Image via Wikipedia Vendor risk assessment are not part of everyday corporate managememnt but it should be. If you drive a car and every week you have to get something fixed it would prove pretty annoying, disgusting, outrageous and you probably you would never buy that model again and probably wouldn’t by from that manufacturer [...]
Author Archive
What is the value of a Data Breach?
Posted: 27th January 2010 by admin in Compliance, Hacking News, HIPAA, PCI, Security AssesmentTags: Citibank, Data Breach, Health Insurance Portability and Accountability Act, Ponemon Institute, Pretty Good Privacy
Image by Getty Images via Daylife SC magazine just reported that the Ponemon Institute has determined the cost of a data breach is $204 per record. “Data breaches last year cost organizations $204 per exposed record on average, which represents an almost two percent increase over 2008, according to the fifth annual “Cost of Data [...]
Ponemon Institute Cyber megatrends – Some Additions Needed
Posted: 28th November 2009 by admin in Compliance, Corporate Stupidity, Could Computing, Outsourcing, Unstructured Data, Web 2.0Tags: Cloud computing, Computer security, security
Ponemon Institute recently released their Cyber megratrends as listed below. While I agree with these I think there were a couple that could easily be added to the list. First, I would either add or modify Web 2.0 into Web 3.0. Lets look to what is going to happen versus what is happening. Incremental change [...]
HIPAA Vendor Compromised Healthcare Records
Posted: 12th November 2009 by admin in HIPAATags: Aetna, Health care, Health insurance, Health Insurance Portability and Accountability Act, security
This is story that is several months old, but as I came across it, i thought it would make a good point. A vendor handling healthcare records has lost social security numbers of people in March of 2009. In this case, Health insurer Aetna, Inc., is reportedly providing 65,000 individuals with free credit monitoring for [...]
HIPAA Compliance Data Breach with a Foreign Supplier
Posted: 3rd November 2009 by admin in HIPAATags: Compliance, HIPAA, Supplier
Recently, the Economic Times Report in India discussed a successful “Sting operation by a UK agency in which some health related data was bought from a medical transcription company” . What this means is all that perosnal and HIPAA confidential data that was being transfered for transcription got stolen in the most likely scenario. There [...]
IPhone Apps Every Road Warrior Entrepreneur Needs
Posted: 22nd October 2009 by admin in antivirus, Compliance, Could Computing, Entrepreneur, HIPAATags: airport delay, AroundMe, Business, data loss, FlightAware, Google, Google Calendar, Google Map, Google Maps, network solutions, reQall, security, Twitter
The Blackberry has been the mainstay of the business world for years. But as we know, the IPhone is eating away at market share. There are over 75,000 apps for the IPhone now and growing steadily. For those who have Blackberry Thumb, you can probably look forward to IPhone Index Finger at some point in [...]
FTC’s Additional Rules for HIPAA Security
Posted: 23rd August 2009 by admin in Compliance, Government Security, HIPAA, risk assessment, Security AssesmentTags: Federal Trade Commission, Health care, Health Insurance Portability and Accountability Act, security rule
FTC’s Additonal Rules for HIPAA Security The Federal Trade Commission (FTC) recently issued a rule which gives more scope to the data breach notification rules as part of the Health Insurance Portability and Accountability Act (HIPAA). The addition targets companies that provide health info in an online storage facitlity. Things like Google Health or Healthvault [...]
Stolen laptop with employee information- yet again
Posted: 7th August 2009 by admin in Corporate Stupidity, Identity theftTags: American International Group, Consultants, HSBC, network security, Pretty Good Privacy, security, United States
Stolen laptop with employee information- yet again The Associated Press reported that a Williams Cos. Inc. laptop containing personal and compensation information was stopen from a workers vehicle. The laptop had over 4,400 current and former employees records. Information like names, birth dates, Social Security numbers and compensation data was on it. How many times [...]
Forget Information Security, someone work on airport delays
Posted: 30th July 2009 by admin in Compliance, Corporate Stupidity, Government Security, TravelTags: airport delay, bwi
Forget Information Security, someone work on airport delays My posts are all usually information security related. Some interesting things on web security, vulnerability assessment, risk assessment, all that good stuff. Well today I cannot blog about that. As much as I love it, get a probably un-natural excitement about it, I can’t do it. I [...]
