Polls

How Is My Site?

View Results

Loading ... Loading ...

My Library

Shelfari: Book reviews on your book blog

RISK Analysis Audit

By Barry, on July 29th, 2009

Most Security regulations like HIPAA, SOX, GLBA and PCI (which is an industry standard Not a regulation),  all call for a risk analysis audit.  To many this is an unknown or difficult process, so I thought I would present the common goals for a Risk-based Analysis Audit

GOAL 1: The network defined

We need to [Click to Read more...]

July 29th, 2009 | Tags: , | Category: General, HIPAA | Leave a comment

Why can’t we allow specialists in the IT industry?

By Barry, on July 26th, 2009

Read an article that just blew me away!

“An IT auditor may also work a a forensic specialist (cyberforensic) where the objective is usually directed toward potential crimes or nefarious deeds”

Then let us make lawnmower mechanics,  aviation engineers. Let us have the local lawnmower repair guy service the jet engines to 747s. Obviously we will not!.  [Click to Read more...]

July 26th, 2009 | Tags: , , , , | Category: General | Leave a comment

Disaster Recovery Planning: tabletop exercises

By Barry, on July 22nd, 2009

For most medical practitioners the full concept of Disaster Recovery Planning (DRP) is sadly not fully understood.  This often comes from a very weak approach to Risk Management, since the two concepts are very interrelated.  [ By the way: HIPAA does calls for both, Disaster Recovery Plan see 164.308(a)(7)(ii)(B)  and Risk Management see 164.308(a)(1)(ii)(B)  ]

So [Click to Read more...]

July 22nd, 2009 | Tags: , , , | Category: HIPAA | Leave a comment

Complaint Driven Vs Audit Driven

By Barry, on July 20th, 2009

Complaint Driven Vs. Audit Driven

In October 2008 OIG (Office of Inspector General) conducted an audit of CMS (Centers for Medicare & Medicaid Services) regarding their oversight of HIPAA.  Read the link for more information it is well worthwhile, though for many the impact may be subdued in auditees (auditor speak or lingo).

My summary of the [Click to Read more...]

July 20th, 2009 | Tags: , , | Category: HIPAA | Leave a comment

What we DO NOT look out for.

By Barry, on July 19th, 2009

This was born out of two sequences of events:

(1) Attending the SANS webcast Virtual rountable: featuring Ed Skoudis, Mike Poor, and Hal Pomeranz, the discussion point concerning cyber warfare / cyber attack was raised due to the current activity against South Korean and US government networks.

(2) During the same week I was reading “The Management [Click to Read more...]

July 19th, 2009 | Category: General | Leave a comment

The ostrich the great Defender

By Barry, on July 8th, 2009

The ostrich the great Defender, sorry I mean Pretender.

Why is it that when we have addictive problems, like drugs and alcohol we address the issue by stating you can only get right, once you admit you have a problem. This is why so many meetings have “Hi my name is X, I am [Click to Read more...]

July 8th, 2009 | Category: General | Leave a comment