Tag: Threat modeling

  • Killed by code – back to the future

    I hope that the code in your digital therapeutic for treating autistic children, doesn’t look like this. Back in 2011, I thought it would only be a question of time before we have a drive by execution of a politician with an ICD (implanted cardiac device). In Jan 9, 2017 FDA reported in a FDA Safety […]

  • The importance of risk analysis for HIPAA compliance

    A chain of risk analysis The HIPAA Final Rule creates a chain of risk analysis and compliance from the hospital, downstream to the business associates who handle / process PHI for the hospital and sub-contractors who handle / process PHI for the business associate. And so on. The first thing an organization needs to do is a risk analysis. […]

  • Why security defenses are a mistake

    Security defenses don’t improve our understanding of the root causes of data breaches Why is this so? Because when you defend against a data breach – you do not necessarily understand the vulnerabilities that can be exploited. If do not understand the root causes of your vulnerabilities, how can you justify and measure the effectiveness of […]

  • The best cybersecurity strategy may be counter-terror

    Danny Lieberman  suggests that a demand-side strategy with peer-review may work best  for cyber-security. A conventional military paradigm does not work for cyber-security Government cyber  security policy, molded by the military; traditionally frames cyber-security in the context of a defensive strategy based on intelligence gathering, threat analysis,  modeling and  monitoring  with  deployment of defensive network […]

  • The valley of death between IT and information security

    IT is about executing predictable business processes. Security is about reducing the impact of unpredictable attacks to a your organization. In order ot bridge the chasm – IT and security need to adopt a common goal and a common language – a language  of customer-centric threat modelling Typically, when a company ( business unit, department or […]

  • Risk assessment for your medical device

    We specialize in  cyber-security and privacy compliance for medical device vendors in Israel like you. We’ve assissted dozens of Israeli software medical device that use Web, mobile, cloud and hospital IT networks achieve cost-effective HIPAA compliance and meet FDA guidance on Premarket Submissions for Management of Cybersecurity in Medical Devices. As part of our service to our trusted clients, we provide the popular PTA  threat modeling tool, […]

  • Is network PVR the best direction for the big studios ?

    The distribution of video over multicast-broadcast networks and content storage at by users with Windows PCs and PVRs has created a huge threat surface for digital content. Typical to flawed security countermeasures, HDCP and AACS exacerbate and enlarge the threat surface rather than enhance revenues and reduce risk. In this article we will show that […]

  • A cyber-terror derivatives market?

    I first heard the idea about hedging risk against actual future disasters (man-made or natural) around the time of Hurricane Katrina. The essay below by professor Avinash Persaud considers the creation of a terrorism futures market. The ideas are particularly timely in the context of the unrest in Libya and the uptick in oil prices. Right […]

  • Medical device security trends

    Hot spots for medical device software security I think that 2011 is going to be an exciting year for medical device security as the FDA gets more involved in the approval and clearance process with software-intensive medical device vendors. Considering how much data is exchanged between medical devices and customer service centers/care givers/primary clinical care teams and […]

  • Small business data security

    Here are 7 steps to protecting your small business’s data and and intellectual property in 2011 in the era of the Obama Presidency and rising government regulation. Some of these steps are about not drinking consultant coolade (like Step # 1- Do not be tempted into an expensive business process mapping project) and others are adopting best practices […]