Risk Assessment is a foundational requirement for an effective security or privacy program and it needs to be the basis for every investment decision in information security or privacy. To …
INFORMATION RISK
Compliance obligations need not stand in the way of better information security and risk management
I couldn’t help write this post when I noticed this press release based on an IDC Insights Survey of Oil & Gas Companies. I don’t have access to the full …
Can we change the tune on Health Information Security and Privacy please?
Notice the title doesn’t say HIPAA Security and Privacy. Nor does it have any of the words – HITECH, Omnibus Rule, Meaningful Use etc. That is the point of this post. Let …
Focus On What Really Matters Outcomes and Results
Here is something to think about as a security/privacy consultant or consulting team, big or small … When you work on client consulting engagements, what are you really focused on? …
Do we have a wake-up call in the OIG HHS Report on HIPAA Security Rule Compliance & Enforcement?
If you didn’t notice already, the Office of Inspector General (OIG) in the Department of Health and Human Services (HHS) published a report on the oversight by the Center for …
Providers Is HIPAA Security Risk Analysis in your plan over the next few months?
Security Risk Analysis is something that we recommend all organizations conduct periodically or before a significant process or technology change. After all, threats, vulnerabilities and impact (three components of risk, …
Let’s talk some “real” insider threat numbers How can Access Governance and SIEM be useful as effective safeguards?
If you have been following some of our posts, you probably realize that we don’t advocate security for the sake of security. Nor do we like to do compliance for …
You don’t know what you don’t know Do we have a “detection” problem with the healthcare data breach numbers?
Like some of you perhaps, I have been reading a few recent articles on Healthcare data breaches, especially the one from Dark Reading and a detailed analysis of the 2010-to-date …
May we suggest some priority adjustments to your PCI DSS Compliance program?
It isn’t any news that achieving PCI DSS Compliance continues to be onerous for many merchants out there. PCI DSS is after all an all-or-nothing regulation meaning that not …