Avatier

Category: Compliance

  • NERC CIP Version 5 Compliance: Internal Controls or Executive Blinders

    NERC CIP Version 5 Compliance: Internal Controls or Executive Blinders

    NERC CIP Version 5 internal controls. A few significant events occurred this week related to NERC CIP compliance that should not go unnoticed. Yesterday on July 1st, Version 5 of the NERC Critical Infrastructure Protection (CIP) quietly went into effect. Version 5 encompasses the most comprehensive updates since the standards launched in 2008. For some…

  • Speeding Up the Gartner Security Summit

    Speeding Up the Gartner Security Summit

    Gartner Security Summit Keynote Leon Panetta The Gartner Security & Risk Management Summit 2015 in Washington DC was no snooze fest. Quite the contrary. It’s just I don’t usually plan for security threats five years in advance. I’m engaged today. With the event infogram, "By 2020, 25% of global enterprises will engage the services of…

  • ServiceNow Knowledge15 Looks to a Service Management Future

    ServiceNow Knowledge15 Looks to a Service Management Future

    ServiceNow Knowledge15 focuses on fast easy enterprise-grade. In watching Frank Slootman, ServiceNow CEO and the Knowledge15 keynote speakers, you really do glimpse the future. The future of "Everything as a Service." For most enterprises, service management represents the state of operations in 2020. For some, particularly small and medium sized business, service management represents operations…

  • Cyber Liability Insurance Puts a Large Hole in the Corporate Wallet

    Cyber Liability Insurance Puts a Large Hole in the Corporate Wallet

    Cyber liability costs. I was talking with a friend the other day and the cost of cyber breaches came up. Not so much the loss of reputation (which everyone faces), and the loss of sales, (which many face) and the loss of jobs (as Target executives faced)—but the cost of liability insurance assuming there is…

  • Risk Assessment Benefits, Best Practices and Pitfalls

    Risk Assessment Benefits, Best Practices and Pitfalls

    Risk assessments clean up operations. This interview with Avatier CISO, Ryan Ward, speaks to the overlooked benefits of risk assessment. It recently appeared in Help Net Security and offers best practices for performing successful risk assessments, remediation, and professional development. What are some of the often-overlooked risk assessment benefits? Even though most organizations have a…

  • Is Your Incident Response Plan Ready for 2015?

    Is Your Incident Response Plan Ready for 2015?

    You must be ready to engage twenty-first century threats. From my past articles, you can probably tell that I like to preach about focusing on the basics of security management rather than the latest shiny security tool. Things like vulnerability management, identity and access management, security awareness, etc. all help lower risk and improve security…

  • 12 Identity Management Side Dishes to Avoid this Thanksgiving

    12 Identity Management Side Dishes to Avoid this Thanksgiving

    Identity management recipes for disaster. Thanksgiving is a wonderful American holiday. It involves being thankful for family, football, shopping and eating. For an idea of American’s love for celebrating this holiday, forty-six million turkeys are stuffed, eighty million pounds of cranberries sauced, forty million green beans casseroled, twenty million pounds of potatoes mashed, and fifty…

  • “Do You Feel Safer?” 911 from an Information Security Perspective

    “Do You Feel Safer?” 911 from an Information Security Perspective

    Information security 911 preparedness. Thirteen years after one of the most horrific terrorist attacks on America, I have to ask myself "do I feel any safer?" Like you, I’m sure, the answer is "no." On the other hand, the risk I feel now has less to do with a physical attack and more to do…

  • The True Value of an Information Security Compliance Auditor

    The True Value of an Information Security Compliance Auditor

    Information security audits add up. I recently read the KPMG Value of Audit, The Audit Model and the Profession by Rupert Bruce. Although the focus was on financial audits, the journal resonated with me as an information security auditor. Several takeaways made the article worth review. Beginning with the assumption ‘auditor’ is synonymous with ‘compliance…

  • Information Security and IT Leadership Business Accountability

    Information Security and IT Leadership Business Accountability

    IT leadership get aligned. In my last article, I discussed the need for IT leadership to start transitioning accountability to the business, but I primarily focused on security-related aspects of this transition. In this article, I highlight broader IT-related culture and process changes that can help organizations begin to deliver greater capabilities by engaging with…

  • Who Needs HIPAA HITECH Anyway?

    Who Needs HIPAA HITECH Anyway?

