Monthly ArchivesMarch 2010

February 2010 Roundup standard

What was popular in February? Healthcare seems to be a popular topic and I’ll be posting more on it as the new security requirements mature. Here are the five most popular posts from last month: Personal Liability for QSAs. I had a colleague ask me if he should take out personal liability insurance in case something bad happened on one of his assessments after he left his company.  Check out what I found out from Dave Navetta! Healthcare Security, the New Front. Boy, what a mess I caused.  After watching my doctor type in a four digit numeric password to access all of my medical records, I sent a letter over complaining about the lack of security and poor standard ...

Continue Reading

Healthcare Letter Follow Up standard

Frequent readers may remember that I sent a letter to a healthcare provider (who is anonymously referred to as Dr. Leo Spaceman) because he used a four digit, numeric PIN to access all of my medical records (assuming that he would also be using that same one for ANY patient).  Well, Dr. Spaceman responded. OK, I’m sure his admin responded, not personally him. But the response is a classic example of someone who has been asked a question like this before and had a pre-canned answer prepped.  I don’t think I’m the only person to observe Dr. Spaceman doing this. Dear Resident1: I have received the letter you sent to our office in regards to our privacy practices with our ...

Continue Reading

Book Signing Today! standard

If you are out at the RSA Conference, please stop by the RSA Bookstore today at 1p for a book signing!  Anton Chuvakin will be there, in the flesh!  We follow Bruce Schneier. Possibly Related Posts: RSA Conference 2013, YOU READY!? New Security Services from EMC Consulting Enable Trusted IT GRC in the NextGen Data Center Trusting Identities in the Cloud Discover Your Security Persona at RSA Conference!

Continue Reading

Compliance, Easier than Security! standard

My undergrad is in Marketing.  I sometimes call myself a marketing guy, but only right before I rip on one that hypothetically might do something causing a technical guy to lose his weekend.  One of my favorite marketing guys is Seth Godin, and every once in a while he posts something that works not only in the Marketing world, but in our world. On Friday, his post “It’s easier to teach compliance than initiative” reminds me of how our business works.  Isn’t it WAY easier to talk about some kind of security-related compliance versus actually talking about security?  Think about your past interactions with information security.  Did you have a chance to create a 3-5 year plan detailing how you ...

Continue Reading

EMC/RSA Expand Security Consulting Services standard

If you call yourself a “security guy,” this week represents one of the pivotal industry-related weeks every year.  I’m speaking, of course, of the RSA Conference.  The conference turns 19 this year, and there is quite a buzz going on!  I’ve not even arrived and I’m hearing about the excitement. What I wanted to tell you about today is our release on the expanded Security Consulting services that we announced earlier this morning.  The full release is here.  You can follow all the news coverage here, and there seems to be quite a bit!   If you are out in San Francisco, be sure to stop by the RSA booth around lunchtime tomorrow, and we can discuss this in detail! ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!