Tag: Assessment

Assessment

Securing Government Systems

A new report released today from the software security firm Veracode contained alarming news about the data security practices of many federal agencies. Veracode’s business is auditing the source code of applications for security vulnerabilities. The report documents 208,670 application scans conducted over 18 months for the company’s private and government customers. An analysis of the prevalence of security issues within software code, the application’s compliance with basic best security standards, and how frequently customers updated or fixed flawed applications are included in the report. The study found that Web applications in use by federal agencies failed to comply with security standards 76 percent of the time. By contrast, financial service companies are in compliance a comforting-only-by-comparison 42 percent of

Read More »
Assessment

HIPAA Audits And Data Security

A random audit program to gauge Phase 2 HIPAA compliance is expected to be underway soon. This round will target business associates, including financial institutions that are typically exempted from HIPAA compliance when they provide what are considered to be typical banking services such as payment processing and credit/loans. But financial institutions that “create, receive, maintain, or transmit” protected health information may now have direct obligations under HIPAA. This round will include both on-site and off-site reviews. Off-Site Audits Off-site audits focus on documentation reviews. These audits typically focus on one of the three mail HIPAA provisions – breach notification, security, or data privacy protocols. Documentation cannot be created after you receive the audit request, so review your policies and

Read More »
Assessment

ARE YOUR EMPLOYEES GIVING AWAY CONFIDENTIAL SECURITY INFORMATION?

A man calls the receptionist at a competitors company and asks for the name of the Sales Manager.  The receptionist says the person you are looking for is Bob Jones.  Later, the man calls back to the same company and says he needs to speak with the IT helpdesk.  When the helpdesk operator answers the man says “Hi, my name is Bob Jones and I seem to have forgotten my new password.  I am on my way to an important meeting can you reset it right away?” In an effort to help the user regain access to the system, the helpdesk operator resets the password and tells the man the new password.  The man then accesses the employee area of

Read More »