Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: HIPAA

New Massachusetts Regulation Has Significant Implications for Information Security Professionals

– This year, the Commonwealth of Massachusetts enacted a regulation that prescribes information security policies and practices quite unlike those required in any previous state or federal mandate.  This regulation, 201.CMR 17.00 (Read the full text here), states that “all persons that own,…

The New Identity Theft Red Flags Rule: Does it Raise “Red Flags” for Information Security?

– On May 10, 2006, President Bush signed an Executive Order creating the nation’s “first ever” Identity Theft Task Force.  The purpose of this ad hoc committee, chaired jointly by the Attorney General and by the Chair of the Federal Trade Commission (FTC), was “to help law…

Crossing the Metrics Rubicon: Quest for the Perfect Measurement

– Security metrics represent a great untamed wilderness for organizations trying to determine both their risk profile and the effectiveness of the resources they have allocated to their security program. When I first became a security person after a career managing customer service, finance, and…

Data Classification: Begin With Your Personally Identifiable Information

– Let’s face it: Data classification—despite being an information security “best practice”— is an expensive, time-consuming, labor-intensive task. For those organizations supporting thousands (or even hundreds) of applications and databases, the job of identifying all data elements and…