The Tao of GRC
I have heard of military operations that were clumsy but swift, but I have never seen one that was skillful and lasted a long time. Master Sun (Chapter 2 – Doing Battle, the Art of War). The GRC (governance, risk and compliance) market is driven by three factors: government regulation such as Sarbanes-Oxley, industry compliance […]
Healthcare data interoperability pain
Data without interoperability = pain. What is happening in the US healthcare space is fascinating as stimulus funds (or what they call in the Middle East – “baksheesh”) are being paid to doctors to acquire an Electronic Health Records system that has “meaningful use”. The term “meaningful use” is vaguely defined in the stimulus bill […]
Risk assessment for your medical device
We specialize in cyber-security and privacy compliance for medical device vendors in Israel like you. We’ve assissted dozens of Israeli software medical device that use Web, mobile, cloud and hospital IT networks achieve cost-effective HIPAA compliance and meet FDA guidance on Premarket Submissions for Management of Cybersecurity in Medical Devices. As part of our service to our trusted clients, we provide the popular PTA threat modeling tool, […]
Russian cybercrime – pride or prejudice?
Mark Galeotti has a piece on the online Moscow News today entitled Why are Russians excellent cybercriminals? Mr Galeotti seems to have most of his facts right as he wonders: “Why does every hacking and cyberscam story – real or fictional – seem to have a Russia connection?In part, it is prejudice and laziness. The stereotype of the […]
Preventing data leakage when you outsource
A presentation I gave at the Israeli CISO forum, on how to prevent data breaches when you outsource your I.T operation and/or software development group. Click here to download the presentation
Risk analysis of legacy systems
A practical, proven methodology for practical risk assessment and security breach risk reduction in enterprise software systems. Click here to download the article
Customer convenience or customer privacy
This is a presentation I gave at the UPU (Universal Postal Union) EPSG (Electronic Products and Services working Group) working meeting in Bern on Feb 20, 2007. About 25 people from 20 countries were present and it was a great experience for me to hear how Postal operations see themselves and what they do in […]
DRM versus DLP
A common question for a large company that needs to protect intellectual property from theft and abuse is choosing the right balance of technology, process and procedure. It has been said that the Americans are very rules-based in their approach to security and compliance where the the Europeans are more principles-based. This article presents a […]
Business context for ISO 27001
ISO 27001 is increasingly popular because of compliance regulation and the growing need to reduce the operational risk of information security. What ISO 27001 is missing though, is the business context – the ability for an SME to determine the cheapest and most effective security countermeasures and their order of implementation. Since ISO 27001 certification requires compliance […]
The top 10 mistakes made by Linux developers
My colleague, Dr. Joel Isaacson talks about the top 10 mistakes made by Linux developers. It’s a great article and great read from one of the top embedded Linux programmers in the world. The Little Engine That Could Copyright 2004 Joel Isaacson. This work is licensed under the Creative Commons Attribution License. I try to […]