Data Loss, this time with Network Solutions
Posted: 27th July 2009 by admin in Hacking News, malware, PCI, Security Assesment, Web SecurityTags: data loss, network solutions, stolen data
Data Loss, this time with Network Solution Network Solutions, one of the largest domain registrars recently announced a data breach. Malicious code was found on its e-commerce server which may have captured transactions from thousands of websites and capturing half a million or more credit cards. The company said they found the code during a [...]
Web Security Testing has come of age
Posted: 20th July 2009 by admin in Compliance, Corporate StupidityTags: breach data, hacking, hipaa security, web security, Website security
Website security is the one of the most dangerous places for a company. If you look at a layered security approach, we start out with the internal network. There we have host security, patch management, host IDS and other server based technologies. Next we have the network security layers, network intrusion detection, network monitoring and [...]
Data Breaches are still misunderstood
Posted: 19th July 2009 by admin in antivirus, Compliance, Corporate Stupidity, Security AssesmentTags: breach data, data loss, security metrics
The Ponemon Institute and Ounce Labs (www.ouncelabs.com) released a study on the view CEOs have regarding data protection in their environment. In the study of 213 CEOs and other senior executives, CEOs did not share the same view on how secure their organization is with their executives. 92 percent of respondents said they were attacks. [...]
HIPAA Assessments are the next wave
Posted: 12th July 2009 by admin in Compliance, Government Security, HIPAA, Security AssesmentTags: data theft, hipaa security, Managed Vulnerability Scanning, Website security
In February, CVS was ordered to pay a fine of 2.5million dollars by the FTC. This fine was because their employees threw out personal information about patients. Who knew poor recycling programs could cost so much? HIPAA has been around for a number of years but not until recently did we see that it has [...]
Wireless (in)Security in Your Pocket
Posted: 22nd June 2009 by admin in antivirus, Web Security, wireless securityTags: hotspot, verizon mifi, wireless hacking, wireless security
Verizon has launched the pocketable MiFi router. The MiFi 2200 has CDMA with EV-DO Rev. A. So you can roam around without a datacard as the only means for your laptop on the middle of nowhere. This credit card size access point can connect multiple devices such as your iPhone or a laptop. I havent bought a gadget in awhile, [...]
Vanguard Security Conference – Supplier Security
Posted: 2nd June 2009 by admin in Security Assesment, Supplier SecurityTags: antivirus, Code review, hacker, Identity theft, Managed Vulnerability Scanning, Supplier Security, web security, Website security
I spoke yesterday at the Vanguard Security Conference (http://www.go2vanguard.com) Vanguard has been doing this conference for a number of years. The focus is on Mainframe security. Most security professionals these days have never worked on MF security. I am proud to say I have back in the mid-90′s. We perhaps I shouldnt be do happy, [...]
US to set out cyber security plan -Baha to the rescue
Posted: 29th May 2009 by admin in Compliance, Corporate Stupidity, Government SecurityTags: antivirus, data loss, hacking, Managed Vulnerability Scanning, security, security metrics
Why did it takes us over 2 decades to really approach the cybersecurity topic. When I started in informatio security in in 1994, it was the wild west. People were creating processes, developing security frameworks and growing a whole new industry. I like to think I played some part in being on the early team [...]
Buying Malware rather than getting it for free
Posted: 22nd May 2009 by admin in Corporate Stupidity, malwareThis kind of incident (see article below) seems to be happening every few months. So you purchase a product (netbook) and it comes infected. No longer do you just have to worry about it working, or if the OS will behave nicely or the drivers will work with your printer. If the manufacturer can not control malware, [...]
The TieCon 2009 conference just concluded (www.tiecon.org). It was two days of meeting some very interesting entrepreneurs, hearing some good talks on everything from CleanTech to VC funding strategies. What I thought was very interesting and different, was the TiE50. 50 companies were selected that were successful, interesting and hopefully on the road to making [...]