Archive for 'Compliance' Category
Testing Reduced to Two Bullet Lists! How to make sure your Incident Response Tests are “amenable” to your auditors! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . One of my favorite Clients is preparing for his or her (when she gave me permission […]
Dan’s reminding us that the manifesto, Sometimes Say Never, has the word “sometimes” in it.
Another stop in the IT Governance Tour! . . . An Indiana Bankers’ Association Workshop! Incident Response Management: The new NIST Cyber Security Framework is heavy on Incident Response. Executives are starting to talk like “it’s not a matter of if, it’s a matter of when.” When we choose “accept” as a risk response decision, we rely […]
Should we see Information Security as a normal technology adoption and, if so, do we want to be laggards if we’re in an unregulated industry?
And now that we are all paying attention . . . A great example of Awareness Activation! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . When we finally release our annual “trend article” . . . . and we’re sorry it’s taking so long but […]
Where should you start? How about choosing a framework? If the Risk Assessment Answer Isn’t Enough! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . I’ve been asked to give a talk to school corporations about Information Security, as in “why should we be concerned, […]
For those of you who are wanting to come into lightening-speed compliance with Section 164.308(b)(1) of the HIPAA Security Ruling, start telling your vendors that they need to revise their agreements to include the following.
A quick analysis of the July 10th, 2012 “Statement on Cloud Computing” published by the FFIEC in their new “Reference Materials” section.
The latest Dan’s New Leaf is an article review of an article that directly contradicts Dan’s own philosophy!
The Federal Financial Institutions Examination Council (FFIEC) has issued a statement on outsourced cloud computing activities. The statement discusses key risk considerations associated with outsourced cloud computing activities and identifies applicable risk mitigation considerations.