    The Formula 1® HIPAA privacy rule. A short while ago, someone stole the medical records for Michael Schumacher, the severely injured Formula One race car driver, and put them up for sale on the Internet for 60,000 Swiss francs. So far, no tabloid has picked them up. I’m not sure what they would pay for…

  • Avatier Spins Off IT Security Consulting Company

    Avatier Spins Off IT Security Consulting Company

    At last, fixed-price IT security services. Last week we announced the launch of the IT Security Consulting Company, a spinoff of Avatier. We are using the expertise of this new group of consultants to provide services in all areas of information security including Identity and Access Management. Initially, we will be concentrating on sixteen areas:…

  • The Culture of Cloud in an Information Security World

    The Culture of Cloud in an Information Security World

    Cloud information security cultural transformation. Working in the information security field, I obviously hear a lot about “the cloud” and its many security implications. There are definitely valid security concerns associated with cloud computing, but isn’t the entire industry of “information security” based on the concept of “securing information” no matter where it resides (including…

  • Building a Great Identity Management Company From The Inside Out

    Building a Great Identity Management Company From The Inside Out

    Avatier identity management company values. You’ve probably heard the story about the guy walking down the street next to a building under construction. "What are you doing?" he asked the first bricklayer. "Laying bricks," he replied sullenly. "What are you doing?" he asked the second bricklayer. "Building a stone wall," he replied smugly. "What are…

  • The Four IT Security Principles: A Practical Guide to Improving Information Security

    The Four IT Security Principles: A Practical Guide to Improving Information Security

    Security Commandments. Below are four principles to help you become a more effective IT security leader. While these principles won’t solve all your problems, if you practice them regularly, you can’t help but reduce risks and knock annoying security problems off your to-do lists. Start a difficult information security task Every IT security leader has…

  • Why Your IT Security and Swiss Cheese May Have a Lot in Common

    Why Your IT Security and Swiss Cheese May Have a Lot in Common

    Cyber crime target. As if sustaining your own IT security data breach wasn’t enough, Target is now looking at the very real possibility that the attackers hacked their way in using access credentials stolen from an…wait for it…environmental systems contractor. Investigators from the Secret Service, which is leading the investigation, recently visited the offices of…

  • Organized Cyber Crime Target

    Organized Cyber Crime Target

    Cyber criminals target retailers. Perhaps you saw the report by the US security firm iSight Partners concluding the stolen customer data now reaches as many as 110 million Target consumers. According to the report, the cyber crime began in Texas stores. Customer data was collected for over two weeks. And, the information was immediately sold…

  • Identity Management and IT Security Practices to Prevent Target-like Cyber Theft

    Identity Management and IT Security Practices to Prevent Target-like Cyber Theft

    IT security alerted. Last Friday near the end of day I thought I would speak to one of our engineers about this blog topic. Coincidentally, 5 minutes into our conversation, he received an alert indicating unusual resource consumption on our blogging server. Upon examination, someone accessing our login page from a server in New Jersey…

  • NEW PHASE IN AVATIER GROWTH

    NEW PHASE IN AVATIER GROWTH

    Avatier LANDESK Partnership. Today we announced a tremendous new partnership with LANDESK Software. It is our first OEM relationship and represents a dramatic new growth phase for Avatier. LANDESK will be using our innovative self-service password reset tool as part of their LANDESK Service Desk in their Password Central product. Our enterprise password manager will be integrated…

  • How to Apply Automation to Your HIPAA Compliance Checklist

    How to Apply Automation to Your HIPAA Compliance Checklist

    Automate your HIPAA compliance checklist. Protecting patient privacy rests at the heart of HIPAA regulations. The regulatory requirements address administrative processes, facilities security and technical protocols. With all of the moving parts around managing HIPAA regulatory mandates, what can you do to make things simpler and more efficient for your organization? Automate as many operations as…

  • At the Crossroads of Microsoft Active Directory, Identity Management and NERC Compliance Software

    At the Crossroads of Microsoft Active Directory, Identity Management and NERC Compliance Software

    NERC compliance gatekeeper. Yesterday, many of you probably read about Entergy Corporation ETR announcing its plan to close and decommission the Vermont Yankee Nuclear Power Station. With the closing, Entergy explained the decision was driven by sustained low power prices, high cost structure and prospective for a heavily regulated wholesale electricity market. I couldn’t help…

  • Finessing NIST SP 800-53 — Earn the Confidence of Your Compliance Auditor

    Finessing NIST SP 800-53 — Earn the Confidence of Your Compliance Auditor

    NIST SP 800-53 compliance auditor. It’s widely acknowledged that NIST SP 800-53 cyber security guidelines are confusing and overwhelming — it’s universally challenging to make heads or tails of the guidelines stemming from the Federal Information Security Management Act (FISMA) regulations. If managing the mountain of FIPS 200 and NIST standards have you gasping for…

  • Better Enterprise Risk Management: Keep Your Priorities Straight with Balanced Scorecard Software

    Better Enterprise Risk Management: Keep Your Priorities Straight with Balanced Scorecard Software

    Balanced scorecard alignment. If you’re in charge of information security risk management for your organization, you know that the process is a study in trade-offs. You have to deal with acute, urgent problems — happenstances that are disrupting workflow in the here-and-now. But then there are those chronic drags — costly inefficiencies, latent security vulnerabilities…

