I see and hear a variety of acronyms being used on a daily basis. I recently heard one tossed around with good humor that makes a point: TMA or Too Many Acronyms. Every once in a while, when I think I’ve embedded the definition and use of an acronym into my long-term memory (anything beyond an extended weekend), it seems as if either a new acronym was spawned, or it has been overloaded with a different meaning. My goal in this blog post is offer both a refresher on some topical acronyms that appear to be quite commonly circulated in security technology circles and media outlets. It is challenging to be a subject matter expert in every aspect of cyber security. Whether you are reading an article, joining a conversation or preparing for a presentation or certification in the realm of cyber security, you may not be completely perplexed by these acronyms when you come across them and become more familiar with them. For situational purposes, I organized the acronyms into categories where I have seen them used frequently and included related links for each of them.
AAA: Authentication, Authorization, and Accounting. This is a set of actions that enable you to control over who is allowed access to the network, what services they are allowed to use once they have access, and track the services and network resources being accessed.
ACL/tACL/iACL/VACL/PACL: Access Control List. ACLs are used to filter traffic based upon a set of rules that you define. For ACLs listed with a prefix (for example, t=transit, i=infrastructure, V=VLAN (Virtual Local Area Network), P=Port)), these ACLs have special purposes to address a particular need within the network.
FW/NGFW/FWSM/ASASM: Firewall/Next Generation Firewall/Firewall Service Module/Adaptive Security Appliance Services Module. These products provide a set of security features designed to govern the communications via the network. Cisco provides firewall features as a dedicated appliance or hardware module that can be added to a network device such as a router.
IPS: Intrusion Prevention System. Typically, this is a network appliance that is used to examine network traffic for the purposes of protecting against targeted attacks, malware, and application and operating system vulnerabilities. In order to ensure the effectiveness of a Cisco IPS device, it should be maintained using Cisco’s IPS subscription service.
DNSSEC: Domain Name System (DNS) Security Extensions. That’s right, we have an acronym within an acronym. These are the specifications for security characteristics that make it possible to verify the authenticity of information stored in DNS. This validation makes it possible to provide assurances to resolvers that when they request a particular piece of information from the DNS, that they receive the correct information published by the authoritative source. Read More »
Tags: byod security, Cisco Security, cybersecurity, HIPAA Compliance, incident response, MDM, PCI Compliance, pci-dss, security, vulnerability
Continuing the thread from the last blog where I discussed the first HIPAA network consideration, ‘HIPAA Audits will continue’, in this blog I’ll discuss the second network consideration on the list below. Remember, The HIPAA Omnibus Final Rule, released January 2013, introduced some significant changes and updates. The 2012 HIPAA audits concluded with some initial findings released from The Department of Health and Human Services (HHS) Office of Civil Rights (OCR). These two events may impact how you govern your internal organization and network for patient privacy and protection of PHI. The deadline for compliance with the updates to the HIPAA Omnibus Final Rule is September 23, 2013.
Read More »
Tags: Audit Program Protocol, healthcare, HIPAA, PCI Compliance
The HIPAA Omnibus Final Rule, released January 2013, introduced some significant changes and updates. The 2012 HIPAA audits, performed by KPMG, concluded with some initial findings released by the Department of Health and Human Services (HHS) Office of Civil Rights, OCR. These two events may impact how you govern your internal organization and network for patient privacy and protection of PHI.
Here are nine network considerations to address in the new HIPAA landscape. I will discuss the first consideration in this blog.
- HIPAA Audits will continue
- The HIPAA Audit Protocol and NIST 800-66 are your best preparation
- Knowledge is a powerful weapon―know where your PHI is
- Ignorance is not bliss
- Risk Assessment drives your baseline
- Risk Management is continuous
- Security best practices are essential
- Breach discovery times: know your discovery tolerance
- Your business associate(s)must be tracked
Read More »
Tags: healthcare, HIPAA, PCI Compliance
Last week, we sat down with Bart McGlothin and Christian Janoff from Cisco’s security team to discuss PCI Security for Retail to better understand “What is PCI Compliance?” and “How does that affect Retailers?”
As a quick re-cap: PCI Compliance is a 12-step process to secure credit cards. Any retailer that accepts credit card payments must be “PCI Compliant” (i.e., follow those 12 steps). Compliance is enforced by the Retailer’s acquiring bank (the financial institution that processes the credit card payments for the Retailer).
Q. So, we know that Retailers need to be PCI Compliant. How can Cisco help?
A. Cisco has a PCI design and implementation guide for merchants to use. It really stands alone in the industry because it provides holistic guidance in three key ways:
Read More »
Tags: Cisco, payment card industry, Payment Card Industry Data Security, PCI Compliance, retail, retailing
A common perception is that there is a difference between being secure and being compliant. A Verizon analysis on cybercrime reported that cyber-attacks on Retailers are increasing and becoming streamlined and automated. According to the 2012 Verizon PCI compliance report, “97% of breaches were avoidable through simple or intermediate controls”. How does a Retailer protect itself? One method is through PCI Compliance. Does that sound contradictory to that common perception?
Join Cisco on April 16th, 2013 10:00am PT for a webcast on PCI compliance and security with guests from Ponemon Institute, Verizon Business and PCI Security Standards Council.
As part of the planning of the webcast, we sat down with Bart McGlothin and Christian Janoff from Cisco’s security team to discuss PCI compliance and security for retail and get some answers. Here’s what we learned:
Read More »
Tags: Cisco, payment card industry, PCI Compliance, Ponemon, Verizon Busines