HIPAA and Your Business Associates

The number of claims filed under the Health Insurance Portability and Accountability Act (HIPAA) have spiked recently. The latest figures from the U.S. Department of Health and Human Services (DHS) show that the government is increasing its enforcement efforts regarding the federal privacy law. The U.S. Office of Civil Rights (OCR) has reported that it […]

The Clock Is Ticking – Part 2 Migrate From SSL/TLS Now

It has now been over a month since the Payment Card Industry Data Security Standard (PCI DSS) 3.0 as officially retired on June 30. In part 1 of this series on PCI DSS 3.1 migration, we noted that version 3.1 was swiftly introduced in April 2015 as a response to major security flaws discovered in open […]

Malware Risk Management

Prevent, detect, and contain: that’s the National Security Agency (NSA) advice for mitigating the damage of malware attacks. The NSA’s new report, “Defensive Best Practices Against Destructive Malware,” provides a good proactive baseline for warding off attacks, along with advice on how to keep attackers from running amuck after they have gained some access to […]

PCI DDS 3.1 – Managing Migration

It’s nearing a month since the Payment Card Industry Data Security Standard (PCI DSS) 3.0 as officially retired on June 30. PCI DSS 3.1 was swiftly introduced in April 2015 as a response to major security flaws discovered in open source SSL, and the exploits –  including Heartbleed, Shellshock and POODLE – that targeted the […]

Securing Government Systems

A new report released today from the software security firm Veracode contained alarming news about the data security practices of many federal agencies. Veracode’s business is auditing the source code of applications for security vulnerabilities. The report documents 208,670 application scans conducted over 18 months for the company’s private and government customers. An analysis of […]

Auditing Systems

A new report released today from the software security firm Veracode contained alarming news about the data security practices of many federal agencies. Veracode’s business is auditing the source code of applications for security vulnerabilities. The report documents 208,670 application scans conducted over 18 months for the company’s private and government customers. An analysis of […]

HIPAA Audits And Data Security

A random audit program to gauge Phase 2 HIPAA compliance is expected to be underway soon. This round will target business associates, including financial institutions that are typically exempted from HIPAA compliance when they provide what are considered to be typical banking services such as payment processing and credit/loans. But financial institutions that “create, receive, […]

PCI DSS 3.1 – Countdown For The June 30 Compliance Deadline

Recently, the PCI Security Standards Council issued Payment Card Industry Data Security Standards (PCI DSS) version 3.1 (PCI DSS v3.1), with “minor updates and clarifications” to PCI DSS v3.0, which went into effect on January 1, 2015. The most significant change: PCI DSS v3.1 prohibits the use of any version of SSL for any PCI […]

What You Need To Know Now About The LastPass Hack

On Monday, LastPass announced that it had been the target of a successful data breach.  Here’s what you need to know and do now, if you relied on this extremely popular service to secure and manage your passwords. When was the breach discovered? On Friday, June 12, the the LastPass team discovered and blocked suspicious […]

The State of Data Security Intelligence

The Informatica and Ponemon Institute’s second annual survey on data centric security, “The State of Data Security Intelligence,” has been released. Given the growing number of high-profile breaches, the report’s findings won’t shock anyone. Instead, they will confirm what we all know. That said, the number of organizations who admitted that they have little to […]