Security Issues in Disaster Recovery

There was a movie that came out a few years back with one line that has stuck with me, and the truth behind it is very evident. “There is opportunity in chaos!” And in recovery scenarios, opportunity abounds. One of the real problems when doing business recovery is that too often, our focus is on … Continued

Virtualization As a Part of Disaster Recovery Plan

Mitigation (eliminating or lowering the impact of an incident) is a crucial part of any Disaster Recovery plan, as well as planning itself. I’ve always wanted to underscore the need to have this sorted out in advance, and Hurricane Sandy is the ideal place to point. Some of you will remember hearing about this when … Continued

A 4-Point Summary of FISMA Compliance in 2015

Federal agencies, subcontractors, service providers, and organizations that operate IT systems on behalf of Federal agencies need to be aware of their compliance with the Federal Information Security Management Act (FISMA). This Act exists to safeguard the importance of information security related to the economic and national security interest of the United States. Despite serious … Continued

Finding Inactive Users for SOX Audit

Don’t we tend to inflict nightmares on ourselves? When the small company I was with decided to go public, SOX audit reared its ugly head. And the internal SOX auditors were very quick to jump on those self-inflicted wounds. Allow me to explain. Someone left, and the most that was done to their account was … Continued

3 Ways to avoid HIPAA Violations in a Healthcare Office

The Health Insurance Portability and Accountability Act (HIPAA) defines and establishes compliance regulations for healthcare providers surrounding protected health information (PHI) within healthcare organizations. The consequences of non-compliance are dire, as unsecure PHI can significantly increase the risk of identity theft for patients and have long-reaching professional consequences for individuals with compromising medical histories. Of … Continued

Understanding and Achieving PCI DSS Compliance

The Payment Card Industry Data Security Standard (PCI DSS) establishes compliance regulations that affect businesses accepting credit, debit, or prepaid cards as payment online, by telephone, or by individual terminals. Because so many businesses use credit, debit, and prepaid cards as a core business function, the standards and regulations set forth for PCI DSS compliance … Continued