Risk – Aegify https://www.aegify.com Comprehensive Security, Risk and Compliance Assurance Solution Wed, 05 Jan 2011 09:58:06 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.3 Federal Health Care Reform- What they Mean to Public CIOs https://www.aegify.com/federal-health-care-reform-what-they-mean-to-public-cios/ https://www.aegify.com/federal-health-care-reform-what-they-mean-to-public-cios/#comments Wed, 05 Jan 2011 09:58:06 +0000 http://www.egestalt.com/blog/?p=74 The technological implications of the Federal Health Care Reform are now becoming obvious, and states are beginning to confront the burden of implementing these changes. While extending health insurance to an additional 32 million Americans presents great opportunities for the state government, it also brings with it, big risks. And these risks are mainly associated…

The post Federal Health Care Reform- What they Mean to Public CIOs appeared first on Aegify.

]]>
The technological implications of the Federal Health Care Reform are now becoming obvious, and states are beginning to confront the burden of implementing these changes. While extending health insurance to an additional 32 million Americans presents great opportunities for the state government, it also brings with it, big risks. And these risks are mainly associated with the federal government not willing to put money into upgrading IT systems. However, since using technology is fundamental to long-term viability of the healthcare reform, tackling risks inherent to state health IT Compliance efforts may be a huge challenge.

All this boils down to the fact that there is growing pressure on public CIOs (Chief Information Officers), who now have added responsibilities. Analysts and consultants are of the opinion that it is critical for state CIOs to be involved in health IT policy issues, and also be more knowledgeable and familiar with issues related to the governance of Health Information Exchange (HIE). They should also be aware of how telehealth and HIE investments can impact Medicaid costs, and should be able to coordinate between Medicaid, the Children’s Health Insurance Program, and planned HIEs.

Hence there is a need to recreate or revamp IT infrastructure to prepare for huge numbers of Medicaid enrollments in the coming years, and this has added to the growing anxiety of public CIOs. However, upgrading information systems to these changing needs is a challenge in itself, because of the high cost of most IT applications.

Also, there has been growing reliance on IT in the healthcare industry, and rapid adoption of Electronic Medical Records (EMR), which have made it essential to ensure safe handling of sensitive data. And in addition to this, the Health Information Technology for Economic and Clinical Health (HITECH) Act has also renewed focus on HIPAA Compliance. Hence, safeguarding medical records and preventing unauthorized access to patient records have been of high priority lately.

So public CIOs are now taking an objective look at how statewide health systems can be made more efficient. One way of dealing with this would be to adopt services hosted in the cloud, instead of using traditional methods, which involve procuring and managing IT systems. While on the one hand cloud-based services provide an opportunity for rapid deployment and greater interoperability, on the other, they are highly cost-effective. And with state budgets being cut, cloud-based solutions can prove much safer than traditional systems.

The post Federal Health Care Reform- What they Mean to Public CIOs appeared first on Aegify.

]]>
https://www.aegify.com/federal-health-care-reform-what-they-mean-to-public-cios/feed/ 1
7 Facilities in California Fined for Privacy Breaches https://www.aegify.com/7-facilities-in-california-fined-for-privacy-breaches/ https://www.aegify.com/7-facilities-in-california-fined-for-privacy-breaches/#comments Wed, 08 Dec 2010 03:49:27 +0000 http://www.egestalt.com/blog/?p=70 Privacy protection is a growing concern for organizations despite stringent laws governing data security. Medical institutions especially are experiencing challenges in safeguarding patient information. A number of data breaches have been reported in the HIPAA healthcare industry so far. And the most recent addition to this is six hospitals and a nursing home being fined…

The post 7 Facilities in California Fined for Privacy Breaches appeared first on Aegify.

]]>
Privacy protection is a growing concern for organizations despite stringent laws governing data security. Medical institutions especially are experiencing challenges in safeguarding patient information. A number of data breaches have been reported in the HIPAA healthcare industry so far. And the most recent addition to this is six hospitals and a nursing home being fined by the California Department of Public Health, for failing to prevent unauthorized access to patient data. The total fine amount adds up to $792,500.

