IT Compliance – Aegify https://www.aegify.com Comprehensive Security, Risk and Compliance Assurance Solution Mon, 01 Aug 2016 17:24:37 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.3 Sony Pictures Employee Data Breach – Valued lessons for the Digital World https://www.aegify.com/sony-employee-data-breach/ https://www.aegify.com/sony-employee-data-breach/#respond Wed, 28 Jan 2015 11:22:33 +0000 http://www.egestalt.com/blog/?p=918 The modern enterprises with their digital presence handle a variety of digital data from structured data, textual data such as reports, contracts and emails besides technical drawings, and multimedia. The most dangerous threats faced by them today are therefore the leakage of confidential data. Defined as an unauthorized transfer of sensitive data from an organization…

The post Sony Pictures Employee Data Breach – Valued lessons for the Digital World appeared first on Aegify.

]]>
The modern enterprises with their digital presence handle a variety of digital data from structured data, textual data such as reports, contracts and emails besides technical drawings, and multimedia. The most dangerous threats faced by them today are therefore the leakage of confidential data. Defined as an unauthorized transfer of sensitive data from an organization to an unauthorized external destination, data leakage brings with it financial and personal damage.

According to the annual study conducted by Ponemon Institute, the average cost of a compromised customer record can cost the enterprise anywhere from 4 to 156 USD. Further, leaked customer data leads to loss of reputation, customer abandonment and even fines, settlements and compensation fees. While the earlier data breaches at Sony PlayStation compromised 77 million user accounts, the recent one compromised 25 million.

Experts warn Big Businesses to Learn from Sony Pictures ‘Epic Nightmare’ Hack

Enterprises make use of different methods to detect and prevent leakage of each type of data. However, accidents such as that occurred at Sony have caused customers to turn to their competitors. Security experts therefore warn big businesses to learn from the Sony’s ‘Epic Nightmare’ Hack which broke last month when a group operating under the #GOP attempted to blackmail the firm. The cyber criminals hacked into Sony’s computer systems and paralyzed their operations and tapped into their trove of hypersensitive data. As an aftermath was the steady flow of revelations which included top employees’ salaries and nasty emails shared across various sites and lead to the former employees’ suing the company for data breach.

Security experts are of the opinion that enterprises need to invest more in their network security without being too concerned about the costs inferred. For Sony Corp. cleaning up the mess from the latest attack is going to cost millions. Enterprises need to be well prepared to respond to attacks with regular backups. Monitoring network traffic, ensuring use of updated versions of operating systems and applications and use of firewalls will help to protect valuable data. However, with Sony’s case being one wherein the intruders stole more than 25 gigabytes of sensitive data on tens of thousands of Sony employees, including Social Security numbers, medical information, name, location, employee ID, network user name, base salary and date of birth of more than 6,800 individuals. However, the endless leaks and crazy details emerging points to the fact that attacker had gained access to unknown number of internal systems at Sony.

The hack estimated to have cost Sony $100 million was a result of their security loopholes. Vulnerability monitoring and risk assessment have to be continuous. To avoid such situations, enterprises can deploy cloud based solutions for IT security and compliance management, vulnerability analysis and risk management. Aegify, a flagship product effectively addresses risk management, IT security and compliance. Offered as Software-as-a-service, this solution targets small, medium and large enterprises and is an easy-to-use cost-effective solution.

The post Sony Pictures Employee Data Breach – Valued lessons for the Digital World appeared first on Aegify.

]]>
https://www.aegify.com/sony-employee-data-breach/feed/ 0
Saying No to Health Breaches https://www.aegify.com/saying-no-to-health-breaches/ https://www.aegify.com/saying-no-to-health-breaches/#respond Tue, 29 Mar 2011 06:33:14 +0000 http://www.egestalt.com/blog/?p=93 A recent federal list announced that there have been serious health information breaches that affected nearly 8.3 million people since September 2009. With 3 government agencies looking into Heath Net breaches including the case of 9 missing server drives from a California data center that was managed by IBM, the actual gravity of the situation…

The post Saying No to Health Breaches appeared first on Aegify.

]]>
A recent federal list announced that there have been serious health information breaches that affected nearly 8.3 million people since September 2009. With 3 government agencies looking into Heath Net breaches including the case of 9 missing server drives from a California data center that was managed by IBM, the actual gravity of the situation cannot be stressed enough. The Office of Civil Rights that generally adds such breaches to its official list upon confirmation of details has not yet added the Health Net breaches. As per the final version of the breach notification rule, all breaches affecting 500 individuals or more should be reported to OCR including the people who are affected by the breach and this should be done within 60 days.

