Ben Baumann from Akaza and Open Clinica fame, recently blogged about clinical trials in the cloud. Ben is pitching the relatively new offering from Akaza called Open Clinica Optimized hosting that offers quick startup using validated Open Clinica instances and resources on-demand on a SAS-70 compliant platform. As Ben noted that in the clinical research field, …
Read more »IT is about executing predictable business processes. Security is about reducing the impact of unpredictable attacks to a your organization. IT and security adopt a common goal and a common language – a language of customer-centric threat modelling Typically, when a company ( business unit, department or manager) needs a line of business software application, IT …
Read more »Software Associates specializes in helping medical device vendors achieve HIPAA compliance and improve the data and software security of their products in hospital and mobile environments. There are 6 key business requirements for medical device security: Prevent data leakage of ePHI (electronic protected health information) via the device itself, the management system and or the …
Read more »Software Associates specializes in helping medical device and healthcare technology vendors achieve HIPAA compliance and improve the data and software security of their products in hospital and mobile environments. As I noted here and here, the security and compliance industry is no different from other industries in having fashion and trends. Two years ago, PHR (Personal …
Read more »
Trends – security and movie stars, Manuela Arcuri and Monica Bellucci, Verisign and Mcafee. Information security and risk analysis is complex stuff, with multiple dimensions of people, software, performance, management, technology, assets, threats, vulnerabilities and control relationships. This is why it’s hard to sell security to organizations. But, information security is also a lot like fashion with cyclical …
Read more »Every so often my ISP calls us up and asks to speak with the IT manager or the person who is responsible for the network. This time it was Netvision offering me a special deal on Symantec anti-virus and a $5/month service package for virus updates. Well, I said “We don’t use Windows, and I …
Read more »Sturm und Drang is associated with literature or music aiming to frighten the audience or imbue them with extremes of emotion”. The Symantec Internet Security Threat Report is a good example of sturm und drung marketing endemic in the information security industry. Vendors like Symantec sell fear, not security products, when they report on “Rises on Data …
Read more »ISO 27001 is increasingly popular because of compliance regulation and the growing need to reduce the operational risk of information security. What ISO 27001 is missing though, is the business context – the ability for an SME to determine the cheapest and most effective security countermeasures and their order of implementation. Since ISO 27001 certification requires compliance …
Read more »A customer case study – SOX IT Compliance We performed a Sarbanes-Oxley IT top down security assessment for a NASDAQ-traded advanced technology company. The objectives for the study were to evaluate the internal and external threats that impact the company’s information assets. Using the Business threat modeling (BTM) methodology, a practical threat analysis PTA threat model was constructed and a number …
Read more »A customer case study: Using DLP to protect customer data at a telecom service provider Our first data loss prevention (DLP) project was in 2005 with 013 Barak – now 013 Barak/Netvision. It followed on the heels of an extensive business vulnerability assessment and management level decision to protect customer data. It’s significant that 013 …
Read more »