I’ve been in Australia this week visiting customers, speaking at conferences, and meeting with peers and colleagues in the security space. With Australia poised to take the G20 leader’s chair in just over two weeks (December 1, to be specific), my visit here could not have been better timed.
On this tour, I have been appearing with Melissa Hathaway, president of Hathaway Global Strategies, LLC and former White House cyber security chief, as she launches a new study entitled “The Cyber Readiness Index 1.0.” The study looks at the top 35 countries that have embraced Information and Communications Technology (ICT) and the Internet, and then evaluates each country’s maturity and commitment to cyber security across five essential elements that include: national strategy, incident response, e-crime law enforcement, information sharing, and investment in R&D. The study calculates a Cyber Readiness Index (CRI) based on these performance factors.
Read More »
Discovering a breach where ePHI has been stolen certainly falls into the ‘not a good day at work’ category. It can be catastrophic for some, especially if the compromise occurred months ago and wasn’t detected. Or if a 3rd party discovered the breach for you, which occurs more often than we think, 47-51% from 2010 – 2012 based on the Ponemon Institutes 3rd Annual Benchmark Study on Patent Privacy and Data Security.
On our list of 9 HIPAA Network Considerations, we are onto topic #8, Breach discovery times: know your discovery tolerance.
- HIPAA Audits will continue
- The HIPAA Audit Protocol and NIST 800-66 are your best preparation
- Knowledge is a powerful weapon―know where your PHI is
- Ignorance is not bliss
- Risk Assessment drives your baseline
- Risk Management is continuous
- Security best practices are essential
- Breach discovery times: know your discovery tolerance
- Your business associate(s)must be tracked
From the 2013 Verizon Data Breach Investigations Report, two thirds of the compromises were not discovered for months, or longer. What is your tolerance for “not knowing?” Can that discovery time tolerance be justified through reasonable due diligence, or are you back at the “ignorance is bliss” phase (blog #4), which could be interpreted as Willful Neglect in the case of a breach of PHI?
Source: Verizon 2013 Data Breach Investigations Report
Read More »
Tags: healthcare, HIPAA, PCI Compliance, security
When we think of the term “collaboration” we can often get trapped in the cycle of thinking that it only applies to IT departments and the bottom line. However, it’s important to consider how the role of the enterprise is shifting thanks to the consumerization of IT. For example, how can IT leaders satisfy new user demands while unleashing the power of a sound mobile strategy?
With today’s technology-driven global economy, enterprise mobility and collaboration tools need to be about connecting communities, not just companies. Never has there been a time when more business processes extend beyond headquarters. Organizations need to enable all types of connections: From the mobile worker to the teleworker, from other businesses to target consumers, from traditional branch offices to the cloud. This any-to-any type of collaboration is no longer keeping the enterprise at the center. Instead, the future is driven by all types of users.
It’s clear that users expect to collaborate anywhere, on any device, with any workload. They want to collaborate like they’re in the office regardless of their location. IT leaders must keep user demands top-of-mind when working to deploy a BYOD policy. This can create challenges and opportunities in five key areas:
Join the conversation on Twitter, #CiscoYourWay
Read More »
Tags: business collaboration, byod, Cisco, cloud, collaboration, enterprise mobility, mobility, security
Rarely a week goes by that we don’t hear of a database compromise that results in confidential data—many times consisting of personally identifiable information (PII)—falling into the hands of those who should not have access to the data. Protection of our PII is becoming increasingly critical as more and more information is collected and stored through the use of Internet-enabled devices.
The following is an excerpt from a recent post by Patrick Finn, Senior Vice President of Cisco’s U.S. Public Sector Organization, that focuses on the threat of data breaches impacting government organizations and provides some guidelines for how these organizations can assess and remediate these threats.
“Cyber crimes, cyber thievery, and cyber warfare have become an everyday reality. In fact, security breaches are so prevalent that, according to a new study from the National Cyber Security Alliance and a private sector firm, 26 percent of Americans have been the victims of a data breach in the past 12 months alone. Not only do breaches reduce citizens’ trust in government to protect their confidential data, they also cost government agencies a significant amount of money. For most CIOs and other government keepers of data, these statistics prompt one immediate question – “Can this happen to us?” Unfortunately, the answer to this question is: yes, it can.”
For more on this topic please visit Patrick Finn’s entire post over on the Cisco Government Blog.
Tags: byod, cybersecurity, data breach, govtech, mobile security, security
Science, technology, engineering and math (STEM) fields are critical to innovation and the continued development of the U.S. economy. However, trends are showing that while there are and will continue to be plenty of jobs in these fields, many students are unprepared or lack the desire necessary for employers of the future to fill these jobs effectively.
In order to get more students interested in STEM, it is imperative that they learn through hands-on training, mentoring and demonstrations early in their education. In her latest blog, Amanda Williams, Community Relations Manager at Cisco, describes the importance of getting students physically involved in STEM to spark an interest for the future. Through the launch of the Cisco US2020 STEM mentoring initiative, Cisco employees are able work with students from various schools around the U.S. The students participate in activities such as robot building, engineering demos of circuit building, 3D printing, and pedal-a-watt to make a phone ring. Through this program, we are able to get students excited about the opportunities to learn more about STEM fields.
While we still have a long road ahead of us when it comes to preparing and inspiring a future generation of STEM innovators, it’s encouraging to see students enjoying the learning process this new initiative provides. Read More »
Tags: Cisco, Cisco CSR, collaboration, corporate social responsibility, CSR, education, employee engagement, mentor, security, stem, US2020, volunteer