Author Archive

Building a Social Media Policy

Posted: 11th August 2010 by admin in Compliance, Could Computing, Entrepreneur, Security Assesment, Security Policy, Social network, risk assessment, social media
Tags: , , , , ,
Comments Off

Image by ivanpw via Flickr Social Media Policy Social Media has become part of the user community several years ago. Today we have social media in the corporate environment. The main problem we have is how social media has evolved. It has been a bottom up approach. By bottom up I mean that the consumer [...]

Corporate Reputation Management: Can a company require you register your Social Media Profile with Human Resources?

Posted: 25th May 2010 by admin in Compliance, Social network, social media
Tags: , , , , , , ,
1

Image via CrunchBase When you join a company, you relinquish certain rights. The workplace is not a democracy. Yet many people still think that their corporate email, their corporate computers and the data they use is “theirs”. Who owns that data? Well the answer is the company. Companies are concerned with data loss prevention. A [...]

Data Lifecycle Management: How to reduce risk, Part 2

Posted: 2nd May 2010 by admin in Compliance, Vendor Risk
Tags: , , , , , , ,
Comments Off

Data Lifecycle Management: How to reduce risk Part 2 The Data Lifecycle Management (DLM) goes through 5 steps: creation, usage, transport, storage and destruction. Most companies have parts of this lifecycle under control, but that means there are lots of areas for gaps in the control measures that could let a threat affect the data. [...]

Data Lifecycle Management: How to reduce risk (part1)

Posted: 21st April 2010 by admin in Compliance, Security Assesment, Supplier Security, Unstructured Data, risk assessment
Tags: , , , ,
Comments Off

The Data Lifecycle goes through 5 steps: creation, usage, transport, storage and destruction.

What are the features you need a Windows Security Host Diagnostic tool?

Posted: 1st April 2010 by admin in Compliance, Could Computing, HIPAA, Managed Security, PCI, risk assessment
Tags: , , ,
Comments Off

Image via Wikipedia There is a lot of focus on network security and application security today. Years ago it was operating system security that was all the rage. But with the advent of the strict requirements of some of the regulations such as HIPAA, PCI, SOX, and FISMA, more attention needs to be paid to [...]

Washington State implements PCI law

Posted: 30th March 2010 by admin in Compliance, Could Computing, HIPAA, PCI, Security Assesment, risk assessment
Tags: , , ,
Comments Off

Image via Wikipedia PCI laws are expanding around the country. Washington State is the latest to add a law to their books. Washington state follows Nevada and Minnesota in implementing Payment Card Industry Data Security Standard (PCI), the law is HB 1149. It changes the breach notification law they already had on the books. The [...]

What are the challenges with protecting electronic documents?

Posted: 29th March 2010 by admin in Compliance, Corporate Stupidity, Security Assesment, antivirus, risk assessment
Tags: , , , , ,
Comments Off

Image via Wikipedia We have seen a lot of problems with Adobe vulnerabilities. Adobe has been getting beat up with all the negative publicity in the past few months. Apple is restricting access to Adobe on their devices. Has anyone tried their remote desktop sharing? I wonder if some vulnerability will be release in that [...]

What is Social Media INSecurity?

Posted: 24th March 2010 by admin in Entrepreneur, Security Assesment, Social network, Web 2.0, social media
Tags: , , , , , , ,
Comments Off

Image via CrunchBase  The trends in Social Media are heading towards more sharing of information. But sharing of information has moved beyond your circle of friends and family. Social media is becoming less social and more… well more corporate. Or more like many people shouting in a bar, you are all in close proximity, but [...]

Can you protect yourself on Social Media?

Posted: 1st March 2010 by admin in Identity theft, Social network, antivirus, social media
Tags: , , , , , , , , , , , ,
Comments Off

Image via Wikipedia One of the greatest challenges to privacy and security in the next several years is Social Networks and Social Media. Sites like Facebook, Twitter, LinkedIn, MySpace and others can be the downfall of valuing information. The ability to share and provide information is completely the opposite of network security requirements.  This is [...]

When will Vendors provide Risk Assessments of their products?

Posted: 17th February 2010 by admin in Compliance, Hacking News, Security Assesment, Supplier Security, Web Security, antivirus, risk assessment
Tags: , , , , , , , , ,
Comments Off

Image via Wikipedia Vendor risk assessment are not part of everyday corporate managememnt but it should be. If you drive a car and every week you have to get something fixed it would prove pretty annoying, disgusting, outrageous and you probably you would never buy that model again and probably wouldn’t by from that manufacturer [...]

