PCI DSS is a standard for the card associations not for your business
I recently saw a post from a blog on a corporate web site from a company called Cloud compliance, entitled “Compliance is the New Security Standard“. Cloud Compliance provides a SaaS-based identity and Access Assessment (IdAA) solution that helps identify and remediate access control and entitlement policy violations. We combine the economies of cloud […]
The importance of risk analysis for HIPAA compliance
A chain of risk analysis The HIPAA Final Rule creates a chain of risk analysis and compliance from the hospital, downstream to the business associates who handle / process PHI for the hospital and sub-contractors who handle / process PHI for the business associate. And so on. The first thing an organization needs to do is a risk analysis. […]
Dealing with DLP and privacy
Dealing with DLP and privacy It’s a long hot summer here in the Middle East and with 2/3 of the office out on vacation, you have some time to reflect on data security. Or on the humidity. Or on a cold beer. Maybe you are working on building a business case for DLP technology like Websense or Symantec or Verdasys, or Mcafee or Fidelis in […]
10 ways to detect employees who are a threat to PHI
Software Associates specializes in software security and privacy compliance for medical device vendors in Israel. One of the great things about working with Israeli medical device vendors is the level of innovation, drive and abundance of smart people. It’s why I get up in the morning. Most people who don’t work in security, assume […]
Shock therapy for medical device malware
Israel has over 700 medical device vendors. Sometimes it seems like half of them are attaching to the cloud and the other are developing mobile apps for all kinds of crazy, innovative applications like Healthy.io ( Visual Input Turned Into Powerful Medical Insight – translation: an app that lets you do urine analysis using your smart phone). […]
Is your HIPAA security like a washing machine?
Is your HIPAA security management like a washing machine? Most security appliance vendors use fluffy charts with a 4 step “information risk management” cycle. It’s always a 4 step cycle, like “Discover, Monitor, Protect and Manage” and it’s usually on a circular chart but sometimes in a Gartner-style magic quadrant or on a line. It’s […]
How to use BI to improve healthcare IT security
Information technology management is about executing predictable business processes. Information Security Management is about reducing the impact of unpredictable attacks to your healthcare provider organization. Once we put it this way – it’s clear that IT and security and compliance professionals, as dedicated as they are to their particular missions – do not have common […]
Five things a healthcare CIO can do to improve security
A metaphor I like to use with clients compares security vulnerabilities with seismic fault lines. As long as the earth doesn’t move – you’re safe, but once things start moving sideways – you can drop into a big hole. Most security vulnerabilities reside in the cracks of systems and organizational integration and during an M&A, those […]
Encryption, a buzzword, not a silver bullet
Encryption, buzzword, not a silver bullet for protecting data on your servers. In order to determine how encryption fits into server data protection, consider 4 encryption components on the server side: passwords, tables, partitions and inter-tier socket communications. In these 4 components of a application / database server encryption policy, note that some countermeasures are […]
Security is in the cracks
Yesterday I spent most of the day re-installing one of the workstation in the office with Ubuntu 11.10. I like what I saw, but the Unity interface is not my cup of tea so I installed Gnome – what they call Classic Ubuntu. In principle I shut down as many operating services as I can […]
