Welcome to Collaborative Strategy Guild Where insights are transformed into actions at the intersection of collaboration, information management, security, and business strategy.
|
[Excerpted from "Security Via HIPAA Compliance," a new report By Diana Kelley and Ed Moyle, posted on Dark Reading's Compliance Tech Center.]
Healthcare compliance requirements can be a driver to improve your organization’s overall security. Here’s how:
If your security organization is in the healthcare space, you inevitably are wrestling with the Healthcare Information Portability and Accountability Act (HIPAA). HIPAA compliance is one of the biggest challenges healthcare IT organizations face — but it also could be an opportunity to advance your security agenda.
For security professionals to leverage compliance investment and activities for broader benefit, they must understand what’s driving current compliance investment.
First, it bears saying that the… Continue reading: Using HIPAA To Advance Your Security Initiative
Ed’s October article for TechNewsWorld takes a look at why it’s so hard for companies to determine the true cost of security initiatives and controls.
Organizations love false economies. It may not be an entirely conscious act on their part, but it’s certainly the truth: Hang around any organization long enough and you’ll find at least one instance where it tries to save on doing A but winds up spending more on doing B in the process.
Consider, for example, expense policies that require employees to stay one or more extra nights when traveling. Because airfare is lower when weekend travel is involved, organizations might be tempted to ask employees to do… Continue reading: The False Economies of the Info Security World
In his monthly Opinion piece, Ed discusses why BYOB requires a fresh look at AUPs:
The use of personal devices for corporate tasks is on the rise, and too many IT departments haven’t fully addressed the information security ramifications of the trend. To tackle the situation, you’ll need to first get a handle on what your current policies are as they relate to management intent as well as what policies you’re already enforcing technically.
It’s a myth that ostriches bury their heads when they spot danger. It sounds plausible, but in reality, they’re just like us: In the face of imminent danger, they either run or attack (“fight or flight”).
This makes sense when you… Continue reading: Wrapping Personal Devices and Critical Data in Stale Policies
TechTarget just published my analysis on the PCI Tokenization Guidelines:
For years, security experts have touted the value of credit card tokenization for limiting PCI scope. The National Retail Federation (NRF) listed tokenization in its January 2009 “Key PCI Best Practices” document, and Gartner Inc. analysts John Pescatore and Avivah Litan explained how tokenization can be used to reduce PCI scope in their August 2009 research note, “Using Tokenization to Reduce PCI Compliance Requirements.”
Now, following the long-awaited release of its PCI Tokenization Guidelines in August 2011, the PCI Security Standards Council (SSC) has made it official: tokenization can reduce scope for PCI audits. Organizations that were waiting for the council’s opinion can now… Continue reading: Analysis: PCI Tokenization Guidelines offer Clarity, but Questions Remain
 Ed’s column in TechNewsWorld this month takes a look at “Big Data” -
Over the past few decades, most IT shops have followed a somewhat similar trajectory: Starting from a centralized model (i.e., the mainframe days), computing resources, much like the cosmological Big Bang, have exploded outwards to become ever-more-distributed and decentralized. This makes sense given market dynamics. Computing platforms evolve quickly, so monolithic computing platforms that require heavy up-front investment are less efficient from a depreciation standpoint (i.e., from a MIPS per dollar per year point of view) than numerous, incremental investments in lower-powered devices.
So it’s natural that processing would decentralize…. Continue reading: Is InfoSec Ready for Big Data?
|
|
