Is Your Security Risk Assessment (SRA) Valid?

We're often told, "I've done a security risk assessment," or "We had one of those done by a company."  When we ask if they have 1) an SRA report, 2) a risk management plan with prioritized corrective actions, 3) a disaster recovery plan, 4) an emergency response plan, 5) a breach notification plan, 6) current training and in use, 7) current policies and procedures; we get blank stares.  We've also performed SRAs after some of the large, "known" compliance consulting firms have performed an SRA.  What ...

HIMSS 2018 – Take Aways

I attended the national HIMSS 2018 conference in Las Vegas a few weeks ago.  43,000+ roaming loose in Vegas, primarily in a few hotels and the Sands Expo Center.  It was mayhem.  I attended the Cyber Security Symposium all day Monday.  Six sessions focused on cyber security and best practices.  I then attended the keynote speech by Eric Schmidt, the CEO of Alphabet, the parent company of Google. Tuesday was primarily more sessions and a few minutes out in the expo "acres" wandering around trying to ...

Is a new Healthcare Cybersecurity Framework the answer?

The Healthcare Industry Cybersecurity Task Force has asked the U.S. government to create new policies that would help healthcare providers improve their cybersecurity.  You can read about it in this article Cybersecurity task force seeks new security framework, exemption to the Stark law on Modern Healthcare. First let me state, I am all for a Cybersecurity Framework and I appreciate KLAS-CHIME and their work to survey the industry.  They are primarily focusing on the large and very large enterprise h ...