Archive for the ‘Compliance’ Category

Building a Social Media Policy

Posted: 11th August 2010 by admin in Compliance, Could Computing, Entrepreneur, Security Assesment, Security Policy, Social network, risk assessment, social media
Tags: , , , , ,
Comments Off

Image by ivanpw via Flickr Social Media Policy Social Media has become part of the user community several years ago. Today we have social media in the corporate environment. The main problem we have is how social media has evolved. It has been a bottom up approach. By bottom up I mean that the consumer [...]

Corporate Reputation Management: Can a company require you register your Social Media Profile with Human Resources?

Posted: 25th May 2010 by admin in Compliance, Social network, social media
Tags: , , , , , , ,
1

Image via CrunchBase When you join a company, you relinquish certain rights. The workplace is not a democracy. Yet many people still think that their corporate email, their corporate computers and the data they use is “theirs”. Who owns that data? Well the answer is the company. Companies are concerned with data loss prevention. A [...]

Data Lifecycle Management: How to reduce risk, Part 2

Posted: 2nd May 2010 by admin in Compliance, Vendor Risk
Tags: , , , , , , ,
Comments Off

Data Lifecycle Management: How to reduce risk Part 2 The Data Lifecycle Management (DLM) goes through 5 steps: creation, usage, transport, storage and destruction. Most companies have parts of this lifecycle under control, but that means there are lots of areas for gaps in the control measures that could let a threat affect the data. [...]

Data Lifecycle Management: How to reduce risk (part1)

Posted: 21st April 2010 by admin in Compliance, Security Assesment, Supplier Security, Unstructured Data, risk assessment
Tags: , , , ,
Comments Off

The Data Lifecycle goes through 5 steps: creation, usage, transport, storage and destruction.

What are the features you need a Windows Security Host Diagnostic tool?

Posted: 1st April 2010 by admin in Compliance, Could Computing, HIPAA, Managed Security, PCI, risk assessment
Tags: , , ,
Comments Off

Image via Wikipedia There is a lot of focus on network security and application security today. Years ago it was operating system security that was all the rage. But with the advent of the strict requirements of some of the regulations such as HIPAA, PCI, SOX, and FISMA, more attention needs to be paid to [...]

Washington State implements PCI law

Posted: 30th March 2010 by admin in Compliance, Could Computing, HIPAA, PCI, Security Assesment, risk assessment
Tags: , , ,
Comments Off

Image via Wikipedia PCI laws are expanding around the country. Washington State is the latest to add a law to their books. Washington state follows Nevada and Minnesota in implementing Payment Card Industry Data Security Standard (PCI), the law is HB 1149. It changes the breach notification law they already had on the books. The [...]

What are the challenges with protecting electronic documents?

Posted: 29th March 2010 by admin in Compliance, Corporate Stupidity, Security Assesment, antivirus, risk assessment
Tags: , , , , ,
Comments Off

Image via Wikipedia We have seen a lot of problems with Adobe vulnerabilities. Adobe has been getting beat up with all the negative publicity in the past few months. Apple is restricting access to Adobe on their devices. Has anyone tried their remote desktop sharing? I wonder if some vulnerability will be release in that [...]

When will Vendors provide Risk Assessments of their products?

Posted: 17th February 2010 by admin in Compliance, Hacking News, Security Assesment, Supplier Security, Web Security, antivirus, risk assessment
Tags: , , , , , , , , ,
Comments Off

Image via Wikipedia Vendor risk assessment are not part of everyday corporate managememnt but it should be. If you drive a car and every week you have to get something fixed it would prove pretty annoying, disgusting, outrageous and you probably you would never buy that model again and probably wouldn’t by from that manufacturer [...]

What is the value of a Data Breach?

Posted: 27th January 2010 by admin in Compliance, HIPAA, Hacking News, PCI, Security Assesment
Tags: , , , ,
Comments Off

Image by Getty Images via Daylife SC magazine just reported that the Ponemon Institute has determined the cost of a data breach is $204 per record. “Data breaches last year cost organizations $204 per exposed record on average, which represents an almost two percent increase over 2008, according to the fifth annual “Cost of  Data [...]

