-
Rising the level of trust associated with identity in online transactions
Obama’s National Strategy for Trusted Identities in Cyberspace In April President Obama signed the National Strategy for Trusted Identities in Cyberspace (NSTIC) which charts a course for the public and private sectors to collaborate on raising the level of trust associated with identity in online transactions. NSTIC focuses on upgrading outdated password-based authentication systems and […]
-
Threats on personal health information
A recent HIPAA violation in Canada where an imaging technician accessed the medical records of her ex-husband’s girlfriend comes as no surprise to me. Data leakage of ePHI in hospitals is rampant simply because a) there is a lot of it floating around and b) because of human nature. Humans being naturally curious, sometimes vindictive and always […]
-
Controlled private networking
This evening I was added to a FB Group – apparently – you don’t have to agree to be joined in. FB Groups is a way to organize your contacts and get better control over your social networking. It looks pretty cool to me but the New York Times suggests that Facebook groups may engender even more […]
-
Are you still using Excel for risk assessment?
There is a school of thought that says that you can take any complex problem and break it down like swiss cheese. Risk assessment data collection and analysis with Excel is one of those problems that can’t be swiss-cheesed. A collection of brittle, unwieldy, two dimensional worksheets is a really bad way of doing multi-dimensional […]
-
What price privacy?
Dr. David Gurevich in an interview with the Israeli business daily Globes predicts that real time death will be the next development in reality programming. Once the domain of science fiction and fantasy – Dr. Gurevich believes that the online death scenario is an inevitable development in the loss of privacy and wave of voyeurism […]
-
Data security and compliance – Best practices
Compliance is about enforcing business process – for example, PCI DSS is about getting the transaction authorized without getting the data stolen. SOX is about sufficiency of internal controls for financial reporting and HIPAA is about being able to disclose PHI to patients without leaks to unauthorized parties. So where and how does DLP fit into the compliance […]
-
Sears using spyware for sales
No secret that Walmart is hurting many older retail chains such as Kmart and Sears. Both latter companies are struggling to stay afloat, trimming the fat by closing locations and restructuring current stores to look refreshed and up to speed with America’s #1 retail giant. But now Sears and Kmart has come under fire for […]
-
Research data integrity
I usually write about best practices and practical tools to prevent data theft, data loss and data leakage – since our professional services focus on data security in Central and Eastern Europe. Data security is, I guess a sub-specialty of security and compliance. Security is chartered with ensuring the survival of a business and protecting […]