Posts Tagged ‘Compliance’
Security or Compliance?
There is a debate among security professionals as to whether a strong compliance or strong security program best protects the enterprise. Arguments along the lines of compliance is “just satisfying a checklist” and “security is not compliance” are offered. Obviously compliance requirements must be satisfied and often compliance programs help justify “security” programs and budgets. …
Read MoreHow Not To Be a Cyber Janitor
A recent blog post by Jeff Bardin (“The Proliferation of Cyber Janitors”) really resonated with me. He points out how much of the security industry is focused on incident response and breach notification. This started with CA 1386 in 2003 and more recently has become a requirement for breaches of health information (HIPAA/HITECH). While I don’t have…
Read MoreCompliance v. Security
An essay in a recent Wall Street Journal (December 3, 2011) caught my attention on the subject of compliance v. security. The article, “Starting Over With Regulation” by Philip K. Howard (also available at www.commongood.org), makes the case that government regulation in general is too complex to work. Recent failures by Congress to simplify Sarbox 404…
Read MoreHIPAA Security. Are We Making Progress?
The recent breach of 20,000 medical records at Stanford Hospital has me concerned. The institution is part of Stanford University Medical Center and is a top rated health care provider. Are we making progress on HIPAA security? Are things getting better? If this institution cannot effectively protect patient data, who can? I analyzed the data…
Read MoreDown the Rabbit-Hole…Again?
The New York Times ran an interesting story on January 5 about a House Republican inviting input from businesses on which regulations were impeding economic recovery. I am sure the House will get at least a few comments on this topic. Since I had just finished reading Professor Tim Wu’s new book–The Master Switch–I had…
Read More