Steps for an Effective Cybersecurity Incident Response Plan

Written by Kevin McDonald, COO and CISO of Alvaka Networks. Originally published January 2016 on TechTarget. Kevin discusses steps to help you prepare a cybersecurity incident response. When your system is compromised, you generally have one chance to get the response [...]

Steps for an Effective Cybersecurity Incident Response Plan2021-06-23T12:37:20-07:00

How Can An IT Security Breach Cost Me My Job? The Sony Pictures Case

I don’t normally give a moments notice to stuff that goes on in Hollywood, but the story “Future of Sony's Amy Pascal questioned after hacked email revelations” caught my attention because of the cyber security aspect involved.  So often I hear executives say something similar to “I don’t worry about our security because we don’t have anything anyone would want to hack into.”

That complacent assessment is wrong as most everyone knows since today nearly all hacking/security breach incidents are the result of indiscriminate malware that scans the Internet searching for vulnerable systems.  When that malware finds a vulnerable system most of them run automated code that looks for passwords, bank account information, encrypts data for ransom, etc.

In this particular case a ton of data was stolen and released.  The implication for Sony Pictures Co-Chairman is that her personal e-mails were....

How Can An IT Security Breach Cost Me My Job? The Sony Pictures Case2024-03-14T00:18:56-07:00

Electronic health records ripe for theft

The only difference in healthcare is that the large breaches have not gotten the sensational, but appropriate coverage credit card breaches have gotten.

Three other interesting quotes:

1.      As health data becomes increasingly digital and the use of electronic health records booms, thieves see patient records in a vulnerable health care system as attractive bait, according to experts interviewed by POLITICO. On the black market, a full identity profile contained in a single record can bring as much as $500.

2.      “Criminal elements will go where the money is,” said Wah, who was the first 

Electronic health records ripe for theft2014-07-15T01:03:09-07:00

HIPAA consulting and the channel’s ethical responsibility

Kevin is a featured writer for TechTarget.  Here is is latest column: _________________________________________________________ A few months ago, I wrote an article about the practice of non-attorneys consulting on HIPAA business associate agreements. After talking with scores of people about the [...]

HIPAA consulting and the channel’s ethical responsibility2020-06-09T23:54:19-07:00

Some Good Questions and Answers on Backup and Disaster Recovery

1. Where should small businesses start with disaster recovery, whether or not they already have a DR plan in place? What is the first question the small business owner needs to ask?

I recommend starting with determining RTO and RPO.  If the small business owner starts here he or she will be off to a good start with the DR plan.  What are RTO and RPO?

         RTO – Recovery Time Objective, the time between the disaster and when the system has been made operational again.  Why is this important?  Different businesses have different costs associated with

Some Good Questions and Answers on Backup and Disaster Recovery2014-04-29T23:01:20-07:00

Opportunities abound for providing HIPAA compliance services

As many security solution providers struggle to find compliance opportunities, there is a great opportunity in supporting compliance with the Health Insurance Portability and Accountability Act (HIPAA).Even though the comprehensive laws intended to protect patient and health care data are [...]

Opportunities abound for providing HIPAA compliance services2014-04-11T17:48:00-07:00

HIPAA security checklist: 10 services your customers need

Recent changes to HIPAA and HITECH opened up significant new opportunities for security solution providers who can shoulder the risks and get themselves educated on these regulations. As this HIPAA security checklist of services, below, shows, there are 10 specific [...]

HIPAA security checklist: 10 services your customers need2020-04-29T22:42:23-07:00

Schnuck’s Might Be in Big Security and Insurance Trouble, Can the Same Be in Store for Your Firm?

Is it better to insure than secure?  Maybe not.  You better dust off those old insurance policies that most of us look at all too infrequently.  Schnucks has been notified by their insurance carrier that they don’t plan to cover them for the lawsuits.

The problem that likely exists with your current insurance policy is that they were designed and sold in a pre-Internet era.  Data is not considered....

Schnuck’s Might Be in Big Security and Insurance Trouble, Can the Same Be in Store for Your Firm?2023-08-10T23:36:44-07:00

Obama Admin Releases Massive New HIPAA Rules

So, as if healthcare practitioners didn’t already have enough to focus on with Obamacare, HITECH and the Flu epidemic, the Obama administration through the Department of Health and Human Services, has released a massive pile of new regulations in a [...]

Obama Admin Releases Massive New HIPAA Rules2013-01-18T21:52:02-08:00