In the security field we seem to be going over the same ground over and over. The reason for this is that security should be easy and an afterthought, but when it is treated that way problems come up sooner or later… I did not lead with the Cardinals versus Astros story, but the story … Read more
At Showmecon (www.showmecon.com – June8,9 2015) I went to a HIPAA compliance talk by Hudson Harris “HIPAA 2015- Wrath of the Audits” It was an excellent talk by Hudson Harris @legallevity (his Twitter account) And this is what my report (or what I got out of it) is: 1. 10% of all HIPAA covered … Read more
That is what PCI(Payment Card Industry) DSS(Data Security Standard) v3.1 April 2015 says at 10.6.2 and 10.6.1 This makes sense right? review your logs for security events, and of all critical components and systems. The list of critical systems: Firewall Any email server (proofpoint, antispam etc) Fileserver IPS/IDS system Intrusion Prevention-Detection System Routers … Read more
This Article made me think how little we realize the hacker economy affects on the world. http://www.darkreading.com/cloud/how-the-hacker-economy-impacts-your-network-and-the-cloud/a/d-id/1320649? Bill Kleyman (writer of article) is a data center expert so he sees things from the data center perspective. The expectation is that the data center companies (otherwise known as cloud companies) will employ new technologies to solve … Read more
following story says that 32,000 patient records were placed on an insecure server on the Internet within the Cottage Health System. http://www.noozhawk.com/article/class-action_lawsuit_aimed_cottage_hospital_records_breach Unfortunately a simple Google search would reveal these patient records which is against the HIPAA privacy guidelines. Apparently the Hospital did have cyberinsurance from Columbia Casualty insurance according to https://nakedsecurity.sophos.com/2015/05/28/we-dont-cover-stupid-says-cyber-insurer-thats-fighting-a-payout/ Santa Barbara hospital … Read more
