Archive for the “best practice” category

Best Practices for the Lulz

by adam on February 21, 2011

The New School blog will shortly be publishing a stunning expose of Anonymous, and before we do, we’re looking for security advice we should follow to ensure our cloud-hosted blog platform isn’t pwned out the wazoo. So, where’s the checklist (…)

Read the rest of this entry »

Infosec’s Flu

by adam on February 4, 2011

In “Close Look at a Flu Outbreak Upends Some Common Wisdom,” Nicholas Bakalar writes: If you or your child came down with influenza during the H1N1, or swine flu, outbreak in 2009, it may not have happened the way you (…)

Read the rest of this entry »

Referencing Insiders is a Best Practice

by adam on January 7, 2011

You might argue that insiders are dangerous. They’re dangerous because they’re authorized to do things, and so monitoring throws up a great many false positives, and raises privacy concerns. (As if anyone cared about those.) And everyone in information security (…)

Read the rest of this entry »

CRISC – The Bottom Line (oh yeah, Happy New Year!)

by alex on January 2, 2011

No doubt my “Why I Don’t Like CRISC” blog post has created a ton of traffic and comments.  Unfortunately, I’m not a very good writer because the majority of readers miss the point.  Let me try again more succinctly: Just (…)

Read the rest of this entry »

Lessons from HHS Breach Data

by adam on October 11, 2010

PHIPrivacy asks “do the HHS breach reports offer any surprises?” It’s now been a full year since the new breach reporting requirements went into effect for HIPAA-covered entities. Although I’ve regularly updated this blog with new incidents revealed on HHS’s (…)

Read the rest of this entry »