Welcome to Collaborative Strategy Guild Where insights are transformed into actions at the intersection of collaboration, information management, security, and business strategy.
|
As the second law of thermodynamics tells us, all things trend toward chaos and this is no less true with a virtual environment. Sprawl can have a real security impact, and it takes discipline and planning to control sprawl — discipline and planning that won’t occur without someone from the security team actively monitoring the problem and formulating strategies for how to address the issue.
VVirtualization has been one of the most rapidly and widely adopted technologies in recent memory. It’s huge, and it’s here to stay.
And as security professionals know, setting up a virtual environment securely isn’t easy. Significant effort goes into tasks like evaluating off-premise service providers, ensuring regulatory… Continue reading: Post Virtualization Security
[Excerpted from "Security Via HIPAA Compliance," a new report By Diana Kelley and Ed Moyle, posted on Dark Reading's Compliance Tech Center.]
Healthcare compliance requirements can be a driver to improve your organization’s overall security. Here’s how:
If your security organization is in the healthcare space, you inevitably are wrestling with the Healthcare Information Portability and Accountability Act (HIPAA). HIPAA compliance is one of the biggest challenges healthcare IT organizations face — but it also could be an opportunity to advance your security agenda.
For security professionals to leverage compliance investment and activities for broader benefit, they must understand what’s driving current compliance investment.
First, it bears saying that the… Continue reading: Using HIPAA To Advance Your Security Initiative
Ed’s October article for TechNewsWorld takes a look at why it’s so hard for companies to determine the true cost of security initiatives and controls.
Organizations love false economies. It may not be an entirely conscious act on their part, but it’s certainly the truth: Hang around any organization long enough and you’ll find at least one instance where it tries to save on doing A but winds up spending more on doing B in the process.
Consider, for example, expense policies that require employees to stay one or more extra nights when traveling. Because airfare is lower when weekend travel is involved, organizations might be tempted to ask employees to do… Continue reading: The False Economies of the Info Security World
In his monthly Opinion piece, Ed discusses why BYOB requires a fresh look at AUPs:
The use of personal devices for corporate tasks is on the rise, and too many IT departments haven’t fully addressed the information security ramifications of the trend. To tackle the situation, you’ll need to first get a handle on what your current policies are as they relate to management intent as well as what policies you’re already enforcing technically.
It’s a myth that ostriches bury their heads when they spot danger. It sounds plausible, but in reality, they’re just like us: In the face of imminent danger, they either run or attack (“fight or flight”).
This makes sense when you… Continue reading: Wrapping Personal Devices and Critical Data in Stale Policies
TechTarget just published my analysis on the PCI Tokenization Guidelines:
For years, security experts have touted the value of credit card tokenization for limiting PCI scope. The National Retail Federation (NRF) listed tokenization in its January 2009 “Key PCI Best Practices” document, and Gartner Inc. analysts John Pescatore and Avivah Litan explained how tokenization can be used to reduce PCI scope in their August 2009 research note, “Using Tokenization to Reduce PCI Compliance Requirements.”
Now, following the long-awaited release of its PCI Tokenization Guidelines in August 2011, the PCI Security Standards Council (SSC) has made it official: tokenization can reduce scope for PCI audits. Organizations that were waiting for the council’s opinion can now… Continue reading: Analysis: PCI Tokenization Guidelines offer Clarity, but Questions Remain
|
|