What is the value of a Data Breach?

Posted: 27th January 2010 by admin in Compliance, HIPAA, Hacking News, PCI, Security Assesment
Tags: , , , ,
Comments Off

Image by Getty Images via Daylife SC magazine just reported that the Ponemon Institute has determined the cost of a data breach is $204 per record. “Data breaches last year cost organizations $204 per exposed record on average, which represents an almost two percent increase over 2008, according to the fifth annual “Cost of  Data [...]

Ponemon Institute Cyber megatrends – Some Additions Needed

Posted: 28th November 2009 by admin in Compliance, Corporate Stupidity, Could Computing, Outsourcing, Unstructured Data, Web 2.0
Tags: , ,
Comments Off

Ponemon Institute recently released their  Cyber megratrends as listed below. While I agree with these I think there were a couple that could easily be added to the list. First, I would either add or modify Web 2.0 into Web 3.0. Lets look to what is going to happen versus what is happening. Incremental change [...]

HIPAA Vendor Compromised Healthcare Records

Posted: 12th November 2009 by admin in HIPAA
Tags: , , , ,
Comments Off

This is story that is several months old, but as I came across it, i thought it would make a good point. A vendor handling healthcare records has lost social security numbers of people in March of 2009. In this case, Health insurer Aetna, Inc., is reportedly providing 65,000 individuals with free credit monitoring for [...]

HIPAA Compliance Data Breach with a Foreign Supplier

Posted: 3rd November 2009 by admin in HIPAA
Tags: , ,
Comments Off

Recently, the Economic Times Report in India discussed a successful “Sting operation by a UK agency in which some health related data was bought from a medical transcription company” . What this means is all that perosnal and HIPAA confidential data that was being transfered for transcription got stolen in the most likely scenario.  There [...]

IPhone Apps Every Road Warrior Entrepreneur Needs

Posted: 22nd October 2009 by admin in Compliance, Could Computing, Entrepreneur, HIPAA, antivirus
Tags: , , , , , , , , , , , ,
Comments Off

The Blackberry has been the mainstay of the business world for years. But as we know, the IPhone is eating away at market share. There are over 75,000 apps for the IPhone now and growing steadily. For those who have Blackberry Thumb, you can probably look forward to IPhone Index Finger at some point in [...]

Information Devaluation Through Phishing

Posted: 25th September 2009 by admin in Phishing
Tags: , , , , , ,
Comments Off

Image via Wikipedia Information Devaluation Through Phishing The value of information has been decreasing over time. How do you see this isn the real world? There are two ways, one can be seen from the user perspective and the other from the attacker/bad guy perspective. From a user point of view, the most obvious method [...]

FTC’s Additional Rules for HIPAA Security

Posted: 23rd August 2009 by admin in Compliance, Government Security, HIPAA, Security Assesment, risk assessment
Tags: , , ,
Comments Off

FTC’s Additonal Rules for HIPAA Security The Federal Trade Commission (FTC) recently issued a rule which gives more scope to the data breach notification rules as part of the Health Insurance Portability and Accountability Act (HIPAA). The addition targets companies that provide health info in an online storage facitlity. Things like Google Health or Healthvault [...]

Credit Card Theft Put Miami on the Map

Posted: 19th August 2009 by admin in Compliance, Corporate Stupidity, Government Security, Hacking News
Tags: , , , , , , ,
1

Miami is a fun place to live and work (there are actually people who work here). Its a great vacation spot, people enjoy the nightlife and now we have something else to crow about. The largest credit theft ring was based here! According to Bloomberg, “Albert Gonzalez, a 28-year-old Miami resident, and two hackers living [...]

Stolen laptop with employee information- yet again

Posted: 7th August 2009 by admin in Corporate Stupidity, Identity theft
Tags: , , , , , ,
Comments Off

Stolen laptop with employee information- yet again The Associated Press reported that a Williams Cos. Inc. laptop containing personal and compensation information was stopen from a workers vehicle. The laptop had over 4,400 current and former employees records. Information like names, birth dates, Social Security numbers and compensation data was on it. How many times [...]

Forget Information Security, someone work on airport delays

Posted: 30th July 2009 by admin in Compliance, Corporate Stupidity, Government Security, Travel
Tags: ,
Comments Off

Forget Information Security, someone work on airport delays My posts are all usually information security related. Some interesting things on web security, vulnerability assessment, risk assessment, all that good stuff. Well today I cannot blog about that. As much as I love it, get a probably un-natural excitement about it, I can’t do it. I [...]

Older Entries