Author Archive for Jeff Reich

Are Security Fears Keeping You Out of the Cloud?

Remain safe in the cloud with Layered Tech cloud security and cloud solutionsThe First Annual Big Cloud Event took place in Minneapolis, MN in June.  Layered Tech was a sponsor of this event, and I delivered a presentation on Big Cloud Adoption. This event was billed as the first annual; the second event is already scheduled for March of 2014 in Las Vegas, NV. Although many cloud-related topics were discussed at the event, many discussions focused on cloud adoption, or the lack thereof, for Fortune 1000 companies.
Continue reading ‘Are Security Fears Keeping You Out of the Cloud?’

ETA Eye Openers

At the 2013 Electronic Transactions Association (ETA) Annual Meeting and Expo  in New Orleans recently, I had the opportunity to give a presentation on Hacktivism titled Managing Risk for Online Threats and Hacktivism Actions. Attending these shows allows me to experience a little bit of local culture (the food and the venue were awesome), network with colleagues and learn about what is trending in the cloud space. I’m not surprised that the trending theme this year revolved around mobile technology.
Continue reading ‘ETA Eye Openers’

Tips to Guard Against Hacks and Attacks

I attended the 2013 InnoTech San Antonio Technology Innovation Conference & Expo on April 17th.  InnoTech is the region’s largest business-to-business technology event.

This conference has grown to the point of needing to move to the Henry B. Gonzalez Convention Center.

Along with the tracks offered in Mobility, Women in Tech, Infrastructure, Big Data with Analytics and IT Leadership, I participated in the Cyber Security Symposium.  I moderated a panel of experts on Security – It’s All About Perspective.  The panel had representation from corporate leaders, consultants and higher education.  The panel members were Mark Krisak, Director of Information Security, HEB; Chip Meadows, Sr. Security Analyst, UTSA; Joe Oranday, Vice President, Enterprise Information Security, Frost; Steve Werby, President and Senior Information Security Consultant, Befriend.
Continue reading ‘Tips to Guard Against Hacks and Attacks’

Hospital Data Breaches

Earlier this month, Lisa Vaas published an article on the Naked Security web site on the Ponemon Institute’s Third Annual Benchmark Study on Patient Privacy & Data Security funded by ID Experts.  Ms. Vaas did a good job of summarizing the most significant finding in the report, that of increase of data breaches over the past three years are due mainly to a lack of secure devices and staff negligence (see graph from report below).

Data Breach Graph

Continue reading ‘Hospital Data Breaches’

Security as a Subset of Risk Management

What does Risk Management mean to you?  If you have read my blog you know that I focus on topics like Security or Compliance.  You may have noticed, as well, that my title is Chief Risk Officer and you may have wondered how this fits together.  Compliance cannot exist without the appropriate controls (security) in place.  Moreover, Risk Management can be said to be the art of balancing the value of the cost of a control versus the value of the benefit derived from the control.

Continue reading ‘Security as a Subset of Risk Management’

The Payment Processing Chain – Holistic Risk Management

ATM keypadA lot of people in the credit card industry focus on the compliance and security component of the payment processing chain that they control.  This is expected and is the right thing to do.  Most people do not have an appreciation of the steps needed for a successful transaction.  Some merchants, cards and banks could have varying processes but most transactions involve, at a minimum, a consumer, a merchant, a payment gateway or processor, the card brand and the bank issuing the card.  In order for a transaction to complete, the reverse path is taken to validate the transaction.  Add in credits, refunds and loyalty programs and that’s a lot of moving parts in a system that appears to act instantaneously.  The system works well and we all depend on that.
Continue reading ‘The Payment Processing Chain – Holistic Risk Management’

Holiday Security – Manage Your Risks

Credit CardsWelcome to the holiday season!  Along with the holiday cheer, parties, presents and spending come some risks of which we should all be aware.  Situational Awareness is a phrase that some might not recognize.  Situational Awareness entails being aware of your surroundings and environment and adapting your behaviors to address the risks being presented.

Continue reading ‘Holiday Security – Manage Your Risks’

How Much is Your Data Worth?

online shoppingEveryone knows that a lot of information about each of us is floating around various segments of the internet.  The prevalence of online shopping, social media and portable computing has made us comfortable with this and in many ways that is a good thing for commerce, society and individuals.  Many of us feel very confident in the controls that exist to protect data about us and in most cases that confidence is well founded.
Continue reading ‘How Much is Your Data Worth?’

ConSec ’12 Recap

ConSec '12 Consumerization of IT – Are You Keeping Pace?Earlier this month, I attended ConSec ’12 Consumerization of IT – Are You Keeping Pace? in Austin, TX.  This year marks the tenth bi-annual gathering and it was a three-day event that offered attendees a choice of one of four optional workshops followed by two full days of sessions in three tracks.  This regional conference targets attendees from Texas and the four surrounding states.  Vendors were clearly visible in the exhibit area.  The uniqueness that helps contribute to the continuing success of this conference is the hosting.  Volunteers from four organizations act as planners, schedulers, marketers, logistics experts and hosts.
Continue reading ‘ConSec ’12 Recap’

Where Are You on HIPAA Compliance?

Electronic Health Records for HIPAAHealthcare information and the push to adopt Electronic Health Records by 2014 can be very intimidating.  The Medicare and Medicaid programs provide incentives to eligible professionals, hospitals and critical access hospitals as they adopt, implement, upgrade or demonstrate meaningful use of certified Electronic Health Record (EHR) technology.  For many healthcare professionals, this is a daunting and scary proposal.  Firstly, it can change the way a practice is conducted.  Secondly, the cloud or internet can be a very confusing place.  The prevailing notion of the cloud is that is it an unsafe place over which you, as a user, have no control.

Continue reading ‘Where Are You on HIPAA Compliance?’