  • Charm the Compliance Auditor: Getting Hip to HIPAA HITECH Compliance

    Charm the Compliance Auditor: Getting Hip to HIPAA HITECH Compliance

    Never ending HIPAA HITECH compliance management. If you dread meeting with the HIPAA HITECH compliance auditor you’re in good company. It’s just such tedious and time consuming work to pull together the mountain of information you need to be prepared for an IT audit. And then there’s the audit review process itself — after you’ve gone…

  • Compliance Management: From a Thorn in Your Side to Easy as Pie

    Compliance Management: From a Thorn in Your Side to Easy as Pie

    A compliance management software delicacy. As organizations go digital, security standards and requirements are evolving to address risk to enterprise systems and the vital data contained within them. The complexity of the compliance management climate has increased across the board, and organizations are struggling to keep up with the intensified requirements. Because the process of…

  • Dare to Go Digital: Automating HIPAA HITECH Compliance

    Dare to Go Digital: Automating HIPAA HITECH Compliance

    HIPAA HITECH compliance tools. There are undeniably enormous benefits associated with digitizing medical records. Health care organizations have become increasingly reliant on technology to improve patient care, streamline operations and reduce costs — but not without Protected health information (PHI) risks. Because of course you are subject to stringent HIPAA privacy statutes and HIPAA HITECH…

  • It’s 10PM. Do You Know Where Your Information Security Just Went?

    It’s 10PM. Do You Know Where Your Information Security Just Went?

    Information security exposed. The study published in May 2013 by Ipsos Mori on behalf of Huddle found that a whopping 38% of U.S. office workers admit to storing work documents on personal cloud tools and services, including Dropbox, Google Drive and Apple iCloud. A staggering 91% report that they regularly use personal devices to access,…

  • InfraGard Highlights Focus Needed to Improve Information Security

    InfraGard Highlights Focus Needed to Improve Information Security

    Information security best practices. During last week’s information security Midwest InfraGard SuperConference, the FBI stressed concern about the growing problem of intellectual property theft from the United States via espionage. China accounts for 90% of that espionage so it was no surprise to learn that China was in the news for stealing information. Since over $250…

  • Stopping the ‘Enemy Within’ with IT Risk Management Software

    Stopping the ‘Enemy Within’ with IT Risk Management Software

    Self-service IT risk management. If ever organizations questioned the need for IT Risk Management Software, one simple statistic about cyber security cited recently in the National Law Review should change their minds: “According to Diligence Information Security, about 70 percent of security breaches are committed by employees.” Yes, those dedicated individuals who depend upon your…

  • Think about "Risk Management" when Outsourcing Information Security

    Think about "Risk Management" when Outsourcing Information Security

    Outsourcing information security risks. I have never been a huge fan of outsourcing information security, especially when security operations and vulnerability management are intermingled with infrastructure outsourcing deals. I have had first-hand experience at previous companies dealing with the risks of all aspects of outsourcing from selecting ITO providers, migrating from one provider to another…

  • Avatier to Launch New Compliance Auditor Access Certification Software at Gartner

    Avatier to Launch New Compliance Auditor Access Certification Software at Gartner

    Audit any system, asset, network any time anywhere. The Gartner Identity and Access Management (IAM) Summit, one of the most influential events in the IAM industry, is just over one week away. Avatier has already released an announcement about their latest access certification software that it plans to launch at the show. Avatier, which will…

  • Cyber Security Threats: Is World War III Upon Us?

    Cyber Security Threats: Is World War III Upon Us?

    Eminent cyber security threats. Albert Einstein once said, "I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones." Ever a man ahead of his time, were he alive today it’s likely the only thing he would change about his statement would be…

  • 5 Steps for implementing a BYOD identity governance solution

    5 Steps for implementing a BYOD identity governance solution

    BYOD access provisioning. I began writing about technology systems at the dawn of the handheld era. The first time I ever wrote about the use of a mobile device in the workplace was in regard to an unwieldy piece of hardware with a monochromatic screen used by nurses for bedside documentation of patients’ vital signs…

  • Identity and Access Management (IAM) Integration Reaches for the Cloud

    Identity and Access Management (IAM) Integration Reaches for the Cloud

    IAM in the cloud. I confess that I’ve been around the Tech industry long enough (i.e., the 1990’s) to recall when "working from home" was not an easy thing to do. For most companies back then, when an employee wanted to work from home he or she usually did not have a way to connect…

  • Bring Your Own Identity and Access Governance?

    Bring Your Own Identity and Access Governance?

    A manager’s identity and access governance duties. I think that a lot of people out there are familiar with the concept of BYOD or "Bring Your Own Device", even if they don’t consciously realize it. I had never heard the term until very recently and realized that I had been using my personal smartphone at work…

  • Cyber Security Solutions Begins with You

    Cyber Security Solutions Begins with You

    President Obama’s cyber call to action. In case you missed it, President Obama wrote an extraordinary editorial that appeared in last Friday’s Wall Street Journal, focusing on cyber security threats on America’s infrastructure. The article begins by describing a simulation of multiple cyber security threats focused on deploying malware on critical systems that operate transportation,…