Welcome to Collaborative Strategy Guild Where insights are transformed into actions at the intersection of collaboration, information management, security, and business strategy.
|
As the second law of thermodynamics tells us, all things trend toward chaos and this is no less true with a virtual environment. Sprawl can have a real security impact, and it takes discipline and planning to control sprawl — discipline and planning that won’t occur without someone from the security team actively monitoring the problem and formulating strategies for how to address the issue.
VVirtualization has been one of the most rapidly and widely adopted technologies in recent memory. It’s huge, and it’s here to stay.
And as security professionals know, setting up a virtual environment securely isn’t easy. Significant effort goes into tasks like evaluating off-premise service providers, ensuring regulatory… Continue reading: Post Virtualization Security
[Excerpted from "Security Via HIPAA Compliance," a new report By Diana Kelley and Ed Moyle, posted on Dark Reading's Compliance Tech Center.]
Healthcare compliance requirements can be a driver to improve your organization’s overall security. Here’s how:
If your security organization is in the healthcare space, you inevitably are wrestling with the Healthcare Information Portability and Accountability Act (HIPAA). HIPAA compliance is one of the biggest challenges healthcare IT organizations face — but it also could be an opportunity to advance your security agenda.
For security professionals to leverage compliance investment and activities for broader benefit, they must understand what’s driving current compliance investment.
First, it bears saying that the… Continue reading: Using HIPAA To Advance Your Security Initiative
In interesting research news, there’s a paper out from Accuvant that attempts to compare the relative security merits of the “big three” browsers: Chrome, FireFox and Internet Exploder Explorer. It’s an interesting read, so I suggest checking it out.
Now, I admit that I was skeptical when I first started reading it. Not only can the “which product is more secure” evaluations be a little spurious, but this particular report is also actually sponsored by Google, so… well… you can see how one might wonder about that… At least without a deeper dive.
However, after reading… Continue reading: Chrome “most secure”? Depends on your frame of reference…
In light of continued shenanigans in the CA community, apparently the CA/Browser forum has put out some guidelines for certificates that are going to be trusted by default in various browsers.
The document is here if you want to check it out.
I get it why the CA’s want this. It’s important that people believe they’re taking action. It’s an entry-heavy, low-maintenance business. Meaning, you invest a lot in the beginning and milk it over a long period of time. But yet, there’s no reason why CA’s have to exist. The exist right now because of… Continue reading: CA Baseline Guidance… skeptical.
So if you recall, I received an inquiry the other day to take a bit further my post where I was quacking about credit unions.
As a refresher, the gist of that discussion was that I found it to be somewhat lame that credit unions were complaining about how they have stringent technical controls whereas merchants don’t. My meta-point was that merchants (at least for card-based payments) have some very stringent (i.e. technically prescriptive) security controls by virtue of PCI compliance. Credit unions, on the other hand, by virtue of their regulatory context, have more “interpretive latitude” in how… Continue reading: Chatting with an auditor about credit unions
|
|
