In most cases, better security posture is all about getting a few basics right. And this recent incident related to the breach of a Healthcare.gov server may be further proof …
Security is mostly basics, but talk is cheap
read more
SECURITY
Hello PCI SSC…
Hello PCI SSC, You had me on board until I saw this statement in your guidance1 released yesterday. “However, using risk as the basis for an organization’s information security program …
PCI Breaches Can we at least detect them?
Almost all Payment Card Industry (PCI) breaches over the past year, including the most recent one at Supervalu appear to have the following aspects in common: 1. They involved some compromise …
That Odd Authentication Dichotomy Needs To Change
By now, it should be clear that we need to consider strong (multi factor) authentication for access to anything of value. In an age and time when most public email services …
How useful is the HHS OIG report published this week?
I am sure some of you saw this news report about HHS OIG finding some security related deficiencies in the EHR certification program. I was keen to read the full …
Beware of Security Best Practices and Controls Frameworks
What could be possibly wrong with “Best Practices” or “Leading Practices” that your favorite security consultant might be talking about? Or for that matter, how could we go wrong if we used …
From A Security Or Compliance StandPoint…
It is probably safe to say that we security professionals hear the phrase in the title of this post rather frequently. For one, I heard it again earlier today from …
A Second Look At Our Risk Assessments?
I came across this Akamai Security Blog post recently which I thought was a useful and informative read overall. As I read through the blog post however, something caught my …
Top 10 Pitfalls Security or Privacy Risk Assessments
Risk Assessment is a foundational requirement for an effective security or privacy program and it needs to be the basis for every investment decision in information security or privacy. To …