AKIBIA'S PRACTICAL GUIDE TO ENTERPRISE TECHNOLOGY

Entries with Label: Tim Trow

HIPAA Revitalized in 2009 and Beyond

Friday, March 13, 2009

It’s been a few years since the Health Insurance Portability and Accountability Act of 1996 (HIPAA) came into effect and since then there seems to have been a “gliding along” approach. Many health organizations are now either compliant or at least feel like they have a grasp on HIPPA privacy and security safeguards and what they all mean. The challenge for organizations has always been “how to” protect Personally Identifiable Information (PII) in both paper and electronic form. HIPAA has often been labeled somewhat ambiguous and enforcement is not always forthcoming. HIPAA has also been overshadowed somewhat by other compliance and regulatory advances by the government and private industry.

Read Full Article »

PCI DSS v1.2 and its Requirement from WEP to WPA Wireless Encryption

Wednesday, May 06, 2009

Although PCI SSC changed the wireless security standards 6 months ago with the release of PCI DSS v1.2, many merchants are still using WEP in the storage, processing or transmission of credit card information.

Read Full Article »

The Checklist Approach to IT Security is Failing You

Monday, May 18, 2009

In the past few weeks I have spoken to a number of companies about IT security, and a familiar theme has emerged – too many companies lack a sound framework for overall IT security. Instead many companies are overly focused on completing a check list – firewall, encryption, PCI compliance.

Read Full Article »

Health Providers Beware of the New HITECH Act

Friday, June 18, 2010

The Health Information Technology for Economic and Clinical Health Act, or more commonly known as the HITECH Act, is part of the American Recovery and Reinvestment Act of 2009. This act appears to put some teeth into the HIPAA regulation of 1996. The HITECH Act wants to provide some general and specific incentives for companies to adopt the electronic health record (EHR) systems for health organizations. With these incentives also comes greater increased privacy and security protections for consumers and potential increased liability for those that are not in compliance.

Read Full Article »

P3 Cubed: Focus on the Basics

Monday, January 17, 2011

One of the most significant areas of technical concern in the area of information security and assurance is what we have come to call the three P’s - Passwords, Patching and Ports.

Read Full Article »

Tim is a Senior Security Consultant at Akibia

P3 Cubed: Focus on the Basics Part II

Wednesday, January 19, 2011

Continuing from the previous discussion on the most signifcant areas of technical concern in the area of information security and assurance and the three P’s - Passwords, Patching and Ports, let’s talk next about Patching.

Read Full Article »

Tim is a Senior Security Consultant at Akibia

P3 Cubed: Focus on the Basics Part III

Thursday, January 20, 2011

From my previous discussions on the three P’s - Passwords, Patching and Ports, let’s talk finally about Ports.

Read Full Article »

Tim is a Senior Security Consultant at Akibia

You can outsource the work, but not the responsibility

Tuesday, February 01, 2011

Many organizations are under the impression that if they outsource their credit card transactions, then they are not responsible for their PCI compliance. While this may minimize the scope of the PCI environment, it does not alleviate the responsibility for their PCI compliance.

Read Full Article »

Dennis Thrift is Product Champion - Compliance & Risk at Akibia and Tim Trow is Senior Security Consultant at Akibia

The Softer Side of Information Security…

Thursday, June 30, 2011

I recently went to a presentation at Norwich University in Vermont. Tom Peters was the speaker...

Read Full Article »

Tim Trow is a Senior Consultant at Akibia.

Keep living in a fantasy world…

Monday, July 11, 2011

It will never happen to us. We know what we are doing. We are too small to be a target. Besides, we have a firewall, intrusion detection system and some really talented people in place to protect us from these so-called hackers. We are good. Technology always works and we just let it sit and run. We are good to go! Think again my friends.

Read Full Article »

Tim Trow is a Senior Consultant at Akibia.

Too Extreme? I don’t think so. Tying security to compensation.

Monday, August 08, 2011

A colleague of mine recently posted a blog about the Black Hats getting the job done and rightfully so. Hackers have been pillaging the countryside lately. How many company compromises have there been over the last 3 months? More than there should be!

Read Full Article »

Tim Trow is a Senior Consultant at Akibia.

Has it really come down to a bag of chips?

Tuesday, September 20, 2011

A recent vendor machine company had some of its POS systems compromised at waterparks in Wisconsin and Tennessee. This was a major breach…up to 40,000! Go figure. People can’t even buy some snacks or what not from a vending machine without having their credit card information compromised.

Read Full Article »

Tim Trow is a Senior Consultant at Akibia.

Plans are nothing; planning is everything

Monday, October 17, 2011

I think Eisenhower said it best when it comes to plans and planning. I think this also holds true for Business Continuity and Disaster Recovery planning.

Read Full Article »

Tim Trow is a Senior Security Consultant at Akibia.

