Best Practices in Healthcare Information Security

This article is certainly on point and is full of great advice for any medical practice.  That said, the biggest challenge is the section focused on culture.  Culture in medical practices can be challenging because big egos are often involved.  Medical practices are comprised of highly educated and motivated professionals, often at the top of their respective fields which creates an environment where the need to turn to other professionals in other fields more difficult.  If I mastered all the aspects of my professional specialty, surely I can master the demands of IT and IT security.  Sound familiar?

The Federal Information Security Modernization Act of 2014

The next 12 to 24 months should be a very active time for information security legislation development in our nation’s capital.  President Obama has already indicated a desire to expedite the breach notification process via federal legislation.  Tenable has provided in this article a good overview of changes in the OMB office’s role in information security.

The Top 5 NERC CIP Audit Fails – Learning from all the standards

There are a variety of different audit requirements in the world designed to protect and strengthen the specific security and continuity requirements of industries and organizations.  NERC is a standard applicable to the power and electric industry, but all of us can learn from the standard’s successes and failures.  This top 5 list is valuable to everyone that cares about security in a world of cyber threats and incomplete planning.

Will Breaches Dictate Where You Shop This Holiday Season?

Tripwire has posted an article referencing an interesting survey around the subject of breached retailers.  I am very curious how many people will be swayed by past breaches when making their holiday shopping decisions this year.  Have we become completely desensitized to the fear of having our PII compromised?

Identifying and Preventing Insider Threats

The most recent Verizon Security report listed internal resources as the cause/source of a breach of relevant information in more than 70% of all occurrences.  There is no question insider threats should be taken seriously.  President Reagan had it right when he made popular the phrase “Trust but Verify”.