Threats to your data never go away.
Neither should your security partner.
phone 614.819.0151
Are you making progress with organizational compliance to the HIPAA Omnibus Final Rule?
- 14:57 - May 27th, 2013
- 0 Comments
Posted by admin at 14:57 in Committee Action, Compliance, HIPAA, HITECH, Omnibus Final Rule
Those covered by HIPAA have until September 23rd to reach compliance with the most of the final rule’s provisions including modifications to the Breach Notification Rule and Business Associates rules modifications, HIPAA Omnibus Final Rule became effective on March 26, 2013. We have helped a number of organizations including client’s that have ongoing HIPAA governance operations as well as new customers that have come with us for assistance in setting up HIPAA compliance. If you have not yet started your work toward Final Rule compliance here’s some important information. Health and Human Services summarized the more than 500 pages of the Omnibus Rule: 1. Final modifications to the HIPAA Privacy, Security, and Enforcement Rules mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act, and certain other modifications to improve the Rules, which were issued as a proposed rule on July 14, 2010. These modifications: a. Make
Read MoreTrending: Future Predictable Problems for 2013
- 11:36 - January 9th, 2013
- 0 Comments
Posted by admin at 11:36 in Information Security, Jacadis, Secure Value
One trend you can count on year to year is that as the countless New Year trend articles. What’s in? What’s out? What’s coming? What’s going? Some of these are fun. Some are blatant marketing with titles like “7 threats only our technology protects you from” and can just be tossed aside. Other trend articles are helpful in providing some sense of a radar view of the future predictable problems that lie ahead for our businesses. We see a convergence of trends across technical, economic and regulatory categories. Are you ready to manage your security and risk management program in light of these predictable problems in 2013? Technology Advances Are Eroding the Perimeter; Expanding Attack Surface One trend we are sure you’ll see is long lists of lists about how cloud, social and mobile technologies will change the way we work, live, protect our data, innovate and so on. These
Read MoreTest your web site’s security!
- 07:50 - November 10th, 2012
- 0 Comments
Posted by admin at 07:50 in Application Development, Assessments and Tests, Jacadis, Secure Coding, Secure Value, Secure Web Development
Qualys (Photo credit: Wikipedia) One of Jacadis' longest standing partners is Qualys. Qualys produces a vulnerability management suite that helps our customers manage vulnerabilities, measure compliance and maintain security. Qualys also publishes a set of free tools for the public to use. You can check your web site with FreeScan. With your FreeScan, you can run scans to detect security threats: Network perimeter vulnerabilities Web application vulnerabilities Malware hosted on your website We recommend and some regulatory or contractural obligations may require regular site scanning. Scanning regularly for vulnerabilites and malware is part of a best practice security program. We find that many customers that come to us after a breach through their web properties built their web sites without thinking about security requirements. The sites were released into production without a security test. The sites were on the net for years without proper attention to their security needs. Does
Read MoreAre you ready for the next big storm?
- 22:36 - October 31st, 2012
- 0 Comments
Posted by admin at 22:36 in Uncategorized
Is your business prepared for the next big storm? Have you considered the potential obstacles to your successful ongoing operations that a man made or natural disaster might create? Have you changed your operation to reduce the impact? Do you know what you'll do if you lose key technologies? or access to facilities? or if your employees can't get to work? Sandy is a reminder that bad things happen. In the news we'll see the emotional stories about lost loved ones, miraculous rescues, incredible destruction, innocent animals, ruined fortunes and so on. We won't see much about the small business that loses a month of revenue as they rebuild infrastrucure, shuts its doors because it GL system wasn't backed up or lost enormous value becuase key intellectual property was destroyed. We do formal disaster recovery plans. We also conduct contingency tests that test those plans. A formal plan is best,
Read MoreNot Just another HIPAA presentation!
- 11:54 - October 7th, 2012
- 0 Comments
Posted by admin at 11:54 in HIPAA, HITECH, Jacadis, Speaking Engagement
I've been invited to present to the GroundWork Group's Nonprofit IT forum over the lunch hour on Tuesday, October 10th. The presentation is titled Not Just Another HIPAA Presentation: Canary in a coal mine: 5 questions to ask to confirm your HIPAA compliance. Are you familiar with the role of the canary in a coal mine? Back in the old days coal miners would carry canaries in small cages down deep into the mines with them. If deadly gases such as methane or carbon monoxide were collecting in the shafts and tunnels, the canary would die alerting the miners to get out! Great for the miners, but not so great for the canary. We have identified a handful of questions that serve as canaries in the coal mine for organization’s trying to get a handle on whether they are HIPAA compliant or not. If you can answer these question with
Read MoreWhat did you do with that Incident Response template your cyber liability insurer provided?
