Orange County, CA – I just read about a new product announcement, New version of L0phtCrack makes cracking Windows passwords easier than ever. At Alvaka we used to do a hacking demo during a lunch and learn. Rex Frank would usually do the demo by doing a SQL Injection attack and bumping out to the command prompt. From there he would download the SAM (Security Access Manager) file and then use L0phtCrack to decode a password right in front of the eyes of everyone. Nearly everyone was shocked beyond compare. Of course that approach is now a bit dated, but it showed our guests just how vulnerable unpatched and inadequately secured systems can be. From the start of the demo to the revelation of an account password would only take five o
Beware of Jigsaw, the newest ransomware trojan. It does not wait for you to pay a ransom. Within the first 24 hours it deletes files and then accelerates the process exponentially to show you they mean business in the nastiest [...]
Tustin, CA - The most interesting part of this BlueCross BlueShield announcement is not that they found the breach on August 5th. What is interesting when you read further into the announcement is that they say “Our investigation further revealed [...]
Alvaka Networks EVP Kevin McDonald is a featured author in this month’s CAPG Health magazine. He writes about the obligations under HIPAA and HITECH to protect health information and how failure to do so can cost $359 per record breached. [...]
Disk Encryption and Software Patching Provide Safe Harbor and Good Security Practices to Protect Against Theft and Data Breaches
A recent article in the Los Angeles Times says, “A new analysis of government records, published Tuesday in the journal JAMA, found that close to a thousand large data breaches affected 29 million medical records between 2010 and 2013. Nearly 60% [...]
There are many other benefits to applying software patches including in some cases adding features, fixing bugs that make the software run slow or not work right. All software needs to be patched. Whether the software sits on a disk and runs on a server, resides on a chip within a firewall, or is an app that is in your tablet devices, it all needs to periodically be updated and patched in order to be secure.
The following list of 18 software patching best practices is what we follow at Alvaka Networks when delivering on our Patchworx(SM) Patch Management Service. It is important to note that all these steps are important, but not always are all them utilized or they can be utilized in different ways depending upon the needs of the client. Like us, you will need to decide what your patch management plan needs to look like to best suit your needs.
18 recommended best practices for patching your software:
Alvaka Networks has arguably the best and most sophisticated patch management process in the Orange County, Los Angeles County and possibly the US. Not many firms can deploy vast quantities of patches to valuable high availability servers and PCs with smoke testing qualify control while following the sun globally during selected narrow service windows.
Change management is vital to every stage of the patch management process. As with all system modifications, patches and updates must be performed and tracked through the change management system. It is highly unlikely that an enterprise-scale patch management program can be successful without proper integration with the change management system and organization.
Like any environmental changes, patch application plans submitted through change management must have associated contingency and backout plans. What are the recovery plans if something goes wrong during or as a result of the application of a patch or update? Also, information on risk mitigation should be included in the change management solution. For example, how are desktop patches going to be phased and scheduled to prevent mass outages and support desk overload? Monitoring and acceptance plans should also be included in the change management process. How will updates be certified as successful? There should be specific milestones and acceptance criteria to guide the verification of the patches' success and to allow for the closure of the update in the change management system....
In the past two weeks I have witnessed a couple of contrasting situations involving configuration changes in IT. In one environment the client has a strict adherence to the practice of using Change Management in all their IT operations. In the other operation the client has been reluctant to embrace Change Management. When it came time for one of those inevitable problems that occasionally hit the Information Infrastructure, the outcomes for the two firms was very different.
What is change management?
Here is the definition from Wikipedia based upon the industry standard Information Technology Infrastructure Library (ITIL).
Change management is an IT service management discipline. The objective of change management in this context is to ensure that standardized methods and procedures are used for efficient and prompt handling of all changes to control IT infrastructure, in order to minimize the number and impact of any related incidents upon service. Changes in the IT infrastructure may arise reactively in response to problems or externally imposed requirements, e.g. legislative changes, or proactively from seeking improved efficiency and effectiveness or to enable or reflect business initiatives, or from programs, projects or service improvement initiatives. Change Management can ensure standardized methods, processes and procedures which are used for all changes, facilitate efficient and prompt handling of all changes, and maintain the proper balance between the need for change and the potential detrimental impact of changes.
A change is an event that is....
“94% of the surveyed hospital CFOs self-identified as “struggling”, report that delayed or failed implementations in other IT systems, particularly EHR, have drastically impacted the organization’s financial position.”
That is what is says in the third sentence of a fascinating press release I just read from healthcare market research firm Black Book Market Research. The press release goes on to cite a number of other statistics from their research including stats that many healthcare CFOs are expecting to lose their jobs by 2016 and that there will be a trend to start hiring CEOs from outside healthcare.
I have witnessed some of the reasons for the IT troubles at healthcare companies:
· Healthcare companies on the whole have been laggards in adoption of fresh information technologies.
· IT personnel at most healthcare organizations themselves are behind the curve on...
Navigating Fear in the Security and Compliance World
In advancing technology it is fear of having a project go sideways, over budget or fail to accomplish the stated objective that has many frozen. What if that technology we recommend doesn’t work as we hope? What if it is something required by law (such as encryption in healthcare) that we fear an unknown outcome so much that we won’t act? What if we miss a key component of a project or underestimate the effort required and the entire project goes over our budget?