Over 50% of the major health breaches that have been reported, most of them are concerned with either the loss or the theft of computer devices. This has underlined the need to install encryption security methods to laptops etc. On the other hand the Health Net breach incidents are more focused on ways and means to protect storage media effectively. The OCR is doing its best to get all healthcare providers to abide as per HIPAA / HITECH compliance requirements; in fact it has even requested for increased funding to ensure enhanced enforcement efforts. But the fact still remains that the onus to meet all the compliance measures still rests on the healthcare providers themselves. There is likely to be an addition to the HITECH breach notification rule sometime later this year, which would ensure that all doubts about what kind of security breaches should be reported are all simplified and laid out clearly.

Recently Cignet Health and Massachusetts General Hospital were slapped with severe penalties. Such increasing incidences of security breaches are indeed alarming; small businesses need to equip themselves with a solution that can help them address such breaches efficiently. SecureGRC SB, a solution that is provided on the cloud, can fulfill all HIPAA / HITECH Compliance requirements pertaining to small businesses. With its central repository for all documentation purposes pertaining to HIPAA, it can send reminders to ensure compliance regulations are maintained and can ensure complete maintenance of track records of business associates.

More often than not, small medical healthcare providers cannot meet the expense of costly solutions nor can they obviously pay the hefty penalties for any non-compliance issues. The best option for such businesses is to opt for a unique IT healthcare compliance solution that is not only economical, and accurate, but also assists them in meeting all the healthcare compliance requirements efficiently. And with SecureGRC SB, small healthcare providers can easily say an emphatic no to health breaches!

The post Saying No to Health Breaches appeared first on Aegify.

]]>
https://www.aegify.com/saying-no-to-health-breaches/feed/ 0
Drawing-Out A Strikingly Compliant Role https://www.aegify.com/drawing-out-a-strikingly-compliant-role/ https://www.aegify.com/drawing-out-a-strikingly-compliant-role/#comments Wed, 09 Mar 2011 06:33:04 +0000 http://www.egestalt.com/blog/?p=88 While Cignet is recovering from the shock of $4.3 million fine slapped on it for HIPAA violation, barely two days later, the General Hospital Corporation and Massachusetts General Physicians Organization Inc. or better known as the Mass General gets hit with a  fine of  $1 million penalty for blatant exposure of patients’ records in a…

The post Drawing-Out A Strikingly Compliant Role appeared first on Aegify.

]]>
While Cignet is recovering from the shock of $4.3 million fine slapped on it for HIPAA violation, barely two days later, the General Hospital Corporation and Massachusetts General Physicians Organization Inc. or better known as the Mass General gets hit with a  fine of  $1 million penalty for blatant exposure of patients’ records in a subway train!

Reports of renowned organizations being subjected to steep penalties due to HIPAA violation are becoming regular. These reports have already started creating negative impressions directed at healthcare organizations, and giving patients an opinionated view. The increase in the penalty amount from $25,000 to $1.5 million as per the HITECH Act proves the significance of enforcing stringent measures for patients’ data protection. Yet organizations fail to convey the message effectively to their employees inviting trouble and criticism.

It is time healthcare organizations and providers took impacting decisions to fulfill their responsibilities. If the well-known organizations are capable of such negligence – willful or otherwise, jeopardizing the lives of their patients, then there is very little hope that small medical practices would not falter on this account. In any case it is the lives of the patients that are at stake.

Healthcare organizations need a proactive compliance strategy that can provide compelling solutions to all security related risks. SecureGRC SB is a wise and affordable option that can help organizations deal with all their existing compliance drawbacks. The solutions are cloud-based with real-time information and updates that help keep organizations on their toes.

With SecureGRC SB, the processes are automated, simplified and easily manageable. There is zero confusion and no complications involved in the execution of the process thus helping drive compliance smoothly and efficiently. With its commendable tracking and monitoring system it can effectively curb all propensities to overlook any regulations.

This solution is best suited for small medical practices as it keeps them in sync with HIPAA and HITECH regulations. It also ensures that the regulations relevant to business associates are up to date and concurrent with HITECH Compliance standards. It is only when organizations demonstrate a responsible healthcare compliance attitude towards their patients that they can expect a positive trend for mending and uplifting their battered reputation. With SecureGRC SB we can expect that trend soon, thus providing organizations relief from penalties and assuring patients sanctity of personal information.

