Image by purpleslog via Flickr
By Mary Mosquera
Last year’s HITECH Act toughened the rules and enforcement penalties health information handlers must follow to protect patient privacy.
Under the new policy regime, providers will have to pay more attention to the confidentiality and safety of patient information as they move more of their operations toward electronic health record-keeping.
Without [...]
Image by Adam Melancon via Flickr
The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments
Definition – A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure.
A good RAF organizes and presents information in a way that both technical [...]
Information Security Risk Analysis
In risk management, risk treatment process begins after completion of a comprehensive risk assessment.
Once risks have been assessed, risk manager utilize the following techniques to manage the risks
• Avoidance (eliminate)
• Reduction (mitigate)
• Transfer (outsource or insure)
• Retention (accept and budget)
Now the question is how to select an appropriate control to avoid or [...]
Image via Wikipedia
FISMA Certification & Accreditation Handbook
The organizations need to establish security program to manage their day to day risks. Before selecting the controls from standards such as (NIST 800-53 or ISO 27002), organizations need to have complete inventory of the assets involved in the scope. Assets involved in the scope would require a comprehensive [...]
Image by moonhouse via Flickr“By slipping a simple, three-sentence provision into the gargantuan spending bill passed by the House of Representatives last week, a congressman from Silicon Valley is trying to nudge Congress into the 21st Century. Rep. Mike Honda (D-Calif.) placed a measure in the bill directing Congress and its affiliated organs — including [...]
Last year the department of Health and Human Services (HHS) started penalizing healthcare organizations for security breaches and lack of security program. Healthcare stimulus bill says that HHS will post a breach of healthcare organization on their website. In both cases the intent is clear that HHS want to hold healthcare organizations accountable for security [...]
According to a study released by European Union ENISA, Small-to-Medium-Sized (SME) enterprises require extra guidance in assessment of IT security risks of their assets.
Agency also established that in the first implementation it is improbable that SME can utilize a risk assessment & risk management approach without external assistance and simplified information security approach was extremely [...]
Due to economic insecurity all the warning signs are pointing that this year is going to top the record for information security and privacy incidents. Organizations may not be in a position to take business limiting risk and bypass security fundamental like Business Continuity Planning (BCP). During this economic uncertainty organizations have to pay more [...]
According to BBC news article by Maggie Shiels (Feb 11, 2009) the world’s biggest software maker has warned companies to expect an increase in “insider” security attacks by disgruntled, laid-off workers. Microsoft said so-called “malicious insider” breaches were on the rise and would worsen in the present downturn.
Below are the high points:
• With 1.5 million [...]
To become a successful business in today’s market, optimized information security controls may be the panacea for unmet security needs. One way to achieve optimized information security control is to perform ISO assessment and assess the organization security posture based on ISO 27002 code of practice and map each control with Capability Maturity Model Integration [...]