BLOG ARCHIVE

• 2011 (29)
  • December (1)
    • Is Employee Cybershopping Threatening Your Company's Security?
  • October (1)
    • Plans are nothing; planning is everything
  • September (1)
    • Has it really come down to a bag of chips?
  • August (6)
    • Modernization is The Key
    • VRM (Vendor Relationship Management)
    • The Double Dip Recession is Coming!
    • Security Faux Pas
    • Too Extreme? I don’t think so. Tying security to compensation.
    • Unique Requirements for Exchange 2010 Based Messaging Platform and Dependencies
  • July (2)
    • Configuration Management with System Center
    • Keep living in a fantasy world…
  • June (7)
    • The Softer Side of Information Security…
    • The Black Hats Get It. Do you?
    • More from midTECH
    • midTECH IT Summit
    • Advances and Limitations of Windows DHCP/DNS Services
    • Choosing the Right Consultant
    • Don't Panic Yet
  • May (3)
    • Citrix Synergy 2011
    • Citrix Summit 2011 - Day 1
    • Federal FISMA Compliance Rated "Poor"
  • April (1)
    • First Time Offshoring?
  • March (3)
    • AFCOM Data Center World - Day 2
    • AFCOM Data Center World - Day 1
    • RSA SecurID Breach: Are Your Tokens Safe?
  • February (1)
    • You can outsource the work, but not the responsibility
  • January (3)
    • P3 Cubed: Focus on the Basics Part III
    • P3 Cubed: Focus on the Basics Part II
    • P3 Cubed: Focus on the Basics
• 2010 (19)
  • December (1)
    • The Next Generation of Smartphones in the Enterprise
  • October (1)
    • How to Ensure a Successful Monitoring Implementation
  • September (2)
    • Too Many Requirements; How One VP of IT Handles It
    • The Missing Link
  • August (2)
    • Informationweek Survey of Sun Customers - Demonstrably Worse Service
    • The Death of Information Security
  • July (1)
    • Moving to Larger Mailbox Sizes with Exchange 2010
  • June (3)
    • Top 10 Features in Exchange 2010 for Users
    • Low Risk Support Alternatives for Cisco End of Life Equipment
    • Health Providers Beware of the New HITECH Act
  • May (1)
    • Compliance and Security Go Hand in Hand – How to Achieve Both
  • April (2)
    • A Boston Globe Article Ignites a Password Controversy - Why We Need Them, How to Make Them Effective
    • Reviewing Oracle's Changes - Has the Sun Set on Sun Systems?
  • March (2)
    • New Requirement - New Fire Drill?
    • Why HP is Worried about TPM's
  • February (1)
    • Has the Sun Set on Flexible Support Options?
  • January (3)
    • You Inherited Your Cisco Infrastructure, But Do You Know Why You are Still Buying It?
    • Your Workers are Surfing While Snacking on a Big Mac - Time to Revisit Managing Your End-Point.
    • Ensuring Security in the Virtualized Environment
• 2009 (34)
  • December (1)
    • Monitoring Via the Cloud
  • November (2)
    • Sun Makes More Changes Amid Uncertainty
    • Sky High Cloud Chatter
  • October (2)
    • Improving Vulnerability and Patch Management
    • A Couple Quick and Easy Green IT Steps
  • September (3)
    • Don’t Put off Until Tomorrow…
    • Boston's Missing Email Case Has Many People Asking Questions about Digital Forensics
    • IT Needs Turbo Compliance
  • August (3)
    • Take Full Advantage of System Monitoring
    • Implement, educate and enforce strict Social Media usage policies – in that order
    • Preparing for a Return to Growth? It’s Not Too Soon to Make Process Improvements
  • July (2)
    • Death by A Thousand Processes: Getting Compliance Right Requires a Change in Thinking
    • Wrest Control of Your Data Center Back From the OEM
  • June (3)
    • Getting Ready for Cloud Computing
    • A Letter to Ralph Szygenda, the CIO of General Motors
    • Lax Web Site Security: The Site Owner's Responsibility
  • May (3)
    • The Checklist Approach to IT Security is Failing You
    • Financial Strength of Your Vendors…Show Me the Money!
    • PCI DSS v1.2 and its Requirement from WEP to WPA Wireless Encryption
  • April (4)
    • The Near-Term Impact of Oracle Buying Sun
    • On the Path to the Cloud... Walk Before You Run
    • CIOs Need to Manage Up, Broadcast Successes
    • Consolidate Support Vendors?
  • March (4)
    • A Potential Sun Acquisition - Impact on Service
    • April 14 is Decision Day for Those Running Microsoft Exchange 2003
    • HIPAA Revitalized in 2009 and Beyond
    • Ten Steps for the Mass Data Security Law
  • February (7)
    • Tightening Budgets and Their Impact on IT Security
    • Recent Breaches Remind us to Focus on Security
    • The Training You Need Vs. The Training You Receive
    • Emphasizing Virtualization Security
    • DNS Audits: A Practical Guide
    • Practical Green IT
    • "Practical Use" Fills the Gap Between Idea and Implementation

BLOGS WE LIKE

• CIO - Blogs and Discussion - Best Practices
• InformationWeek’s Global CIO Weblog