On Sunday, January 15 2012, Zappos notified its employees that there was a data breach in their internal network. The breach made headlines and news around the world, which makes sense considering the popularity of the eCommerce company. I believe that CEO, Tony Hsieg, handled the situation beautifully and I look forward to seeing the outcome of the breach.
Zappos has been known in the Continue Reading →
As a marketing person at an information assurance firm I spend a lot of my time looking at both of these issues. I have recently noticed that “ahead of the curve” organizations are increasingly using their information security posture as a marketing tool. I thought the approach taken by a SaaS company that we were reviewing on behalf of a customer was intriguing.
The page I landed on was ...
Continue Reading →
When it comes to accepting payments, retail stores, companies are faced with Payment Card Industry (PCI) and Personally Identifiable Information (PII) concerns. CNET recently published an article on Google’s newest product, Wallet. The product allows consumers to use their Android device to send contact-less payments to retailers via Near Field Communication (NFC) technology. In the article, Continue Reading →
Although important, it is not often you hear about ISO 27005 in Healthcare Information Security articles. The Health Information Technology for Economic and Clinical Health Act (HITECH) authorized incentive payments through Medicare and Medicaid to clinicians and hospitals when they use EHRs privately and securely to achieve specified improvements in care delivery. The legislation ties payments specifically to the “meaningful use” of Electronic Health Records (EHR) and via ...
During a recent discussion, a customer asked John Verry what the differences are between an ISO 27002 Gap Assessment and a BITS Shared Assessment. As usual, we decided to educate our blog readers with the answer to that question.
An ISO 27002 Gap Assessment provides an assessment of an organization’s implementation of ISO 27002 control recommendations. The gap analysis is a good step ...
Continue Reading →
ISO 27001 is manageable and not out of reach for anyone! It’s a process made up of things you already know – and things you may already be doing.
Database Security is one step in a comprehensive approach to building a robust Information Security Management System.
Penetration Tests are often used in a manner that is inconsistent with achieving the assurance that the organization seeks.
Best Practices for SIEM learned from working closely with numerous vendors and customers on a wide variety of SIEM projects.
Risky Business Blog
Simplified Blog
Techno Blog
In The News
RSS Feed
Random Article
