Category: Risk management

  • Bionic M2M: Are Skin-mounted M2M devices – the future of eHealth?

    In the popular American TV series that aired on ABC in the 70s, Steve Austin is the “Six million Dollar Man”, a former astronaut with bionic implants. The show and its spinoff, The Bionic Woman (Lindsay Wagner playing a former tennis player who was rebuilt with bionic parts similar to Austin after a parachuting accident) […]

  • Debugging security

    There is an interesting analogy between between debugging software and debugging the security of your systems. As Brian W. Kernighan and Rob Pike wrote in “The Practice of Programming” As personal choice, we tend not to use debuggers beyond getting a stack trace or the value of a variable or two. One reason is that it is […]

  • Treat passwords like cash

    How much personal technology do you carry around when you travel?  Do you use one of those carry-on bags with your notebook computer on top of the carry-on? A friend who is a commercial pilot had his bag swiped literally behind his back while waiting on line to check-in to a 4 star Paris hotel. […]

  • Clinical trials in the cloud

    Ben Baumann from Akaza and Open Clinica fame, recently blogged about clinical trials in the cloud.  Ben is pitching the relatively new offering from Akaza called Open Clinica Optimized hosting that offers quick startup using validated Open Clinica instances and resources on-demand on a SAS-70 compliant platform. As Ben noted that in the clinical research field, […]

  • Insecurity by compliance

    If a little compliance creates a false sense of security then a lot of compliance regulation creates an atmosphere of feeling secure, while in fact most businesses and Web services are in fact very insecure. Is a free market democracy doomed to suffer from privacy breaches – by definition? My father is a retired PhD […]

  • How to reduce risk of a data breach

    Historical data in  log files  has little intrinsic value in the here-and-now process of event response and mediation and compliance check lists have little direct value in protecting customers. Software Associates specializes in helping medical device and healthcare vendors achieve HIPAA compliance and improve the data and software security of their products in hospital and […]

  • The political power of social media

    Clay Shirky writes on Foreign Affairs this week Arguing for the right of people to use the Internet freely is an appropriate policy for the United States, both because it aligns with the strategic goal of strengthening civil society worldwide and because it resonates with American beliefs about freedom of expression By switching from an […]

  • Disaster recovery planning

    This article describes a plan and implementation process for disaster recovery planning. The secret to success in our experience is to involve the local response team from the outset of the project. Copyright 2006 D.Lieberman. This work is licensed under the Creative Commons Attribution License The disaster recovery plan is designed to assist companies in […]

  • Security and the theory of constraints

    Security management is tricky.  It’s not only about technical controls and good software development practice. It’s also about management responsibility. If you remember TOC ( Theory of Constraints, invented by Dr. Eli Goldratt about 40 years ago) there is only 1 key constraint that limits system (or company) performance to achieve it’s goal. So – what […]

  • The Tao of GRC

    I have heard of military operations that were clumsy but swift, but I have never seen one that was skillful and lasted a long time. Master Sun (Chapter 2 – Doing Battle, the Art of War). The GRC (governance, risk and compliance) market is driven by three factors: government regulation such as Sarbanes-Oxley, industry compliance […]