Working with government agencies always involves some form of security, which is extremely important for handling federal data, no matter the reason. So, when enterprises want to access information from the SSA Limited Access Death Master File (LADMF), there are certain expectations for these businesses.
What Is CJIS Compliance?
We’ve covered several areas regarding data privacy and security. These discussions have covered private security frameworks, government-enforced regulations, and guidelines shoring up IT security for federal and national defense agencies and contractors. Another area of security and data privacy is law enforcement. It’s perhaps unsurprising that law enforcement and other national security agencies would handle… Read More
What Is Risk Management Software, and What Should You Look For?
Risk management is quickly becoming the foundation for most security and compliance standards. And this is for good reason–complex security threats based on modern technology and the interoperability of extensive cloud-based infrastructure aren’t going to be held at bay through ad hoc implementation of technology. Risk doesn’t have to be an amorphous and ill-defined process,… Read More
What Are the Problems with Risk Management?
In our previous article, we discussed the concept of risk management–what it is and why it’s important. However, risk management in cybersecurity isn’t new, and many organizations are working towards normalizing risk as an approach for comprehensive cybersecurity and compliance efforts. While this move is a good one, we also find that many organizations will… Read More
Managed Service Providers: How Secure Are Your Services?
The increasing use of cloud vendors and third-party providers has made advanced IT infrastructure and expertise available even to smaller organizations. It has also created an interconnected ecosystem of businesses, government agencies, utility firms and managed service providers (MSPs) that can potentially compromise security across multiple systems. If you’re a managed service provider, it’s your… Read More
What is IRS 1075?
The federal government has strict and comprehensive regulations on how agencies handle constituents’ personal information. This is just as true for tax information. The IRS leans on established guidelines associated with federal security to dictate regulations for agencies that handle tax information and, by and large, treats that information as a sensitive and critical part… Read More
NIST SP 800-171 vs. 800-172: What’s the Difference?
The unveiling of CMMC 2.0 last November raised a lot of questions, but also brought a lot of relief. The streamlining of security around Controlled Unclassified Information (CUI) will help defense agencies and contractors better secure their systems without burdening them with operational overhead. This is crucial for organizations who want to support these agencies… Read More
Entrepreneurs ‘N Fuego interviews Michael Peters
I recently had the pleasure of visiting the Office Pile and being interviewed by the inimitable Francisco X. Aguirre. We had a great time discussing cyber security and the little know origins of the company name Lazarus Alliance. Entrepreneurs ‘N Fuego, a project of The TOP Foundation, a non-profit organization, is the First Multimedia Broadcast… Read More
Is Cloud Computing Really Secure? A Pragmatic Approach
Is Cloud Computing Really Secure? A Pragmatic Approach Considering Cloud Computing? So, you are making plans to move into cloud computing and are considering your options offered by the plethora of providers out there but you have questions and concerns. Congratulations! The bottom line up front is yes, cloud computing can be very secure. You… Read More
5 Tips for Healthcare Cyber Security
In a previous blog, we discussed the recent epidemic of ransomware attacks on U.S. healthcare organizations and the importance of the industry taking this very serious cyber security threat – and healthcare cyber security in general – seriously. The good news is that although a ransomware attack can bring a healthcare facility to its knees,… Read More
Ransomware Attacks Show that Healthcare Must Take Cybersecurity Seriously
In a previous blog, we provided a primer on HIPAA compliance and discussed the importance of complying with this complex federal law, which is geared toward protecting patients’ private health information (PHI). While healthcare providers and healthcare industry vendors cannot afford to ignore HIPAA, a new threat has emerged and is poised to become much… Read More
The Proverbial Identity Theft Bus Will Run You Over!
The Proverbial Identity Theft Bus Will Run You Over! Think about a time when you had a single credit card lost or stolen and how much of a pain that experience was. Now imagine if your entire wallet was lost or stolen and the exponential magnitude of pain in the patootie that would be for… Read More
2015 State-by-State Data Breach Charts
2015 State-by-State Data Breach Charts The following standard definitions of Personal Information and Breach of Security (based on the definition commonly used by most states) are used for ease of reference, and any variations from the common definition are noted: Personal Information: An individual’s first name or first initial and last name plus one or… Read More
The Truth about ID Theft: No fear mongering, no snake oil, just simple advice.
After years of advising corporations, investment firms and being directly involved with helping people understand what identity theft is and making recommendations on how they might thwart criminals from turning them into victims. I decided to revisit the topic and share a simple checklist approach to prevent identity theft. With just a few simple steps… Read More
Digital Purgatory: Data Remains After Death
In the spirit of the upcoming Halloween season, I thought it a fine time to examine what happens to our digital lives after death. Few of us really consider our digital remains but I’d encourage you to do so for many reasons. Like our physical bodies, our electronic personifications serve no purpose to us once… Read More
Easiest way to breach a bank? Just hold-em-mop!
On July 29, 2011, Massachusetts Attorney General Martha Coakley announced a $7,500 settlement with Belmont Savings Bank following a May 2011 data breach involving the names, Social Security numbers and account numbers of more than 13,000 Massachusetts residents. The bank has stated that it has no evidence of unauthorized access to or use of consumers’… Read More
Crown Jewels and Encryption Opportunities
As long as there is a need to accept, transmit and store personal and financial information, organized criminals and other self-righteous entities will attempt to breach the caretaker’s enterprise to obtain this information. Mastering the art and science of information security is an elusive quest. Few will ever achieve their goal. Few will ever reach… Read More