Recently we were conducting an outsourced internal audit, looking at the risk associated with a third-party on behalf of our client. (Their vendor risk management program requires due diligence in the use of a third-party to process “sensitive” data on their behalf). On review, we found that the third-party data analytics/SaaS vendor we were assessing likewise outsourced a significant part of its IT operations (e.g., ...
Writing this blog with egg on my face, tail between my legs, or whatever your favorite expression is for highly chagrined. The Zappos breach made me do a formal evaluation of my personal password practices … which sadly to say are not consistent with what I preach as an information security practitioner. Worse – my “personal password policy” had put my employer at risk.
One of our clients is a large New Jersey County which embarked on a shared services initiative several years ago at the direction of the County Freeholders to attempt to curb spiraling property taxes. In addition to centralizing services like snow removal, health services, and senior programs – the initiative included a number of implicit/explicit shared services with notable information technology/security ramifications including; shared IT Services, web hosting, law enforcement data sharing, and medical insurance sharing. ...
Continue Reading →
Is this a HIPAA headache? Over the course of the last few years we have experienced a notable increase in our Healthcare Practice area with three main drivers:
I recently had reason to spend some time looking at the “Content Security Best Practices Common Guidelines” published by the Motion Picture Association of America (MPAA). The guidelines are intended to insure the security of movie content throughout its life-cycle. With the cost of film development rising into the hundreds of millions and the gross receipts for a blockbuster in the billions, the need for security in the industry is self-evident. However, having seen “Swordfish” and “Sneakers” I ...
Continue Reading →
Join the other subscribers and receive Information Security article updates by email.
ISO 27001 is manageable and not out of reach for anyone! It’s a process made up of things you already know – and things you may already be doing.
Database Security is one step in a comprehensive approach to building a robust Information Security Management System.
Penetration Tests are often used in a manner that is inconsistent with achieving the assurance that the organization seeks.
Best Practices for SIEM learned from working closely with numerous vendors and customers on a wide variety of SIEM projects.
Risky Business Blog
Techno Blog
In The News
RSS Feed