The post Drawing-Out A Strikingly Compliant Role appeared first on Aegify.

]]>
https://www.aegify.com/drawing-out-a-strikingly-compliant-role/feed/ 8
A Wake-Up Call for IT Security: Are Your Compliance Practices Fit for the Test? https://www.aegify.com/a-wake-up-call-for-it-security-are-your-compliance-practices-fit-for-the-test/ https://www.aegify.com/a-wake-up-call-for-it-security-are-your-compliance-practices-fit-for-the-test/#comments Mon, 22 Nov 2010 11:30:51 +0000 http://www.egestalt.com/blog/?p=67 The present IT environment is complex in nature, and much more than a handful of technical people operating and controlling systems with a few virus prevention tools. The complexity has increased manifold with a growing number of security threats being identified everyday. The security of confidential data is under question with potential risks from malicious…

The post A Wake-Up Call for IT Security: Are Your Compliance Practices Fit for the Test? appeared first on Aegify.

]]>
The present IT environment is complex in nature, and much more than a handful of technical people operating and controlling systems with a few virus prevention tools. The complexity has increased manifold with a growing number of security threats being identified everyday. The security of confidential data is under question with potential risks from malicious attacks that could affect the very survival of a business. As per a report from IBM, security issues have increased by 36% this year.

Timely Recognition of Long-Term Risks

Security cannot merely be defined in terms of Trojans, viruses or spam eagerly waiting to enter and incapacitate the central IT nervous system of an organization. Even the careless attitude of employees can cause security breaches within the network, and intentional attempts like hacking or willful destruction of critical data also cannot be ignored. In order to deal with this growing concern, you require automated IT Compliance software that can provide you with robust, end-to-end integration solutions.

Many organizations fail to enforce a compelling security environment that is in alignment with the business goals. The alarming rate at which these security threats are increasing is an indication that you need result-oriented techniques to help overcome this problem. The answer lies in an automated and integrated solution that can handle all IT risk management issues, and carry out overall effective corporate governance.

Intensifying the IT Environment with Cognitive Security Parameters

A cloud-based model capable of providing unified governance risk and compliance management solutions can help crack down potential threats, and can provide a remarkably safe IT environment. The solution contains a centralized repository for all compliance-based organizational data, and it considerably reduces the total cost of ownership due to its SaaS-based model.

It helps monitor and enforce the best regulatory standards and practices without delay. Due to its integrating feature, the time required for compliance is minimal, and the process is simple. Such an integrated compliance solution, addresses all vulnerability management solution needs by performing comprehensive scanning procedures, scheduling audits and providing exhaustive audit log trails for all compliance related tasks, so that compliance gaps can be bridged promptly with corrective measures. It also provides a complete report of compliance statistics which in turn helps identify your compliance status.

The aim of a capable IT security solution is to provide a set of comprehensive features, with solutions for effective threat management. Its main objective is to resolve issues concerning data leakage, insider threats, intrusion detection, and verification of controls. Therefore, with an integrated, comprehensive security solution, enterprises can ensure a healthier and safer IT environment.

The post A Wake-Up Call for IT Security: Are Your Compliance Practices Fit for the Test? appeared first on Aegify.

]]>
https://www.aegify.com/a-wake-up-call-for-it-security-are-your-compliance-practices-fit-for-the-test/feed/ 1
Best Practices for Threat management https://www.aegify.com/best-practices-for-threat-management/ https://www.aegify.com/best-practices-for-threat-management/#comments Mon, 22 Nov 2010 11:28:30 +0000 http://www.egestalt.com/blog/?p=65 ‘Cyber security threats’ is now the core topic of discussion amongst enterprises and will continue to be in the coming years. This is because security concerns have assumed unimaginable dimensions in the past years, posing a major challenge to the survival of businesses. Hence enterprises are now focusing more on curbing threats and making their…

The post Best Practices for Threat management appeared first on Aegify.

]]>
‘Cyber security threats’ is now the core topic of discussion amongst enterprises and will continue to be in the coming years. This is because security concerns have assumed unimaginable dimensions in the past years, posing a major challenge to the survival of businesses. Hence enterprises are now focusing more on curbing threats and making their business environment more secure and compliant.

Get cracking; threats are real!

Threats to systems and networks worldwide have been on the rise. For instance, the blaster worm in 2009 managed to shut down close to 120,000 systems in just 3 minutes, ensuring that networks across the world were affected. In another such attack, the Slammer worm infected nearly 55 million hosts per second in just 11 minutes. Susceptibilities in enterprise systems and the perpetrators of such actions are increasing globally, and IT organizations are more and more vulnerable to these attacks.

