RSS Alerts

Share

More services

Geoff Webb

Job title:
senior product marketing manager, Credant Technologies

Areas of expertise:
security, compliance, security process automation, security information, event management

Biography:
Geoff Webb has over 20 years of experience in the tech industry and has provided commentary on security and compliance trends, and written on a number of related topics for such journals and websites as: CIO Update, The Tech Herald, Compliance Authority, Virtual Strategy Magazine, TechBlind, Internetnews.com, e-Finance & Payments, Law & Policy, Dark Reading, BankInfoSecurity.com, Payment News and InfoSecurity.com, among others. As a senior manager of product marketing at Credant Technologies, Webb is responsible for compliance, security management and configuration control solutions. Prior to Credant, Webb held management positions at NetIQ, FutureSoft, SurfControl and JSB. Webb holds a combined bachelor of science degree in computer science and prehistoric archaeology from the University of Liverpool.

Tag Cloud

MalwareSecurityWiFicloud securitycloudhackingComplianceDavid Harley

Bloggers

Blog

HITECH, breaches, and a little sunlight

A good article in InfoSecurity on May 5th on the HITECH act got me thinking (as good articles should) about health records, security, and well, all things HIPAA-ish.

I certainly agree with much of what was said, and I think it’s clear that the pressure is ramping up rapidly to not only comply with HITECH, but to do so in a way that is secure. Because there, you see, is the rub. If there’s anything that the last few years of PCI-DSS (Payment Card Industry Data Security Standard) has taught us, it’s that being compliant doesn’t guarantee a whole lot when it comes to keeping data secure.
 
Compliance with any standard, whether that’s HIPAA/HITECH, PCI-DSS, NERC CIP or your acronym of choice, is a way of measuring, usually at a broad-brush level, whether the basics for good security are getting done. It isn’t a measure of whether you’re likely to get breached, but rather an assurance that the minimum level of attention is at least being paid to the problem.  
 
Sadly, media reports highlight soo many organizations that learned this lesson the hard way.
 
One of the nice things about compliance, however, is that it provides a framework for discussing what’s working, what’s not, and increasingly, a way to bring some market pressure to organizations who have had less than stellar security in the past.  A little sunlight gets shone into the dark corners of the security closet.  
 
So I took my browser over to the Department of Health and Human Services site where they list the breaches of health records covered under HITECH (affecting 500 or more individuals). Over the last six months over 1.3 million records have been breached. Sadly, given the scale of some of the more notorious credit card breaches, which are measured in the tens of millions, that number doesn’t even seem that large. The difference here, of course, is that the information being breached isn’t just your credit card number; it’s a lot more than that. This is information that is about as personal and private as you can get.
 
The fact is that while any regulation around protecting healthcare information is a good start and should be applauded and supported, there is clearly a long way to go to keep our highly sensitive, and unfortunately, very valuable, personal information out of the wrong hands.
 
Many of the breaches recorded are the result of laptop or other electronic device theft, while a significant number are also associated with paper records. Both of these would suggest there are some significant process problems to be addressed above and beyond the technical security controls we often see discussed.
 
While it  can be unnerving reading, breach notifications like the aforementioned do ultimately force organizations to take information security far more seriously. And, perhaps HITECH will have the same effect on healthcare records that the oft-maligned PCI-DSS has had on credit card data – raising the discussion to the boardroom and making senior decision makers sit up and take notice. 
 
If that happens, then HITECH will be a success.

Posted 13/05/2010 by Geoff Webb

Tagged under:HITECH,PCI DSS,data breach,compliance

RE: HITECH, breaches, and a little sunlight
Posted 23/11/2010 by kate john
[url=http://www.neilexamreview.org/]cissp exam[/url]
RE: HITECH, breaches, and a little sunlight
Posted 23/11/2010 by kate john
Nice post and i also want to share more do you have your blog ready for the world to see. However, after a few months of being live, you are still experiencing just a little amount of site traffic. Therefore, what do you think you should do so you can increase blog traffic? Here are five ways to help you with your problem. 1. Try article marketing This technique has been around for many years but still remains very effective. What you need is to write some articles and then submit these to the top article directories. The more directories that you can submit to, the better. Now if you are not that skilled in writing an article, you can get the services of a Filipino freelance copywriter to do the job for you. 2. Guest posting When you guest post, you write an article on another person’s blog and you will be given the chance to include a link or two back to your own blog. These links are usually found after the article. Keep in mind that you should post only on blogs that share the same topic, niche or category as yours. And you should write a high quality article or else it would be rejected by the site owner. Read more in Blogging « How to Run a Successful Blog Blog Your Way to Happiness » 3. Blog commenting One of the best blog traffic tips is blog commenting. One thing that you can do when you comment on a blog is to use your keywords for the name field. This way it will be the anchor text where it would normally be the name of the person commenting. Now be careful when you do this and do not resort to this technique very often or you will be considered a spammer. Vary your anchor text and also make sure that you leave quality comments all the time.
RE: HITECH, breaches, and a little sunlight
Posted 20/05/2010 by Geoff WEbb
Silvia, You're right. So much of what we're seeing now is interest in putting controls in place to react when the people element of the security strategy fails. It's not surprising that monitoring privileged users is such a hot topic - when people are giving away their passwords in exchange for chocolate you'd better have a good method for detecting insider attack and anomalous behavior.
RE: HITECH, breaches, and a little sunlight
Posted 18/05/2010 by SILVIA JULIAN SANCHEZ
HITECH, breaches, and a little sunlight Hi Geoff, Base on your comment: The human link: “Security is not a Technology problem - It’s a People and Management problem. As developers invent continually better Security Technologies, making it increasingly difficult to exploit technical vulnerabilities, attackers will turn more and more to exploiting the human element. Cracking the human firewall is easy, requires no Investment beyond the cost of a phone call, and involves minimal risk” Social Engineering will be discuss Phishing Vishing Spam Mails Popup window Interesting Software Pretexting -Impersonation Dumpster Diving Spying and Eavesdropping Acting as a technical expert Hoaxing Authoritative voice "Survey carried out by Infosecurity Europe shows, More than 70% of people would reveal their computer password in exchange for a bar of chocolate. 34% of respondents volunteered their password when asked without even needing to be bribed. 79% of people unwittingly gave away information that could be used to steal their identity when questioned. 33% said they shared passwords or wrote them down to make it easy to remember which one to use on which website. Another study found that out of the 576 office workers who were surveyed, 45 percent of women were prepared to give away their passwords to strangers masquerading as market researchers. Chocolate and trips to Paris offered as incentive for completing the survey." Sources: BBC , ChannelWeb

Comment on this blog

You must be registered and logged in to leave a comment about this blog.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012