Kern Medical Center in Bakersfield faced the largest civil penalty of $250,000 for losing 596 patient records, and an additional fine of $60,000 for allowing two employees to access and disclose a patient’s medical record on three occasions.

In a similar breach, Pacific Hospital in Long Beach was fined $225,000 after an employee admitted to memorizing personal information of nine patients, and setting up fake Verizon accounts using their information.

The state of California has the toughest privacy laws in the country with high penalties for data breaches. And Kaiser Permanente’s Bellflower Hospital was the first to be issued penalty under the state law enacted in 2008 for patient protection. The institution was fined $437,500 for failing to prevent unauthorized access to medical records of Nadya Suleman.

In all these incidents employees have been identified as the main cause for the breach. However, these institutions are also equally responsible for not being proactive in identifying and curbing insider threats. These incidents re-emphasize the need for an efficient security solution with effective threat management capabilities that can not only prevent such breaches in future, but also ensure a more secure data management process.

The post 7 Facilities in California Fined for Privacy Breaches appeared first on Aegify.

]]>
https://www.aegify.com/7-facilities-in-california-fined-for-privacy-breaches/feed/ 3
A Wake-Up Call for IT Security: Are Your Compliance Practices Fit for the Test? https://www.aegify.com/a-wake-up-call-for-it-security-are-your-compliance-practices-fit-for-the-test/ https://www.aegify.com/a-wake-up-call-for-it-security-are-your-compliance-practices-fit-for-the-test/#comments Mon, 22 Nov 2010 11:30:51 +0000 http://www.egestalt.com/blog/?p=67 The present IT environment is complex in nature, and much more than a handful of technical people operating and controlling systems with a few virus prevention tools. The complexity has increased manifold with a growing number of security threats being identified everyday. The security of confidential data is under question with potential risks from malicious…

The post A Wake-Up Call for IT Security: Are Your Compliance Practices Fit for the Test? appeared first on Aegify.

]]>
The present IT environment is complex in nature, and much more than a handful of technical people operating and controlling systems with a few virus prevention tools. The complexity has increased manifold with a growing number of security threats being identified everyday. The security of confidential data is under question with potential risks from malicious attacks that could affect the very survival of a business. As per a report from IBM, security issues have increased by 36% this year.

Timely Recognition of Long-Term Risks

Security cannot merely be defined in terms of Trojans, viruses or spam eagerly waiting to enter and incapacitate the central IT nervous system of an organization. Even the careless attitude of employees can cause security breaches within the network, and intentional attempts like hacking or willful destruction of critical data also cannot be ignored. In order to deal with this growing concern, you require automated IT Compliance software that can provide you with robust, end-to-end integration solutions.

Many organizations fail to enforce a compelling security environment that is in alignment with the business goals. The alarming rate at which these security threats are increasing is an indication that you need result-oriented techniques to help overcome this problem. The answer lies in an automated and integrated solution that can handle all IT risk management issues, and carry out overall effective corporate governance.

Intensifying the IT Environment with Cognitive Security Parameters

A cloud-based model capable of providing unified governance risk and compliance management solutions can help crack down potential threats, and can provide a remarkably safe IT environment. The solution contains a centralized repository for all compliance-based organizational data, and it considerably reduces the total cost of ownership due to its SaaS-based model.

It helps monitor and enforce the best regulatory standards and practices without delay. Due to its integrating feature, the time required for compliance is minimal, and the process is simple. Such an integrated compliance solution, addresses all vulnerability management solution needs by performing comprehensive scanning procedures, scheduling audits and providing exhaustive audit log trails for all compliance related tasks, so that compliance gaps can be bridged promptly with corrective measures. It also provides a complete report of compliance statistics which in turn helps identify your compliance status.

The aim of a capable IT security solution is to provide a set of comprehensive features, with solutions for effective threat management. Its main objective is to resolve issues concerning data leakage, insider threats, intrusion detection, and verification of controls. Therefore, with an integrated, comprehensive security solution, enterprises can ensure a healthier and safer IT environment.

The post A Wake-Up Call for IT Security: Are Your Compliance Practices Fit for the Test? appeared first on Aegify.