- 10:02 - September 5th, 2012
- 0 Comments
Posted by admin at 10:02 in Committee Action, Risk Management, Secure Value
Insurance (Photo credit: Christopher S. Penn) I’ve had two clients in two weeks present to us as part of an assessment an incident response plan template provided to them as part of the documents their cyber liability insurer provided them along with their policy. Neither client had done anything with the template yet presented them as proof that they did indeed have an incident response plan. Incidents that are handled on the fly without any prepared plan can be a magnitude more costly thatn those that are managed through a prepared plan. For that reason I think it is a good thing that the insurance companies have provided a template that provides structures for a plan. It is good for the client, the insurer and everyone else involved. My concern is neither client felt compelled to do anything with the templates that were provided. In the heat of the moment
Read MoreNew Java Vulnerability Announced
- 14:40 - August 27th, 2012
- 0 Comments
Posted by admin at 14:40 in Uncategorized
I don't usually post these kinds of postings, but our Vulnerability Management Overwatch team responded to a question from a client this morning. I thought I would pass it along for you to use. Initial reports from this morning show that there is a new vulnerability in Java. This particular exploit can successfully infect a fully patched computer running Windows 7 and the latest Java Upate. Currently there is no update from Oracle. This particular vulnerability works against across all browsers in different operating systems. Once activated the exploit will download a virus which will allow it to connect to a Command and Control (C&C) server allowing it to remotely control an infected computer. Currently these attacks are coming from a site hosted in China. The following software is known to be vulnerable with this Java update: Windows 7, Vista and XP running Internet Explorer or Firefox with Java 7
Read MoreDropBox Security Breach: What it means to your business
- 15:50 - August 3rd, 2012
- 0 Comments
Posted by admin at 15:50 in Information Security Basics, Jacadis, LinkedIn, Secure Value, Security in the Business News, Small Business
Image via CrunchBase In what seems to be a common trend in Cloud service businesses, Dropbox announced a security breach this week in which an user e-mail addresses and passwords were obtained from an employee account. Earlier this month, Yahoo made a similar announcement with at least 400,000 users e-mail addresses and passwords breached with the resulting information posted online by a group of hackers trying to push yahoo to secure their numerous vulnerabilities. Back on June 6th, LinkedIn confirmed that there was a major security breach on their website and that “some passwords” were stolen from user accounts. Those passwords were posted on a website in Russia with containing 6.5 Million encrypted passwords with additional reports of 200,000 of those passwords already been hacked. In the next few days the media will probably pounce on this story and discuss various the various steps you should take in order to
Read MoreJacadis adding to Services Team …. Analyst/Engineer and a PT specialist
- 00:58 - July 28th, 2012
- 0 Comments
Posted by admin at 00:58 in Jacadis
Given upcoming customer committments and continued business growth, Jacadis anticipates adding two positions within the next 60 days. We believe we need a Penetration Testing Specialist and a Security Analyst to add to our growing services team in that time period. Before we formally posted at all the usual places I wanted to put both postings up here to see who might have an interest. Again, we envision two positions: For Jacadis, a Network Security Engineer, works on assessments but primarly solves client problems post assessment with the implementation and operation of security technologies and controls. For Jacadis, a PT Analyst 2012, focuses on our penetration testing services as the lead delivery component in that effort, reporting to and supporting the efforts of our CTO to grow that part of our business. We are open to extending our current team with an independent contractor who focuses on this type of
Read MoreJacadis hiring! We are looking for an experienced office manager …
- 12:35 - June 28th, 2012
- 0 Comments
Posted by admin at 12:35 in Jacadis
Our company, Jacadis,is seeking a full-time office manager to join our information security team. We seek a full-time, experienced administrative professional to manage and direct communication, provide support for company principals and field staff, manage the business office and finances, coordinate services invoicing and reporting and provide event support and planning. Frankly, this is the person that will help us keep the details in order while we take care of our customers' information security needs. The Office Administrator will report directly to and be supervised by myself. You'll be joining a fantastic team. If you are interested I've provided more detail in the Download Office Manager 2012.
Read More
Archives
- May 2013
- January 2013
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- March 2010
- February 2010
- January 2010
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
Categories
- #ct09
- Application Development
- Assessments and Tests
- Breach Notifications
- Committee Action
- Competitive Advantage
- Compliance
- Continuity Planning
- COPPA
- Ethics
- Events
- Happy Hour
- HIPAA
- HITECH
- Information Security
- Information Security Basics
- Innovation
- Jacadis
- Leadership
- Living Securely
- Mobile Security
- Omnibus Final Rule
- Online Business
- PCI
- Physical Security
- Policy
- Privacy
- Process
- Red Flags
- Remote Workers
- Risk Analysis
- Risk Management
- RoadWarrior
- Secure Coding
- Secure Value
- Secure Web Development
- Security Awareness
- Security in the Business News
- Small Business
- Social Media
- Speaking Engagement
- Threats
- Trust
- Uncategorized
- Vendor Selection