PDF version accessible here.
ASSESSMENT
Next time you do a Risk Assessment or Analysis, make sure you have Risk Intelligence on board
I was prompted to write this quick post this morning when I read this article. I think it is a good example of what some (actually many, in my experience) …
How can Infosec GRC Deliver Wins in Risk Management?
Information security (infosec) risk management can often seem overwhelming and hard. Organizations can spend considerable resources on infosec programs or solutions, yet they may have challenges in implementing commensurate and demonstrable …
Is your auditor or consultant anything like the OPM OIG?
The OPM breach has been deservedly in the news for over a month now. Much has been written and said about it across the mainstream media and the internet1. …
This is how the Anthem breach could have been stopped, perhaps
It has been just over a week since the Anthem breach was made public. Over this period, the mainstream media and many of the bloggers and commentators, as usual, have …
Patient Portals Make or Break
Like many other Health IT initiatives today, the primary driver for patient portals is regulatory in nature. Specifically, it is the Meaningful Use requirements related to view, download or transmit and …
Hello PCI SSC… Can we rethink?
This is a detailed follow-up to the quick post I wrote the Friday before the Labor Day weekend, based on my read at the time of the PCI SSC’s Special Interest Group …
Security is mostly basics, but talk is cheap
In most cases, better security posture is all about getting a few basics right. And this recent incident related to the breach of a Healthcare.gov server may be further proof …
Hello PCI SSC…
Hello PCI SSC, You had me on board until I saw this statement in your guidance1 released yesterday. “However, using risk as the basis for an organization’s information security program …