Guru

A lot of people are always calling their PCI assessment an audit. However, certified public accountants (CPA) would tell them that there is a vast difference between the two.

Comments  (1)

Bd07d58f0d31d48d3764821d109bf165

Is Compliance Bad for Security?

March 04, 2015 Added by:Tripwire Inc

Companies like mine, and consultants like me, have long been instructed and expected to pass on the mantra that the solution to security is compliance with standards and that being in compliance means you are secure. Having worked in the industry for more than a decade, I know that this is demonstrably not true.

Comments  (3)

B359c06abd8c84e1a224a96ca47af8b9

PCI DSS 3.0 Updates and Ramifications for Network and Application Security

March 02, 2015 Added by:Barracuda Networks

The PCI DSS 3.0 is here. Since Jan 1, 2015 organizations under its purview are required to comply with the updated standard. Many of the changes stem from the recent high profile breaches, despite being compliant.

Comments  (3)

Fc152e73692bc3c934d248f639d9e963

What is a Level 3 Merchant?

March 02, 2015 Added by:PCI Guru

This consistently keeps coming up as an issue because of the confusing definitions on the Visa, MasterCard and Discover Web sites.

Comments  (3)

E3a9682e949423ecdcbe7e0a0b2ff990

Owning your own data – Data residency laws

February 26, 2015 Added by:Willy Leichter

A question I get asked a lot at is, “If there is a data center in my region, do I still need to protect my own data if I’m concerned about say data residency laws?”

Comments  (5)

Page « < 1 - 2 - 3 - 4 - 5 > »