]]>
https://www.aegify.com/a-wake-up-call-for-it-security-are-your-compliance-practices-fit-for-the-test/feed/ 1
Best Practices for Threat management https://www.aegify.com/best-practices-for-threat-management/ https://www.aegify.com/best-practices-for-threat-management/#comments Mon, 22 Nov 2010 11:28:30 +0000 http://www.egestalt.com/blog/?p=65 ‘Cyber security threats’ is now the core topic of discussion amongst enterprises and will continue to be in the coming years. This is because security concerns have assumed unimaginable dimensions in the past years, posing a major challenge to the survival of businesses. Hence enterprises are now focusing more on curbing threats and making their…

The post Best Practices for Threat management appeared first on Aegify.

]]>
‘Cyber security threats’ is now the core topic of discussion amongst enterprises and will continue to be in the coming years. This is because security concerns have assumed unimaginable dimensions in the past years, posing a major challenge to the survival of businesses. Hence enterprises are now focusing more on curbing threats and making their business environment more secure and compliant.

Get cracking; threats are real!

Threats to systems and networks worldwide have been on the rise. For instance, the blaster worm in 2009 managed to shut down close to 120,000 systems in just 3 minutes, ensuring that networks across the world were affected. In another such attack, the Slammer worm infected nearly 55 million hosts per second in just 11 minutes. Susceptibilities in enterprise systems and the perpetrators of such actions are increasing globally, and IT organizations are more and more vulnerable to these attacks.

Be it internal or external, security threats can cause not just financial losses, but can also tarnish the image of an enterprise. Hence threat management has to take precedence over other activities. Enterprises should therefore follow best practices and invest in the best solutions to manage security threats effectively.

What are the best practices for effective threat management?

Managing threats is not an easy task, especially because enterprises today want their threat management efforts to coincide with compliance management as well. So an ideal threat management solution should essentially:

  • Crack multiple data-centric information security challenges
  • Decipher and detect in real-time advanced persistent and pervasive threats
  • Detect automatically for any kind of data leakages
  • Search for insider threats
  • Provide detailed malware analysis
  • Undertake continuous and automatic controls verification including e-discovery
  • Deliver a holistic solution for both security as well as for IT- Governance and Risk Compliance that can be easily monitored through an integrated dashboard
  • Provide an end-to-end automatic enterprise security solution that is all encompassing for compliance, audit and risk management needs.
  • Swiftly update software with latest information
  • Stay ahead of potential threats
  • Thwart threats at their source

A company’s network, its information systems, databases, and processes are essentially its backbone. Hence, they must be made secure from threats, both internal and external. Therefore, deploying the right threat management system can prevent data breach and safeguard the company’s networks, systems and assets.

The post Best Practices for Threat management appeared first on Aegify.

]]>
https://www.aegify.com/best-practices-for-threat-management/feed/ 2
Common Attack Techniques – In an Era of Industrialized Hacking https://www.aegify.com/common-attack-techniques-in-an-era-of-industrialized-hacking/ https://www.aegify.com/common-attack-techniques-in-an-era-of-industrialized-hacking/#respond Thu, 30 Sep 2010 08:55:10 +0000 http://www.egestalt.com/blog/?p=58 Gone are the days when hackers attacked perimeter defences. Today their objective is to take control of confidential data and the applications which process them. Hacking is now an operation involving global coordination, sophisticated techniques and persistent teamwork. And with clear roles and responsibilities being defined in the community, hacking is now a highly organized,…

The post Common Attack Techniques – In an Era of Industrialized Hacking appeared first on Aegify.

]]>
Gone are the days when hackers attacked perimeter defences. Today their objective is to take control of confidential data and the applications which process them. Hacking is now an operation involving global coordination, sophisticated techniques and persistent teamwork. And with clear roles and responsibilities being defined in the community, hacking is now a highly organized, lucrative industry- whether we like it or not!

Like in any other industry, division of labor and specialization, have taken shape making the hacking industry more structured than ever before. The 3 key players in the hacking community are:

-Researchers: Otherwise known as exploit developers, researchers are not actually involved in exploiting systems, but look for vulnerabilities in frameworks and applications.

