If HIPAA Compliance Seems Too Hard … Then You’re Doing it Wrong. Here are the Basics of Doing it Right.
In April of 2013 the Office of Civil Rights, the branch of the Department of Health and Human Services that oversees compliance with the HIPAA Security Rule, started releasing analysis from their (more…)
UNLIMITED SECURITY BUDGETS AND PERFECT SECURITY
Perfect security is not possible, feasible nor required by law. In fact, information security laws and regulations require that we provide “reasonable and appropriate” security through a well-defined risk management process.
Without a risk-based approach, organizations attempt to address information security requirements by either attempting to comply with a long list of security (more…)
Nice Infrastructure…. Mind If I Borrow it??
We talk a lot with our clients about the importance of due care and due diligence and how it impacts your infrastructure, especially when it comes to compliance and risk management. In order to perform proper due diligence, it’s important to understand the nature of the attacks being directed against your infrastructure, the motivation behind them, and what steps are reasonable (more…)
HIPAA Security Rule and Fines
Maintaining HIPAA compliance use to not have much teeth behind it. Times have changed, however, as the Alaska Department of Health and Social Services (DHSS) is too well aware. (more…)
Importance of doing a Risk Assessment
We often get calls to do diagnostic testing of some sort – Vulnerability Testing, Penetration Testing, Web Application Testing; these are all very good and should be done at least annually or more often, if the environment is undergoing changes – What about a Cyber Security Risk Assessment? Why do them, and what’s the correlation between the Risk Assessment and the various (more…)
Google Drive, SkyDrive and DropBox: You Are the Product, Not Them
Google Drive, SkyDrive and DropBox: You Are the Product, Not Them. There is a great little cartoon I’ve seen on the Internet in which two pigs are marveling at the free barn and free food they get to enjoy. The message of the cartoon is that they are not the customer; they are the product. (more…)
Mobile Device Management
Mobile Device Management – What was once the primary strength of Blackberry, enterprise-grade security and manageability features are now available across the majority of mobile operating systems. If your organization is considering the implementation of mobile technologies into your environment, you may find following comparison of mobile security and management capabilities from Infoworld to be very helpful: (more…)
When Security Interferes with Business . . . Business Trumps Security
Does Security Interfere with Business? In a mad dash toward security compliance or to plug known vulnerabilities, IT professionals have a tendency to implement security controls without thinking through what could go wrong with them. (more…)
Security Implications of Leveraging Cloud Computing
Cloud computing is rapidly evolving into a service model that has the potential to save money and create efficiencies for organizations large and small. This new model can help achieve significant cost savings, reduce IT complexity, and increase flexibility in adapting to a changing business environment. (more…)
Mobile Device Security
Mobile devices have become an important aspect of our personal and professional lives. In today’s networked world, we increasingly rely on mobile devices to access sensitive data on corporate networks. While the benefits of mobile devices is continually expanding, so are the risks. (more…)
