Rarely a week goes by that we don’t hear of a database compromise that results in confidential data—many times consisting of personally identifiable information (PII)—falling into the hands of those who should not have access to the data. Protection of our PII is becoming increasingly critical as more and more information is collected and stored through the use of Internet-enabled devices.
The following is an excerpt from a recent post by Patrick Finn, Senior Vice President of Cisco’s U.S. Public Sector Organization, that focuses on the threat of data breaches impacting government organizations and provides some guidelines for how these organizations can assess and remediate these threats.
“Cyber crimes, cyber thievery, and cyber warfare have become an everyday reality. In fact, security breaches are so prevalent that, according to a new study from the National Cyber Security Alliance and a private sector firm, 26 percent of Americans have been the victims of a data breach in the past 12 months alone. Not only do breaches reduce citizens’ trust in government to protect their confidential data, they also cost government agencies a significant amount of money. For most CIOs and other government keepers of data, these statistics prompt one immediate question – “Can this happen to us?” Unfortunately, the answer to this question is: yes, it can.”
For more on this topic please visit Patrick Finn’s entire post over on the Cisco Government Blog.
Tags: byod, cybersecurity, data breach, govtech, mobile security, security
Science, technology, engineering and math (STEM) fields are critical to innovation and the continued development of the U.S. economy. However, trends are showing that while there are and will continue to be plenty of jobs in these fields, many students are unprepared or lack the desire necessary for employers of the future to fill these jobs effectively.
In order to get more students interested in STEM, it is imperative that they learn through hands-on training, mentoring and demonstrations early in their education. In her latest blog, Amanda Williams, Community Relations Manager at Cisco, describes the importance of getting students physically involved in STEM to spark an interest for the future. Through the launch of the Cisco US2020 STEM mentoring initiative, Cisco employees are able work with students from various schools around the U.S. The students participate in activities such as robot building, engineering demos of circuit building, 3D printing, and pedal-a-watt to make a phone ring. Through this program, we are able to get students excited about the opportunities to learn more about STEM fields.
While we still have a long road ahead of us when it comes to preparing and inspiring a future generation of STEM innovators, it’s encouraging to see students enjoying the learning process this new initiative provides. Read More »
Tags: Cisco, Cisco CSR, collaboration, corporate social responsibility, CSR, education, employee engagement, mentor, security, stem, US2020, volunteer
Cyber Crime: Identifying the Sources of an Everyday Threat
Cyber crimes, cyber thievery, and cyber warfare have become an everyday reality. In fact, security breaches are so prevalent that, according to a new study from the National Cyber Security Alliance and a private sector firm, 26 percent of Americans have been the victims of a data breach in the past 12 months alone. Not only do breaches reduce citizens’ trust in government to protect their confidential data, they also cost government agencies a significant amount of money. For most CIOs and other government keepers of data, these statistics prompt one immediate question – “Can this happen to us?” Unfortunately, the answer to this question is: yes, it can. Read More »
Tags: byod, cyber, cybersecurity, govtech, mobile work exchange, mobility, mobilometer, NCSAM, security
The Internet of Everything will connect 50 billion things by 2020.
Your midsize business needs to stay ahead of potential security risks.
Are you ready?
Previously, I wrote about the importance of driving success for midsize businesses. Today I am focusing on security and BYOD for midsize companies.
Are you fully aware of all of the people and devices on your network? Has your business begun implementing BYOD? Read More »
Tags: byod, byod security, Internet of Everything, IoE, midsize business, midsize business solutions, security
The HIPAA Omnibus Final Rule is now in effect and audits will continue in 2014. At the HIMSS Privacy and Security Forum in Boston on Sept. 23, Leon Rodriguez, director of the Department of Health and Human Services’ Office for Civil Rights said to those who are wondering how the new rule will be enforced: “You’ll see a picture of where we’ll spend our energies” based on previous enforcement actions. Enforcement actions to date have focused on cases involving major security failures, where a breach incident led to investigations that revealed larger systemic issues, Rodriguez said.
On our list of 9 HIPAA Network Considerations, it is timely that our topic in this blog is on #7, Security best practices are essential.
- HIPAA Audits will continue
- The HIPAA Audit Protocol and NIST 800-66 are your best preparation
- Knowledge is a powerful weapon―know where your PHI is
- Ignorance is not bliss
- Risk Assessment drives your baseline
- Risk Management is continuous
- Security best practices are essential
- Breach discovery times: know your discovery tolerance
- Your business associate(s)must be tracked
The general rule for the HIPAA Security Rule is to ensure the confidentiality, integrity, and availability of ePHI that is created, received, maintained, or transmitted [45 CFR 164.306(a)]. Protect against threats to PHI. That relates directly to network security best practices. In the 2012 HIPAA audits, security had more than its share of findings and observations, accounting for 60% of the HIPAA audit findings and observations, even though the Security Rule accounted for only 28% of the audit questions. At the NIST OCR Conference in May, OCR presented the summary below.
Read More »
Tags: healthcare, HIPAA, PCI Compliance, security