-
21 Apr 2009Isn’t this what HIPAA was for?
I read the first paragraph in this piece regarding Obama's mandate that we move to electronic medical records (a big step in nationalizing healthcare in this country). It says "The aim is to improve medical care, increase the efficiency of heath care delivery and ultimately cut health care costs." When I co-wrote our book on HIPAA compliance back in 2003, improving medical care, increasing the efficiency of heath care delivery ...
Continue Reading... -
09 Mar 2009
Great quote related to policies & compliance
Thomas Bracket Reed said "One of the greatest delusions in the world is the hope that the evils in this world are to be cured by legislation".I see this belief in action over and over again with regards to security policies and all these regulations we're up against. Just because you have policies and just because someone in your organization thinks that the business is "compliant" with whatever law or ...
Continue Reading... -
23 Feb 2009
Want to know what a breach is going to cost?
When writing a HIPAA-related whitepaper last week for the fine folks at Realtimepublishers.com (TONS of free papers and books on IT & security) I came across two good sites for calculating the cost of a data breach...VERY enlightening numbers from tools that have finally come of age. Keep these tools in mind when you're selling security and compliance to management (I know, it's sad you even have to): Becky Herold's ...
Continue Reading... -
30 Dec 2008
Interesting solution to the new Red Flags requirements
I can't vouch for the quality of this offering I recently came across it but it does look interesting. It's called CompliancePal and it helps businesses automate/manage the requirements of the new FTC Red Flags Rules that are intended to help fix the problem we have with identity theft here in the U.S.Heaven knows business managers need help taking the pain out of the compliance process wherever they can!...
Continue Reading... -
11 Nov 2008
New book on PCI worth checking out
Here's a new book fresh off the press written by my friend and colleague Tim Virtue. Very good insight into the world of PCI DSS compliance.I reviewed it for the publisher before it went to print and got my name imprinted forever on the back cover!...
Continue Reading... -
26 Sep 2008
My latest security content
Here's an article I just wrote for SearchEnterpriseDesktop.com:The 10 most common Windows security vulnerabilities And also a series of articles I recently completed for Realtimepublishers.com on compliance:The Essentials Series: The Business Imperatives of Compliance in the UK [note: These articles have a U.K. focus but the concepts can be applied anywhere around the world...And no, those aren't my British-isms in the writing (thanks to the wonder of editing). It is ...
Continue Reading... -
15 Aug 2008
Access to one card at a time isn’t a bad thing?
I'm writing an article series that includes some information about PCI DSS. In my research, I noticed something interesting - almost comical - about Requirement 12.7:Screen potential employees to minimize the risk of attacks from internal sources. For those employees such as store cashiers who only have access to one card number at a time when facilitating a transaction, this requirement is a recommendation only.So, "access to one card number ...
Continue Reading... -
23 Jun 2008
My security content from last week
I was out the latter part of last week so I missed my 'deadline'. Here's an article hot off the press that you may be interested in:The realities of using WAFs for PCI DSS 6.6 complianceEnjoy!As always, check out www.principlelogic.com/resources.html for all of my past articles, webcasts, podcasts, and more.Publish Post...
Continue Reading... -
08 Jun 2008
Why PCI DSS gets the attention of management
I was thinking about all the hype surrounding PCI DSS requirement 6.6 compliance. The deadline is just three weeks away. I do a lot of compliance-related work and have seen the interpretation of 'compliance' all over the map. Why is PCI DSS any different?Well, for the most part, it's not like other regulations such as HIPAA and GLBA where many in management give it lip service but don’t really do ...
Continue Reading... -
28 May 2008
What do you do for Web site security…?
I received an email yesterday from Redmond Magazine (a good trade rag) that caught my attention. The title of the email said "Trust in Web Site Security is Declining. What Should You Do?" I thought, really!?...are you serious? and well, I don't know what to do, let me see just what the solution is. [tongue in cheek]Low and behold it was an email sponsored by Verisign about their whitepaper entitled ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:
