Security Basics mailing list archives
RE: Binary Analysis with Internal Solutions
From: "Mikhail A. Utin" <mutin () commonwealthcare org>
Date: Fri, 27 Jul 2012 10:44:41 -0400
Just to add on practical note. For people involved in HIPAA related compliance, such estimate of risk can be done pretty easy. That is my own finding I would like to share. Department of Health and Human Services (DHHS) and the Centers for Medicare and Medicaid Services have checklist named "Sample - Interview and Documents Request for HIPAA Onsite Investigation and Compliance Reviews". This document will be very likely the basis for starting in 2013 preventive audit of HIPAA compliance across the US. So, basically print the list and put check marks next to p.2 required items. Of course, items are not equal in their weight, so you can sort them down to "critical", "important", not-so-important" (you cannot say to US Government that something is its document is not important :)). Then use your imagination to create a compliance estimate based on the number of "critical" and "important" that your organization lacks, or partially implemented. And finally you can give your management current compliance rate in percent. Sounds like a dream? I think that having two "critical" failed will mean the audit failure. What does it mean for your organization? Ask the boss. Regards Mikhail Utin, CISSP -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Simon Thornton Sent: Wednesday, July 25, 2012 4:25 AM To: security-basics () securityfocus com Subject: RE: Binary Analysis with Internal Solutions As you say, a full risk assessment is often not justified; however I would counter that the issue is not at the level of the security specialists but at management level. We generally understand the issues and the relative importance, however at the management level the understanding is often minimal and it can boil down to equating perceived security risk to business risk and time = money arguments; why should I spend the money. You don't need to write a book, just enumerate your thought processes and why you think it is necessary. If you can convince them once to do such an exercise then the rational can be used again. Rgds, Simon CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Binary Analysis with Internal Solutions nschroedl (Jul 24)
- RE: Binary Analysis with Internal Solutions Ward, Jon (Jul 24)
- RE: Binary Analysis with Internal Solutions Mike Vella (Jul 24)
- RE: Binary Analysis with Internal Solutions Simon Thornton (Jul 24)
- RE: Binary Analysis with Internal Solutions Nick Schroedl (Jul 24)
- RE: Binary Analysis with Internal Solutions Pranav Lal (Jul 25)
- RE: Binary Analysis with Internal Solutions Mikhail A. Utin (Jul 24)
- RE: Binary Analysis with Internal Solutions David Gillett (Jul 24)
- RE: Binary Analysis with Internal Solutions Simon Thornton (Jul 25)
- RE: Binary Analysis with Internal Solutions Mikhail A. Utin (Jul 27)
- RE: Binary Analysis with Internal Solutions Nick Schroedl (Jul 24)
- RE: Binary Analysis with Internal Solutions Simon Thornton (Jul 25)