In this time of global financial insecurity, large scale companies are stretching further and further across the planet in order to reduce costs and remain competitive. But this strategy brings with it risks. The pressure on a global company’s supply chain is simply immense, with operations stretching across whole continents and handfuls of countries, variables [...]
Archive for the ‘Compliance’ Category
Ignorance is far from bliss with a Global Supply Chain
Posted: 4th June 2011 by admin in Compliance, Global Disaster, Global Incident Map, SCRM, Supplier Security, Supply Chain Risk Management, Suppply Chain ManagementTags: Supply chain, Supply chain management
0
Whitehouse has released a cybersecurity plan
Posted: 13th May 2011 by admin in Compliance, Government Security, Identity theft, Security Policy, Web 2.0Tags: Computer security, Critical infrastructure, Federal Information Security Management Act of 2002, Intrusion prevention system, Local Government, United States, United States Department of Homeland Security, White House
According to the press release they say “Our critical infrastructure – such as the electricity grid, financial sector, and transportation networks that sustain our way of life – have suffered repeated cyber intrusions, and cyber crime has increased dramatically over the last decade. The President has thus made cybersecurity an Administration priority. When the President released his Cyberspace Policy Review almost two years ago, he declared that the “cyber threat is one of the most serious economic and national security challenges we face as a nation.”
Data Lifecycle Management: How to reduce risk, Part 2
Posted: 2nd May 2010 by admin in Compliance, Vendor RiskTags: Business, Company, Consultants, Data, Data Lifecycle Management, General and Freelance, Ponemon Institute, security
Data Lifecycle Management: How to reduce risk Part 2 The Data Lifecycle Management (DLM) goes through 5 steps: creation, usage, transport, storage and destruction. Most companies have parts of this lifecycle under control, but that means there are lots of areas for gaps in the control measures that could let a threat affect the data. [...]
Data Lifecycle Management: How to reduce risk (part1)
Posted: 21st April 2010 by admin in Compliance, risk assessment, Security Assesment, Supplier Security, Unstructured DataTags: data lifecycle, Data management, risk reduction, security, Technology
The Data Lifecycle goes through 5 steps: creation, usage, transport, storage and destruction.
Washington State implements PCI law
Posted: 30th March 2010 by admin in Compliance, Could Computing, HIPAA, PCI, risk assessment, Security AssesmentTags: Data security, Minnesota, Payment Card Industry Data Security Standard, security
Image via Wikipedia PCI laws are expanding around the country. Washington State is the latest to add a law to their books. Washington state follows Nevada and Minnesota in implementing Payment Card Industry Data Security Standard (PCI), the law is HB 1149. It changes the breach notification law they already had on the books. The [...]
What are the challenges with protecting electronic documents?
Posted: 29th March 2010 by admin in antivirus, Compliance, Corporate Stupidity, risk assessment, Security AssesmentTags: Adobe Systems, Apple, Data loss prevention products, Document management system, malware, security
Image via Wikipedia We have seen a lot of problems with Adobe vulnerabilities. Adobe has been getting beat up with all the negative publicity in the past few months. Apple is restricting access to Adobe on their devices. Has anyone tried their remote desktop sharing? I wonder if some vulnerability will be release in that [...]
What is the value of a Data Breach?
Posted: 27th January 2010 by admin in Compliance, Hacking News, HIPAA, PCI, Security AssesmentTags: Citibank, Data Breach, Health Insurance Portability and Accountability Act, Ponemon Institute, Pretty Good Privacy
Image by Getty Images via Daylife SC magazine just reported that the Ponemon Institute has determined the cost of a data breach is $204 per record. “Data breaches last year cost organizations $204 per exposed record on average, which represents an almost two percent increase over 2008, according to the fifth annual “Cost of Data [...]
Ponemon Institute Cyber megatrends – Some Additions Needed
Posted: 28th November 2009 by admin in Compliance, Corporate Stupidity, Could Computing, Outsourcing, Unstructured Data, Web 2.0Tags: Cloud computing, Computer security, security
Ponemon Institute recently released their Cyber megratrends as listed below. While I agree with these I think there were a couple that could easily be added to the list. First, I would either add or modify Web 2.0 into Web 3.0. Lets look to what is going to happen versus what is happening. Incremental change [...]
IPhone Apps Every Road Warrior Entrepreneur Needs
Posted: 22nd October 2009 by admin in antivirus, Compliance, Could Computing, Entrepreneur, HIPAATags: airport delay, AroundMe, Business, data loss, FlightAware, Google, Google Calendar, Google Map, Google Maps, network solutions, reQall, security, Twitter
The Blackberry has been the mainstay of the business world for years. But as we know, the IPhone is eating away at market share. There are over 75,000 apps for the IPhone now and growing steadily. For those who have Blackberry Thumb, you can probably look forward to IPhone Index Finger at some point in [...]
FTC’s Additional Rules for HIPAA Security
Posted: 23rd August 2009 by admin in Compliance, Government Security, HIPAA, risk assessment, Security AssesmentTags: Federal Trade Commission, Health care, Health Insurance Portability and Accountability Act, security rule
FTC’s Additonal Rules for HIPAA Security The Federal Trade Commission (FTC) recently issued a rule which gives more scope to the data breach notification rules as part of the Health Insurance Portability and Accountability Act (HIPAA). The addition targets companies that provide health info in an online storage facitlity. Things like Google Health or Healthvault [...]
Forget Information Security, someone work on airport delays
Posted: 30th July 2009 by admin in Compliance, Corporate Stupidity, Government Security, TravelTags: airport delay, bwi
Forget Information Security, someone work on airport delays My posts are all usually information security related. Some interesting things on web security, vulnerability assessment, risk assessment, all that good stuff. Well today I cannot blog about that. As much as I love it, get a probably un-natural excitement about it, I can’t do it. I [...]
Web Security Testing has come of age
Posted: 20th July 2009 by admin in Compliance, Corporate StupidityTags: breach data, hacking, hipaa security, web security, Website security
Website security is the one of the most dangerous places for a company. If you look at a layered security approach, we start out with the internal network. There we have host security, patch management, host IDS and other server based technologies. Next we have the network security layers, network intrusion detection, network monitoring and [...]
Data Breaches are still misunderstood
Posted: 19th July 2009 by admin in antivirus, Compliance, Corporate Stupidity, Security AssesmentTags: breach data, data loss, security metrics
The Ponemon Institute and Ounce Labs (www.ouncelabs.com) released a study on the view CEOs have regarding data protection in their environment. In the study of 213 CEOs and other senior executives, CEOs did not share the same view on how secure their organization is with their executives. 92 percent of respondents said they were attacks. [...]