I recently saw a post from a blog on a corporate web site from a company called Cloud compliance, entitled “Compliance is the New Security Standard“. Cloud Compliance provides a SaaS-based identity and Access Assessment (IdAA) solution that helps identify and remediate access control and entitlement policy violations. We combine the economies of cloud […]
Do you run an e-commerce site? Are you sure you do not store any payment card data or PII (personally identifiable information) in some MySQL database? The first step in protecting credit card and customer data is to know what sensitive data you really store, classify what you have and set up the appropriate security […]
A recent Ponemon survey found 71% of companies don’t consider PCI as strategic though 79% had experienced a breach. Are these companies assuming that a data security breach is cheaper than the security? How should we understand the Ponemon survey. Is PCI DSS a failure in the eyes of US companies? Let’s put aside the technical […]
I have always been amused by calculations of the cost of identify theft and data breaches as I have written here, here, here and here. Not surprisingly, security product and service vendors like Symantec, Mcafee and Websense are quick to present statistics regarding the damage to companies due to data breaches of personal information […]
Is there a way to break out of the security checklist mentality? IT security auditors commonly use standard/fixed checklists, often based on the compliance regulation being audited: the HIPAA Security Rule or ISO 27001 for example; In this article we suggest considering an alternative approach based on generating and analyzing multiple threat scenarios for the […]
If you are a HIPAA covered entity or a business associate vendor to a HIPAA covered entity the question of HIPAA – the question of securing patient data is central to your business. If you are a big organization, you probably don’t need my advice – since you have a lot of money to spend […]
Beyond the firewall – data loss prevention What a simple idea. It doesn’t matter how they break into your network or servers – if attackers can’t take out your data, then you’ve mitigated the threat. Data loss prevention is a category of information security products that has matured from Web / email content filtering products […]
If a little compliance creates a false sense of security then a lot of compliance regulation creates an atmosphere of feeling secure, while in fact most businesses and Web services are in fact very insecure. Is a free market democracy doomed to suffer from privacy breaches – by definition? My father is a retired PhD […]
Historical data in log files has little intrinsic value in the here-and-now process of event response and mediation and compliance check lists have little direct value in protecting customers. Software Associates specializes in helping medical device and healthcare vendors achieve HIPAA compliance and improve the data and software security of their products in hospital and […]
There are 5 reasons why credit cards are stolen in Israel. None have to do with terror; 4 reasons are cultural and the 5th is everyone’s problem: “confusing compliance with security“. I could write a book on mismanagement of data governance and compliance, data security, web server security, web application software security. In 2003, I […]
Follow