Can information security professionals be satisfied? Ever? Yes. But should they be? Ever wonder if Advanced Persistent Threats came into the world in part because the information security profession became more and more predictable? Or worse: commoditized, as I will discuss below. Lately, as corporate web sites from multiple industries in virtually every continent are … Continue reading
Author Archives: David Sheidlower
Cyber Security professionals need to help stop cyberbullying
Protecting data confidentiality, integrity and availability are not enough. We also must promote the ethical use of cyber space. And that starts by making sure it is not a place where anyone, especially children, can be harmed and exploited. An organization in Ireland does a great job of promoting this important effort: http://www.stopcyberbullies.ie/ Continue reading
Honest, Mom, lots of kids failed that test
The media are certainly becoming more sophisticated at reporting on data breaches and web site hacks. And as that happens, corporate communications departments are freer to craft ever more sophisticated messages about a breach/hack involving their organization. The new goal is to attempt to describe the organization as just the latest victim of an on-going attack … Continue reading
CISO as consumer
There is no question that a large part of being an Information Security professional is using your judgement to keep your organization secure. And, as with any profession, that means using and evaluating products (once they’re installed, they’re “tools”). Sometimes, you get asked about such things. See the link. http://healthitsecurity.com/2013/02/11/how-a-healthcare-ciso-uses-his-iam-product/ Continue reading
Raising the stakes by lowering them
The HIPAA Security Rule’s most significant flaw was on display recently. Hospice of Northern Idaho (HONI) has settled with the Federal Government for $50,000 to close out the case of a stolen unencrypted laptop that had the electronic protected health information of 441 patients on it. Media attention focused on the fact that this was the … Continue reading
How stupid do they have to be?
Relying on people to be dumb is not an effective control. “won’t” is not the same as “can’t” and never will be. But it is used all the time to justify controls and to assume that lost records are somehow “safe”. Consider the “users are dumb” argument. It comes up when you find weak application security. By the … Continue reading
Press release pass through– an interesting case
It is always in the best interests of an organization to do certain things when announcing that consumer data has been breached: let the public know what was and was not breached let the public know that the organization is taking it seriously give people guidance on what they should do if they suspect they are impacted assure the … Continue reading
Patient privacy monitoring: where health care IT and Compliance collaborate
Or at least, an area where they really should. Here’s a webinar I presented where I discuss how Health Care Compliance and IT Departments can work towards becoming a full fledged partners. https://fairwarningevents.webex.com/ec0606l/eventcenter/recording/recordAction.do?theAction=poprecord&AT=pb&renewticket=0&isurlact=true&recordID=6114642&apiname=lsr.php&rKey=d8f463f82c5a8c80&format=short&needFilter=false&&SP=EC&rID=6114642&siteurl=fairwarningevents&actappname=ec0606l&actname=%2Feventcenter%2Fframe%2Fg.do&rnd=4743042061&entappname=url0108l&entactname=%2FnbrRecordingURL.do Continue reading
Adequately?
“You keep using that word. I do not think it means what you think it means.” — Inigo Montoya from the movie, The Princess Bride. NASA had a laptop stolen with about 10,000 employee records on it (remember that number 10,000– it comes up below). The laptop was not encrypted. Here is what the NY … Continue reading
Tellers of tales and debunkers of myths
Tellers of tales and debunkers of myths. An organization needs both. You need someone who can “weave a yarn”, “tell a tale”, “paint a picture with words”, etc. But you also need someone who “lets” facts get in the way of those myths. Marketing and sales folks need to be tellers of tales. And this … Continue reading
{Cyber Security} 