Medical device security in a hospital network
Medical devices are everywhere today. In your doctors office measuring your blood pressure, at your cosmetician (for hip reduction…) and in the hospital for everything from patient monitoring to robot-assisted surgery. The people that develop embedded medical devices based on Intel platforms know that Windows is vulnerable. Lacking embedded Linux know-how, medical device developers often […]
Application software in the cloud – power to the people
I think that it might be a novel approach to build a flat cloud security control model centered around consumers (stake holders, users and developers) of business applications software and the performance of the cloud services that they consume. This might be a more productive and relevant control model than then the current complex, multiple layer, […]
On data retention – when not to backup data?
It is often assumed that the problem of data retention is about how to backup data and then restore it quickly and accurately, if there is a security event or system crash. But, there are important cases, where the best data retention strategy is not to backup the data at all. The process of backup […]
The importance of data collection in a risk assessment
A risk assessment of a business always starts with data collection. The end objective is identifying and then implementing a corrective action plan that will improve data security in a cost-effective way, that is the right fit for the business. The question in any risk assessment is how do you get from point A (current […]
It’s the most wonderful time of the year
Seems like ages since I last blogged. Got my head down on a few data security and compliance projects and the raw material is piling up. Today is Israel Memorial Day and the JP Big Band appeared last night in the Modiin Cultural Center with an evening of 23 Israeli classics arranged for large jazz […]
How to make Federal data security effective
I submit that a “no tickee, no washee” strategy might improve US Federal data security. An article published in the Federal Times states that Cyber attacks on Federal networks are up 40% from last year according to a report compiled by the OMB (Office of Management Budget) that is based on numbers reported by the […]
Threats on personal health information
A recent HIPAA violation in Canada where an imaging technician accessed the medical records of her ex-husband’s girlfriend comes as no surprise to me. Data leakage of ePHI in hospitals is rampant simply because a) there is a lot of it floating around and b) because of human nature. Humans being naturally curious, sometimes vindictive and always […]
A cyber-terror derivatives market?
I first heard the idea about hedging risk against actual future disasters (man-made or natural) around the time of Hurricane Katrina. The essay below by professor Avinash Persaud considers the creation of a terrorism futures market. The ideas are particularly timely in the context of the unrest in Libya and the uptick in oil prices. Right […]
10 guidelines for a security audit
What exactly is the role of an information security auditor? In some cases, such as compliance by Level 1 and 2 merchants with PCI DSS 2.0, external audit is a condition to PCI DSS 2.0 compliance. In the case of ISO 27001, the audit process is a key to achieving ISO 27001 certification (unlike […]
Cyber crime costs over $1 trillion
A pitch from Alex Whitson from SC TV for a Webinar on the LinkedIn Information Security Community piqued my attention with the following teaser: As you may have read recently, Cybercrime is now costing the UK $43.5 billion and around $1 trillion globally. Sponsored by security and compliance auditing vendor nCircle, the Webinar pitch didn’t cite any sources for the […]