Be it internal or external, security threats can cause not just financial losses, but can also tarnish the image of an enterprise. Hence threat management has to take precedence over other activities. Enterprises should therefore follow best practices and invest in the best solutions to manage security threats effectively.

What are the best practices for effective threat management?

Managing threats is not an easy task, especially because enterprises today want their threat management efforts to coincide with compliance management as well. So an ideal threat management solution should essentially:

  • Crack multiple data-centric information security challenges
  • Decipher and detect in real-time advanced persistent and pervasive threats
  • Detect automatically for any kind of data leakages
  • Search for insider threats
  • Provide detailed malware analysis
  • Undertake continuous and automatic controls verification including e-discovery
  • Deliver a holistic solution for both security as well as for IT- Governance and Risk Compliance that can be easily monitored through an integrated dashboard
  • Provide an end-to-end automatic enterprise security solution that is all encompassing for compliance, audit and risk management needs.
  • Swiftly update software with latest information
  • Stay ahead of potential threats
  • Thwart threats at their source

A company’s network, its information systems, databases, and processes are essentially its backbone. Hence, they must be made secure from threats, both internal and external. Therefore, deploying the right threat management system can prevent data breach and safeguard the company’s networks, systems and assets.

The post Best Practices for Threat management appeared first on Aegify.

]]>
https://www.aegify.com/best-practices-for-threat-management/feed/ 2
Is Your File Data at Risk? https://www.aegify.com/is-your-file-data-at-risk/ https://www.aegify.com/is-your-file-data-at-risk/#respond Mon, 11 Oct 2010 12:11:46 +0000 http://www.egestalt.com/blog/?p=61 According to market analyst firm IDC, file data accounts for nearly 80% of business data and has been growing at a rate of 60% every year. With such overwhelming growth in the volume of sensitive data files, persistent insider threats and complex regulatory mandates for data protection, there is immense pressure on organizations to secure…

The post Is Your File Data at Risk? appeared first on Aegify.

]]>
According to market analyst firm IDC, file data accounts for nearly 80% of business data and has been growing at a rate of 60% every year. With such overwhelming growth in the volume of sensitive data files, persistent insider threats and complex regulatory mandates for data protection, there is immense pressure on organizations to secure confidential data. Also, conventional file security approaches have failed in providing complete protection, as these methods have several limitations.

More often than not, organizations are unable to handle data security challenges because they are mostly unaware of the status of their file data security. And hence, assessing the file security posture of your organization is crucial in overcoming data security issues. Here are some questions that can help you assess the data security posture in your company:

  1. 1. Who controls/owns file data? The critical nature of data and its relevance to the business is often best understood by data owners. Hence they are responsible for protecting file data. But if your organization is unable to specifically identify data owners, then it is an indication that your file data might be at risk. On the other hand, if you have a clear idea of who your data owners are, it is easier to ensure that they work with other groups responsible for compliance and data security.
  1. 2. Who is accessing your data? To efficiently keep track of who is using the data and for what purpose, auditing is a prerequisite. An audit log can establish who the data owner is, who has access to file data, when or how frequently they access sensitive data, etc.  Audit logs also help identify security lapses and the reasons for these lapses. Hence, if your organization does not have a continuous auditing trail, your file data is at high risk.
  1. 3. Who has file access rights? Many security regulations require organizations to have clear visibility of file access rights. While this is a best practice to ensure data security, it is also essential to demonstrate compliance and reconsider or remediate excessive access. Your organization should therefore be able to monitor and report data access rights on an ongoing basis in order to prevent security breaches.
  1. 4. Do you know when there is a policy violation? Several organizations give excessive access rights, but do not review these rights periodically. If your organization is one of them, then your data is at risk. Access rights review cycles are very important as they help identify policy violations. By thoroughly analyzing access rights and file access activity, you can easily determine whether a violation has taken place. If this process is automated, problems can be detected and addressed as soon as the violation occurs.

While IT compliance mandates and data security concerns can be very challenging, you can effectively overcome these challenges by addressing the above questions. It is also a good idea to opt for integrated solutions for file activity monitoring, rights access, user rights management and compliance management. Such a solution can not only help address the above questions but also provide a comprehensive system of IT security and governance.

The post Is Your File Data at Risk? appeared first on Aegify.

]]>
https://www.aegify.com/is-your-file-data-at-risk/feed/ 0