Earlier this month, Lisa Vaas published an article on the Naked Security web site on the Ponemon Institute’s Third Annual Benchmark Study on Patient Privacy & Data Security funded by ID Experts. Ms. Vaas did a good job of summarizing the most significant finding in the report, that of increase of data breaches over the past three years are due mainly to a lack of secure devices and staff negligence (see graph from report below).
Continue reading ‘Hospital Data Breaches’
What does Risk Management mean to you? If you have read my blog you know that I focus on topics like Security or Compliance. You may have noticed, as well, that my title is Chief Risk Officer and you may have wondered how this fits together. Compliance cannot exist without the appropriate controls (security) in place. Moreover, Risk Management can be said to be the art of balancing the value of the cost of a control versus the value of the benefit derived from the control.
Continue reading ‘Security as a Subset of Risk Management’
A lot of people in the credit card industry focus on the compliance and security component of the payment processing chain that they control. This is expected and is the right thing to do. Most people do not have an appreciation of the steps needed for a successful transaction. Some merchants, cards and banks could have varying processes but most transactions involve, at a minimum, a consumer, a merchant, a payment gateway or processor, the card brand and the bank issuing the card. In order for a transaction to complete, the reverse path is taken to validate the transaction. Add in credits, refunds and loyalty programs and that’s a lot of moving parts in a system that appears to act instantaneously. The system works well and we all depend on that.
Continue reading ‘The Payment Processing Chain – Holistic Risk Management’
Welcome to the holiday season! Along with the holiday cheer, parties, presents and spending come some risks of which we should all be aware. Situational Awareness is a phrase that some might not recognize. Situational Awareness entails being aware of your surroundings and environment and adapting your behaviors to address the risks being presented.
Continue reading ‘Holiday Security – Manage Your Risks’
Everyone knows that a lot of information about each of us is floating around various segments of the internet. The prevalence of online shopping, social media and portable computing has made us comfortable with this and in many ways that is a good thing for commerce, society and individuals. Many of us feel very confident in the controls that exist to protect data about us and in most cases that confidence is well founded.
Continue reading ‘How Much is Your Data Worth?’
Recognition of information security responsibility is reducing costs of breaches.
From time to time I look over the Ponemon Institute reports related to data breach costs to get a feel for the business value of securing data. After reading the most recent Ponemon Institute report, I want to talk about the interesting executive summary highlights.
Continue reading ‘Cost of Data Breach Review’
Earlier this month, I attended ConSec ’12 Consumerization of IT – Are You Keeping Pace? in Austin, TX. This year marks the tenth bi-annual gathering and it was a three-day event that offered attendees a choice of one of four optional workshops followed by two full days of sessions in three tracks. This regional conference targets attendees from Texas and the four surrounding states. Vendors were clearly visible in the exhibit area. The uniqueness that helps contribute to the continuing success of this conference is the hosting. Volunteers from four organizations act as planners, schedulers, marketers, logistics experts and hosts.
Continue reading ‘ConSec ’12 Recap’
Despite increasing adoption in cloud computing, many companies are still hesitant about making the leap to the cloud due to concerns about security. In fact, a recent cloud computing survey revealed that security and compliance are the top inhibitors for cloud adoption.
Continue reading ‘Facing the Facts: How to Avoid Cloud Security Risks’
I attended the ISACA Silicon Valley chapter 2012 Summer Conference, Enabling Trust: Business in the Cloud, on August 23rd and 24th. Some of the organizations presenting included Qualys, SurveyMonkey, EMC Consulting, StrongAuth, Allgress, PwC, Apollo Group, iStreet Solutions, Check Point Software Technologies and Layered Tech.
Continue reading ‘Inherent Trust in the Cloud – ISACA Update’
We will be announcing a next generation secure cloud platform shortly. I want to give you some insight of our thoughts around cloud and security.
Customers are often faced with choosing between greater business agility or highly secure and compliant-ready environments. We do not think this is a fair trade-off. No customer should be forced to forgo the full promise of cloud to achieve running in a secure and compliant environment. Nor should a client need to sort through piles of log data to keep themselves compliant when outsourcing to a cloud service provider. We are addressing this very quandary.
Continue reading ‘Take a Sneak Peek at our Next-Gen Secure Cloud’