Posts Tagged ‘security’
Cloud Computing: Trust but Verify
The rush to cloud computing has brought about amazing new services, but, without adequate vendor monitoring, businesses may be building digital supply chain risks that will show up later when cost and market pressures are felt by cloud vendors. We can learn from business processing outsourcing experiences. The New York Times reports today a $280K+ OSHA fine…
Read MoreBackground Checks May Not Be Enough
The NY Times reported on 2/15/2012 the amazing story of Edward Maher, the suspect in a $1.5M 1993 armored car heist in the UK. Recently apprehended, for almost 20 years he had been on the run in the US. He had a number of regular jobs including, including eight years at Nielsen, the television ratings…
Read MoreHow Not To Be a Cyber Janitor
A recent blog post by Jeff Bardin (“The Proliferation of Cyber Janitors”) really resonated with me. He points out how much of the security industry is focused on incident response and breach notification. This started with CA 1386 in 2003 and more recently has become a requirement for breaches of health information (HIPAA/HITECH). While I don’t have…
Read MoreSECURITY MEMO: IT CAN’T HAPPEN HERE, CAN IT?
I have always been a big believer in background checks for new employees. While many companies do this prior to hiring someone, some still do not and pretty much everyone relies on outsource firms to do the background check. Yesterday, January 30, 2012, the NY Times reported the case of a church worker within the Archdiocese of…
Read MoreCompliance v. Security
An essay in a recent Wall Street Journal (December 3, 2011) caught my attention on the subject of compliance v. security. The article, “Starting Over With Regulation” by Philip K. Howard (also available at www.commongood.org), makes the case that government regulation in general is too complex to work. Recent failures by Congress to simplify Sarbox 404…
Read MoreGAO Report on Information Security in Federal Government
Do you think your information is secure within the federal government? You can make your own decision by reading the recent Information Security assessment by the Government Accountability Office (GAO). Some observations by GAO are expected, others are disturbing. Here are some statements that caught my attention: 1. Growth in reported incidents from 2006 to 2010…
Read MoreLean Security
Earlier this year I published an ISSA Journal article (ISSA Journal, May 2011) advocating the use of lean management techniques to manage security. This is just an observation that security needs to use business management methods to tie together people, process, technology and partners. Recently in the Harvard Business Review of October 2011 a good article appeared…
Read MoreMitigate Your Social Engineering Vulnerabilities
Security managers spend significant amounts of time analyzing software vulnerabilities and patching the same. I just looked at the Common Vulnerability and Exposure database (CVE) and see that it now has 47,555 vulnerabilities. But how many security managers have analyzed or cataloged the social engineering vulnerabililties faced by their organizations? I suspect few. Virtually all security managers…
Read MoreHIPAA Security. Are We Making Progress?
The recent breach of 20,000 medical records at Stanford Hospital has me concerned. The institution is part of Stanford University Medical Center and is a top rated health care provider. Are we making progress on HIPAA security? Are things getting better? If this institution cannot effectively protect patient data, who can? I analyzed the data…
Read MoreBrand Your Security Program
One of the key challenges in building a security program is getting active participation from across the organization, from line workers to top management. All of these people have “day jobs” and security is too easily put out of mind. “Why Every Project Needs a Brand (and How to Create One)” appearing in the Summer…
Read More