Ponemon Institute Cyber megatrends – Some Additions Needed

Posted: 28th November 2009 by admin in Compliance, Corporate Stupidity, Could Computing, Outsourcing, Unstructured Data, Web 2.0
Tags: , ,
Comments Off

Ponemon Institute recently released their  Cyber megratrends as listed below. While I agree with these I think there were a couple that could easily be added to the list. First, I would either add or modify Web 2.0 into Web 3.0. Lets look to what is going to happen versus what is happening. Incremental change [...]

IPhone Apps Every Road Warrior Entrepreneur Needs

Posted: 22nd October 2009 by admin in Compliance, Could Computing, Entrepreneur, HIPAA, antivirus
Tags: , , , , , , , , , , , ,
Comments Off

The Blackberry has been the mainstay of the business world for years. But as we know, the IPhone is eating away at market share. There are over 75,000 apps for the IPhone now and growing steadily. For those who have Blackberry Thumb, you can probably look forward to IPhone Index Finger at some point in [...]

FTC’s Additional Rules for HIPAA Security

Posted: 23rd August 2009 by admin in Compliance, Government Security, HIPAA, Security Assesment, risk assessment
Tags: , , ,
Comments Off

FTC’s Additonal Rules for HIPAA Security The Federal Trade Commission (FTC) recently issued a rule which gives more scope to the data breach notification rules as part of the Health Insurance Portability and Accountability Act (HIPAA). The addition targets companies that provide health info in an online storage facitlity. Things like Google Health or Healthvault [...]

Credit Card Theft Put Miami on the Map

Posted: 19th August 2009 by admin in Compliance, Corporate Stupidity, Government Security, Hacking News
Tags: , , , , , , ,
1

Miami is a fun place to live and work (there are actually people who work here). Its a great vacation spot, people enjoy the nightlife and now we have something else to crow about. The largest credit theft ring was based here! According to Bloomberg, “Albert Gonzalez, a 28-year-old Miami resident, and two hackers living [...]

Forget Information Security, someone work on airport delays

Posted: 30th July 2009 by admin in Compliance, Corporate Stupidity, Government Security, Travel
Tags: ,
Comments Off

Forget Information Security, someone work on airport delays My posts are all usually information security related. Some interesting things on web security, vulnerability assessment, risk assessment, all that good stuff. Well today I cannot blog about that. As much as I love it, get a probably un-natural excitement about it, I can’t do it. I [...]

Web Security Testing has come of age

Posted: 20th July 2009 by admin in Compliance, Corporate Stupidity
Tags: , , , ,
Comments Off

Website security is the one of the most dangerous places for a company. If you look at a layered security approach, we start out with the internal network. There we have host security, patch management, host IDS and other server based technologies. Next we have the network security layers, network intrusion detection, network monitoring and [...]

Data Breaches are still misunderstood

Posted: 19th July 2009 by admin in Compliance, Corporate Stupidity, Security Assesment, antivirus
Tags: , ,
Comments Off

The Ponemon Institute and Ounce Labs (www.ouncelabs.com) released a study on the view CEOs have regarding data protection in their environment. In the study of 213 CEOs and other senior executives, CEOs did not share the same view on how secure their organization is with their executives. 92 percent of respondents said they were attacks. [...]

HIPAA Assessments are the next wave

Posted: 12th July 2009 by admin in Compliance, Government Security, HIPAA, Security Assesment
Tags: , , ,
Comments Off

In February, CVS was ordered to pay a fine of 2.5million dollars by the FTC. This fine was because their employees threw out personal information about patients. Who knew poor recycling programs could cost so much? HIPAA has been around for a number of years but not until recently did we see that it has [...]

US to set out cyber security plan -Baha to the rescue

Posted: 29th May 2009 by admin in Compliance, Corporate Stupidity, Government Security
Tags: , , , , ,
Comments Off

Why did it takes us over 2 decades to really approach the cybersecurity topic. When I started in informatio security in in 1994, it was the wild west. People were creating processes, developing security frameworks and growing a whole new industry. I like to think I played some part in being on the early team [...]

Ways to Maintain Website Security

Posted: 10th April 2009 by admin in Compliance, Could Computing, Web Security
Tags: , , , , , , ,
Comments Off

With the advancement in technology comes the heavy responsibility of monitoring an organization’s sensitive and valuable information. The use of the Internet has become a necessity in organizations to exchange their data and various other business details with their business partners, vendors and clients. In many cases, during transmission of datahackers compromise a network or [...]