Image by ivanpw via Flickr Social Media Policy Social Media has become part of the user community several years ago. Today we have social media in the corporate environment. The main problem we have is how social media has evolved. It has been a bottom up approach. By bottom up I mean that the consumer [...]
Author Archive
Data Lifecycle Management: How to reduce risk, Part 2
Posted: 2nd May 2010 by admin in Compliance, Vendor RiskTags: Business, Company, Consultants, Data, Data Lifecycle Management, General and Freelance, Ponemon Institute, security
Data Lifecycle Management: How to reduce risk Part 2 The Data Lifecycle Management (DLM) goes through 5 steps: creation, usage, transport, storage and destruction. Most companies have parts of this lifecycle under control, but that means there are lots of areas for gaps in the control measures that could let a threat affect the data. [...]
Data Lifecycle Management: How to reduce risk (part1)
Posted: 21st April 2010 by admin in Compliance, Security Assesment, Supplier Security, Unstructured Data, risk assessmentTags: data lifecycle, Data management, risk reduction, security, Technology
The Data Lifecycle goes through 5 steps: creation, usage, transport, storage and destruction.
Washington State implements PCI law
Posted: 30th March 2010 by admin in Compliance, Could Computing, HIPAA, PCI, Security Assesment, risk assessmentTags: Data security, Minnesota, Payment Card Industry Data Security Standard, security
Image via Wikipedia PCI laws are expanding around the country. Washington State is the latest to add a law to their books. Washington state follows Nevada and Minnesota in implementing Payment Card Industry Data Security Standard (PCI), the law is HB 1149. It changes the breach notification law they already had on the books. The [...]
What are the challenges with protecting electronic documents?
Posted: 29th March 2010 by admin in Compliance, Corporate Stupidity, Security Assesment, antivirus, risk assessmentTags: Adobe Systems, Apple, Data loss prevention products, Document management system, malware, security
Image via Wikipedia We have seen a lot of problems with Adobe vulnerabilities. Adobe has been getting beat up with all the negative publicity in the past few months. Apple is restricting access to Adobe on their devices. Has anyone tried their remote desktop sharing? I wonder if some vulnerability will be release in that [...]
What is the value of a Data Breach?
Posted: 27th January 2010 by admin in Compliance, HIPAA, Hacking News, PCI, Security AssesmentTags: Citibank, Data Breach, Health Insurance Portability and Accountability Act, Ponemon Institute, Pretty Good Privacy
Image by Getty Images via Daylife SC magazine just reported that the Ponemon Institute has determined the cost of a data breach is $204 per record. “Data breaches last year cost organizations $204 per exposed record on average, which represents an almost two percent increase over 2008, according to the fifth annual “Cost of Data [...]
Ponemon Institute Cyber megatrends – Some Additions Needed
Posted: 28th November 2009 by admin in Compliance, Corporate Stupidity, Could Computing, Outsourcing, Unstructured Data, Web 2.0Tags: Cloud computing, Computer security, security
Ponemon Institute recently released their Cyber megratrends as listed below. While I agree with these I think there were a couple that could easily be added to the list. First, I would either add or modify Web 2.0 into Web 3.0. Lets look to what is going to happen versus what is happening. Incremental change [...]
HIPAA Vendor Compromised Healthcare Records
Posted: 12th November 2009 by admin in HIPAATags: Aetna, Health care, Health insurance, Health Insurance Portability and Accountability Act, security
This is story that is several months old, but as I came across it, i thought it would make a good point. A vendor handling healthcare records has lost social security numbers of people in March of 2009. In this case, Health insurer Aetna, Inc., is reportedly providing 65,000 individuals with free credit monitoring for [...]
HIPAA Compliance Data Breach with a Foreign Supplier
Posted: 3rd November 2009 by admin in HIPAATags: Compliance, HIPAA, Supplier
Recently, the Economic Times Report in India discussed a successful “Sting operation by a UK agency in which some health related data was bought from a medical transcription company” . What this means is all that perosnal and HIPAA confidential data that was being transfered for transcription got stolen in the most likely scenario. There [...]
IPhone Apps Every Road Warrior Entrepreneur Needs
Posted: 22nd October 2009 by admin in Compliance, Could Computing, Entrepreneur, HIPAA, antivirusTags: airport delay, AroundMe, Business, data loss, FlightAware, Google, Google Calendar, Google Map, Google Maps, network solutions, reQall, security, Twitter
The Blackberry has been the mainstay of the business world for years. But as we know, the IPhone is eating away at market share. There are over 75,000 apps for the IPhone now and growing steadily. For those who have Blackberry Thumb, you can probably look forward to IPhone Index Finger at some point in [...]
FTC’s Additional Rules for HIPAA Security
Posted: 23rd August 2009 by admin in Compliance, Government Security, HIPAA, Security Assesment, risk assessmentTags: Federal Trade Commission, Health care, Health Insurance Portability and Accountability Act, security rule
FTC’s Additonal Rules for HIPAA Security The Federal Trade Commission (FTC) recently issued a rule which gives more scope to the data breach notification rules as part of the Health Insurance Portability and Accountability Act (HIPAA). The addition targets companies that provide health info in an online storage facitlity. Things like Google Health or Healthvault [...]
Stolen laptop with employee information- yet again
Posted: 7th August 2009 by admin in Corporate Stupidity, Identity theftTags: American International Group, Consultants, HSBC, network security, Pretty Good Privacy, security, United States
Stolen laptop with employee information- yet again The Associated Press reported that a Williams Cos. Inc. laptop containing personal and compensation information was stopen from a workers vehicle. The laptop had over 4,400 current and former employees records. Information like names, birth dates, Social Security numbers and compensation data was on it. How many times [...]
Forget Information Security, someone work on airport delays
Posted: 30th July 2009 by admin in Compliance, Corporate Stupidity, Government Security, TravelTags: airport delay, bwi
Forget Information Security, someone work on airport delays My posts are all usually information security related. Some interesting things on web security, vulnerability assessment, risk assessment, all that good stuff. Well today I cannot blog about that. As much as I love it, get a probably un-natural excitement about it, I can’t do it. I [...]