Archive for 'Thoughts'

What About Your Third-Party Vendor’s Third-Party Vendors?

What About Your Third-Party Vendor’s Third-Party Vendors?

technology-information-securityRecently we were conducting an outsourced internal audit, looking at the risk associated with a third-party on behalf of our client. (Their vendor risk management program requires due diligence in the use of a third-party to process “sensitive” data on their behalf). On review, we found that the third-party data analytics/SaaS vendor we were assessing likewise outsourced a significant part of its IT operations (e.g., ...

Continue Reading →
2

Personal Passwords Endanger Corporate Security

Personal Passwords Endanger Corporate Security

Writing this blog with egg on my face, tail between my legs, or whatever your favorite expression is for highly chagrined. The Zappos breach made me do a formal evaluation of my personal password practices … which sadly to say are not consistent with what I preach as an information security practitioner. Worse – my “personal password policy” had put my employer at risk.

password-policyContinue Reading →

0

Why ISO-27001 Certifying A Private Cloud Makes Sense

Why ISO-27001 Certifying A Private Cloud Makes Sense

One of our clients is a large New Jersey County which embarked on a shared services initiative several years ago at the direction of the County Freeholders to attempt to curb spiraling property taxes. In addition to centralizing services like snow removal, health services, and senior programs – the initiative included a number of implicit/explicit shared services with notable information technology/security ramifications including; shared IT Services, web hosting, law enforcement data sharing, and medical insurance sharing. ...

Continue Reading →
0

HIPAA Woes – Password Protected Mobile Devices

HIPAA Woes – Password Protected Mobile Devices

1 in 7 Password Protected Mobile Devices Aren’t!

Is this a  HIPAA headache? Over the course of the last few years we have experienced a notable increase in our Healthcare Practice area with three main drivers:

  • Increased burden of proof (e.g., United Healthcare won’t do business with you anymore unless you can prove you are secure)
  • Third Party Woes (e.g., with 62% of personal health information breaches attributable to third-parties – we need to ...
Continue Reading →
0

Is The Motion Picture Industry A Model For Information Security?

Is The Motion Picture Industry A Model For Information Security?

I recently had reason to spend some time looking at the “Content Security Best Practices Common Guidelines” published by the Motion Picture Association of America (MPAA). The guidelines are intended to insure the security of movie content throughout its life-cycle. With the cost of film development rising into the hundreds of millions and the gross receipts for a blockbuster in the billions, the need for security in the industry is self-evident. However, having seen “Swordfish” and “Sneakers” I ...

Continue Reading →
0
Page 4 of 11 «...23456...»