The Payment Card Industry (PCI) Security Standards Council (SSC) is an open global forum for the ongoing development, enhancement, storage, dissemination, and implementation of security standards for account data protection. The 2013 meeting will focus on the updates to core PCI standards: PCI DSS, PTS PA-DSS.
Getting the latest information about the PCI Data Security Standard (DSS) is vital as products and technologies continue to change at a rapid pace. Being part of the conversations, networking with like-minded professionals, and interacting directly with payment card brands are just a few of the benefits of attending the seventh annual PCI SSC North American Community Meeting. The meeting runs September 24–26, 2013, at the Mandalay Bay Convention Center in Las Vegas, Nevada.
Read More »
Tags: Compliance Solution for PCI DSS 2.0, pci, PCI Compliance, security
The fourth consideration in this 9 HIPAA Network Considerations blog series, we look at whether ‘not knowing’ is a valid defense post-breach. Is Ignorance Bliss, or will that get you into trouble?
Remember, the HIPAA Omnibus Rule was released January 23, 2013, became effective March 26, 2013 with compliance to the updates se for September 23, 2013. Audits will also start up again for covered entities and business associates in late 2013 or early 2014. Read More »
Tags: healthcare, HIPAA, PCI Compliance
Next in this 9 HIPAA Network Considerations blog series, I cover the third network consideration focusing on knowing where your PHI is. Remember, the HIPAA Omnibus Rule was released January 23, 2013, became effective March 26, 2013 with compliance to the updates se for September 23, 2013. Audits will also start up again for covered entities and business associates in late 2013 or early 2014.
Read More »
Tags: byod, healthcare, HIPAA, PCI Compliance, privacy, security
I see and hear a variety of acronyms being used on a daily basis. I recently heard one tossed around with good humor that makes a point: TMA or Too Many Acronyms. Every once in a while, when I think I’ve embedded the definition and use of an acronym into my long-term memory (anything beyond an extended weekend), it seems as if either a new acronym was spawned, or it has been overloaded with a different meaning. My goal in this blog post is offer both a refresher on some topical acronyms that appear to be quite commonly circulated in security technology circles and media outlets. It is challenging to be a subject matter expert in every aspect of cyber security. Whether you are reading an article, joining a conversation or preparing for a presentation or certification in the realm of cyber security, you may not be completely perplexed by these acronyms when you come across them and become more familiar with them. For situational purposes, I organized the acronyms into categories where I have seen them used frequently and included related links for each of them.
AAA: Authentication, Authorization, and Accounting. This is a set of actions that enable you to control over who is allowed access to the network, what services they are allowed to use once they have access, and track the services and network resources being accessed.
ACL/tACL/iACL/VACL/PACL: Access Control List. ACLs are used to filter traffic based upon a set of rules that you define. For ACLs listed with a prefix (for example, t=transit, i=infrastructure, V=VLAN (Virtual Local Area Network), P=Port)), these ACLs have special purposes to address a particular need within the network.
FW/NGFW/FWSM/ASASM: Firewall/Next Generation Firewall/Firewall Service Module/Adaptive Security Appliance Services Module. These products provide a set of security features designed to govern the communications via the network. Cisco provides firewall features as a dedicated appliance or hardware module that can be added to a network device such as a router.
IPS: Intrusion Prevention System. Typically, this is a network appliance that is used to examine network traffic for the purposes of protecting against targeted attacks, malware, and application and operating system vulnerabilities. In order to ensure the effectiveness of a Cisco IPS device, it should be maintained using Cisco’s IPS subscription service.
DNSSEC: Domain Name System (DNS) Security Extensions. That’s right, we have an acronym within an acronym. These are the specifications for security characteristics that make it possible to verify the authenticity of information stored in DNS. This validation makes it possible to provide assurances to resolvers that when they request a particular piece of information from the DNS, that they receive the correct information published by the authoritative source. Read More »
Tags: byod security, Cisco Security, cybersecurity, HIPAA Compliance, incident response, MDM, PCI Compliance, pci-dss, security, vulnerability
Continuing the thread from the last blog where I discussed the first HIPAA network consideration, ‘HIPAA Audits will continue’, in this blog I’ll discuss the second network consideration on the list below. Remember, The HIPAA Omnibus Final Rule, released January 2013, introduced some significant changes and updates. The 2012 HIPAA audits concluded with some initial findings released from The Department of Health and Human Services (HHS) Office of Civil Rights (OCR). These two events may impact how you govern your internal organization and network for patient privacy and protection of PHI. The deadline for compliance with the updates to the HIPAA Omnibus Final Rule is September 23, 2013.
Read More »
Tags: Audit Program Protocol, healthcare, HIPAA, PCI Compliance