-Farmers: These are people who write botnet software to infect systems, and also maintain and increase the presence of botnets in the cyberspace. They probe applications to extract valuable data, execute password attacks, disseminate spam, and distribute malware.

-Dealers: They distribute malicious payloads. They also rent botnets for repeated, persistent attacks or targeted one-time attacks to extract sensitive information.

The sophisticated nature of today’s cyber attacks is a definite product of ‘hacking industrialization’. And the use of advanced hacking techniques has also contributed to a focus shift from stealing personal information and credit card numbers to stealing application credentials, for which 3 attack techniques have been identified as commonly used:

SQL Injections: Data theft is most commonly administered through this technique. IBM reported around 250,000 SQL injection attacks on websites around the world, everyday, between January and June 2009.

Denial of Service: This is an attack which is usually executed by blackmailing application owners to pay a ransom to free their application from an invasion of unwanted traffic.

Business Logic Attacks: In this type of attack, hackers target vulnerabilities in business logic. Unlike attacks targeted at application codes, these attacks often remain undetected. These attacks are not usually apparent and are too diverse to be expressed in vulnerability scanner tests.

These highly advanced security attacks make it increasingly difficult for organizations to fight threats and remain protected. Today, no web application is out of reach of hackers. Attack campaigns are quite common, not only against applications but against any available target. Therefore data protection is a must, and effective vulnerability scanning tools along with application-level security solutions may be very helpful in effective threat management and overall security.

The post Common Attack Techniques – In an Era of Industrialized Hacking appeared first on Aegify.

]]>
https://www.aegify.com/common-attack-techniques-in-an-era-of-industrialized-hacking/feed/ 0
Implications of the ‘Dodd-Frank Wall Street Reform & Consumer Protection Act’, on Data Security https://www.aegify.com/implications-of-the-dodd-frank-wall-street-reform-consumer-protection-act-on-data-security/ https://www.aegify.com/implications-of-the-dodd-frank-wall-street-reform-consumer-protection-act-on-data-security/#respond Thu, 16 Sep 2010 14:41:58 +0000 http://www.egestalt.com/blog/?p=52 While the financial services regulatory reform bill signed into law by President Obama last week will take some time to be put into practice, several industry experts have noted that this extensive legislation holds immense significance for information/ data security. Creation of a new consumer protection agency at the Federal Reserve, provision of new powers…

The post Implications of the ‘Dodd-Frank Wall Street Reform & Consumer Protection Act’, on Data Security appeared first on Aegify.

]]>
While the financial services regulatory reform bill signed into law by President Obama last week will take some time to be put into practice, several industry experts have noted that this extensive legislation holds immense significance for information/ data security.

Creation of a new consumer protection agency at the Federal Reserve, provision of new powers to regulators for safely liquidating failed financial firms, and imposing new guidelines for transparency in the derivatives market, are some of the objectives of ‘The Dodd-Frank Wall Street Reform and Consumer Protection Act’. This law is an outcome of the 2008 banking crisis.

However, there are now mixed opinions about this law, especially with respect to its implication on data/ information security. Protiviti Inc.’s risk and compliance practice director Michael Brauneis noted that the provision in the law for creating a consumer protection agency may lead to a number of data security issues, since it calls for regulations to allow consumers to obtain information about their transactions from financial institutions. This causes a high risk of identity theft, if these financial institutions do not ensure effective controls to check the identity of the person requesting information.

Also, the concept of ‘systemic risk regulator’ meant to gather information from the banking industry to prevent another meltdown can pose serious concerns for overall data management and security. And a report by Delloite LLP on the new financial reform also cites data aggregation and reporting as one of the top implications of the new law.

Therefore, for all those involved in financial services, this regulatory reform is a groundbreaking event and is being described as the biggest since the Great Depression.

With the ever-increasing number of regulatory requirements, IT security has come a long way from being merely an IT-centric control mechanism, to becoming a complete compliance control technique. While the timeline for this law to take effect is long, this is yet another regulation that reinforces the need for secure GRC solutions.

