what we're reading, week of 7/27

Endpoint-Security Info… US Federal Agencies Flunk the Security Standards Exam Agent Smith provides some shocking information about the US federal civilian agencies. According to a report by the Government Accountability Office (GAO) almost all the agencies had major flaws in security controls and management—in particular, one that was lacking was the use of firewalls (see page 19 in the report). Failure to comply with standards could allow for successful cyberattacks. Schneier on Security… Risks of Cloud Computing Using an excerpt from an article that appeared in the New York Times, Bruce Schneier agrees with the risks Jonathan Zittrain raises about cloud computing. Real life, cloud computing scenarios are put in to perspective with this essay. With cloud computing being such a big hype, it’s a great read to understand the risks associated with it. Around the Blogosphere… Black Hat is taking place this week and many of our friends are at the event. For those who couldn’t attend the show (like us), here are some helpful resources to learn about the show’s happenings: LinkedIn Group, @BlackHatEvents, Delicious, @JeremiahG and Security Warrior...

what we’re reading, week of 7/27

Endpoint-Security Info… US Federal Agencies Flunk the Security Standards Exam Agent Smith provides some shocking information about the US federal civilian agencies. According to a report by the Government Accountability Office (GAO) almost all the agencies had major flaws in security controls and management—in particular, one that was lacking was the use of firewalls (see page 19 in the report). Failure to comply with standards could allow for successful cyberattacks. Schneier on Security… Risks of Cloud Computing Using an excerpt from an article that appeared in the New York Times, Bruce Schneier agrees with the risks Jonathan Zittrain raises about cloud computing. Real life, cloud computing scenarios are put in to perspective with this essay. With cloud computing being such a big hype, it’s a great read to understand the risks associated with it. Around the Blogosphere… Black Hat is taking place this week and many of our friends are at the event. For those who couldn’t attend the show (like us), here are some helpful resources to learn about the show’s happenings: LinkedIn Group, @BlackHatEvents, Delicious, @JeremiahG and Security Warrior...

Network Security with electronic health records

In last week’s highlights, we included a post from Branden Williams’ Security Convergence Blog on EMRs. We thought this weeks’ post would be a good opportunity to elaborate on Branden’s and our own from earlier in the year, How can businesses ensure HIPAA compliance? The push is on for adoption and if healthcare providers don’t adapt, they face some potentially sharp teeth. We read that, “Failure to implement EMR by 2014 may result in increased malpractice premiums and increased exposure to malpractice claims, as well as a reduction in Medicare reimbursement, beginning in 2015”. Ouch! So what’s the tie to VPN’s? We see a significant portion of the EMR communications being wireless. Don’t believe us? Next time you’re in a hospital, take note of all the handheld devices the staff is marching around with. How about hospice workers who update records via PDA’s? How about in-facility WLAN and WiFi networks? Doctors use laptops from room to room and hotspots are popping up in cafeterias, waiting rooms, etc. all over the country. The list goes on and as it grows so does the threat to information traveling wirelessly. EMRs are a great benefit to the healthcare industry and have the potential to improve patient care definitively. With solid VPN’s in place, HIPAA can be satisfied as well as protecting the great benefits wireless communications have on worker productivity. The right VPN tech is important too – avoiding vendor lock, ensuring the tech fits facility policy and doesn’t force policy changes, and it must be easy enough to users that they don’t even notice it’s running (otherwise, they’ll find a way...

what we're reading, week of 7/20

Branden Williams’ Security Convergence Blog… Guest Post: HITECH Alters HIPAA—Will HIPAA be ‘Hip’? Guest blogger, Bindu Sundaresan discusses the changes to HIPAA, and how they will impact healthcare management’s current way of dealing with electronic health records (or EMRs). As these ‘rules are here to stay’, Bindu reminds us to seek advice from our security consultant to stay compliant. How does this relate to VPN? EMRs need to be sent over secured VPN networks—check out NCPs Rene Poot’s comments on HIPAA. IT Blog Watch | ComputerWorld… Windows 7 ready (to manufacture): 7600.16385 is RTM ID Yesterday, Microsoft announced that Windows 7 is now available as an RTM, as well as Windows Server 2008 R2. Since W7 was announced, bloggers and journalists have all shared their two cents. Now that it’s finally ready for manufacturing, Richi Jennings captures a few recent reactions —some excited, shocked, bored. If you’re unsure of how W7 may impact you, it’s a great source to get a handful of the various opinions all in one place. Assets Protection Blog… It’s Official: Your Internet Address Isn’t Private Mark Nestmann reports on a recent ruling by U.S. District Court Judge Richard Jones which, states an individual does not have the right to keep his/her IP address anonymous. This means any Website can legally collect IP addresses. What is more troublesome is that Website ownersr can easily combine an IP address with other information to determine someone’s identity. To secure your ID and web-surfing habits use a VPN—this way the website records your IP address of the proxy, not of your...

what we’re reading, week of 7/20

Branden Williams’ Security Convergence Blog… Guest Post: HITECH Alters HIPAA—Will HIPAA be ‘Hip’? Guest blogger, Bindu Sundaresan discusses the changes to HIPAA, and how they will impact healthcare management’s current way of dealing with electronic health records (or EMRs). As these ‘rules are here to stay’, Bindu reminds us to seek advice from our security consultant to stay compliant. How does this relate to VPN? EMRs need to be sent over secured VPN networks—check out NCPs Rene Poot’s comments on HIPAA. IT Blog Watch | ComputerWorld… Windows 7 ready (to manufacture): 7600.16385 is RTM ID Yesterday, Microsoft announced that Windows 7 is now available as an RTM, as well as Windows Server 2008 R2. Since W7 was announced, bloggers and journalists have all shared their two cents. Now that it’s finally ready for manufacturing, Richi Jennings captures a few recent reactions —some excited, shocked, bored. If you’re unsure of how W7 may impact you, it’s a great source to get a handful of the various opinions all in one place. Assets Protection Blog… It’s Official: Your Internet Address Isn’t Private Mark Nestmann reports on a recent ruling by U.S. District Court Judge Richard Jones which, states an individual does not have the right to keep his/her IP address anonymous. This means any Website can legally collect IP addresses. What is more troublesome is that Website ownersr can easily combine an IP address with other information to determine someone’s identity. To secure your ID and web-surfing habits use a VPN—this way the website records your IP address of the proxy, not of your...