The post Implications of the ‘Dodd-Frank Wall Street Reform & Consumer Protection Act’, on Data Security appeared first on Aegify.

]]>
https://www.aegify.com/implications-of-the-dodd-frank-wall-street-reform-consumer-protection-act-on-data-security/feed/ 0
South Shore Hospital Reports Loss of Confidential Data- 800,000 Private Records at Risk https://www.aegify.com/south-shore-hospital-reports-loss-of-confidential-data-800000-private-records-at-risk/ https://www.aegify.com/south-shore-hospital-reports-loss-of-confidential-data-800000-private-records-at-risk/#comments Mon, 26 Jul 2010 05:17:39 +0000 http://www.egestalt.com/blog/?p=42 Just a week after Health Net faced penalty for a major security breach, another similar incident has been reported by the South Shore Hospital in Weymouth Massachusetts, USA. Authorities say that computer files containing personal information of nearly 800,000 people were lost when they were being shipped to a contractor for destruction. Information on the…

The post South Shore Hospital Reports Loss of Confidential Data- 800,000 Private Records at Risk appeared first on Aegify.

]]>
Just a week after Health Net faced penalty for a major security breach, another similar incident has been reported by the South Shore Hospital in Weymouth Massachusetts, USA. Authorities say that computer files containing personal information of nearly 800,000 people were lost when they were being shipped to a contractor for destruction.

Information on the files included people’s names, addresses, phone numbers, birth dates, social security numbers, driver’s license numbers, medical record numbers, patient numbers, health plan information, dates of service, and information on diagnoses and treatments. It had data on patients, employees, doctors, volunteers, donors, vendors, and other business partners and covered records over a 14-year time span.

The growing frequency of these incidents only reinforces the pressing need to secure end-point devices and comply with HIPAA and other regulations. Hospitals and institutions in possession of confidential data should adopt a cloud-based approach to storing records. Only this can help prevent such incidents of massive security breach and data loss.

The post South Shore Hospital Reports Loss of Confidential Data- 800,000 Private Records at Risk appeared first on Aegify.

]]>
https://www.aegify.com/south-shore-hospital-reports-loss-of-confidential-data-800000-private-records-at-risk/feed/ 2
New Security Standard for SMBs to Protect Cardholder Information https://www.aegify.com/new-security-standard-for-smbs-to-protect-cardholder-information/ https://www.aegify.com/new-security-standard-for-smbs-to-protect-cardholder-information/#respond Mon, 05 Jul 2010 03:53:23 +0000 http://www.egestalt.com/blog/?p=32 You must have read the news about a new security standard for SMBs- Visa changes rules for SMBs: be PCI DSS compliant or face penalties– Primarily focusing on safeguarding customers_blank’ confidential data after making payment using a credit card, this new security standard requires SMBs accepting credit/ debit card payments to enroll into the PCI…

The post New Security Standard for SMBs to Protect Cardholder Information appeared first on Aegify.

]]>
You must have read the news about a new security standard for SMBs- Visa changes rules for SMBs: be PCI DSS compliant or face penalties– Primarily focusing on safeguarding customers_blank’ confidential data after making payment using a credit card, this new security standard requires SMBs accepting credit/ debit card payments to enroll into the PCI DSS program or face penal action.

Coming to effect from July 1st 2010, this new standard would mean that SMBs now have a mandate to build secure networks aimed at protecting cardholder information. It prohibits third-party payment software from storing authentication details like the cardholder PIN and Magnetic Stripe. Read more on this in Visa Puts Credit Security on You.

While that is for SMBs, larger enterprises are required to comply with the full version of PCI DSS standard by 30th September. The new standard would now control how cardholder data is stored, processed or transmitted.

With these new requirements, GRC solutions have gained more significance. By using SecureGRCTM, a GRC platform that integrates with the business process, companies can now successfully deal with compliance and risk management.

The post New Security Standard for SMBs to Protect Cardholder Information appeared first on Aegify.

]]>
https://www.aegify.com/new-security-standard-for-smbs-to-protect-cardholder-information/feed/ 0