While doing some encryption research I ran across this Vermont ruling made on November 29, 2007.
It provides some good lessons about computer forensics and investigation and password management.
Posts Tagged ‘encryption’
Privacy, The 5th Amendment And PGP Passwords
Sunday, January 6th, 20087 More Reasons Why Sending Cleartext IM and Email Is *NOT* Secure Even If Your Doc Says It Is…Part 2
Wednesday, November 21st, 2007As a continuation of my blog posting from Monday, here are 7 additional reasons to add to the previous 4 for why sending cleartext instant messages (IMs) and email is not secure:
Sending Cleartext IM and Email Is *NOT* Secure Even If Your Doc Says It Is…Part 1
Monday, November 19th, 2007I got some interesting comments and questions, and lots of good direct feedback, about my blog post on sending cleartext patient information last week, “HIPAA: Beware Doctors Who Claim They Don’t Have To Follow Safeguard and Privacy Requirements” so I wanted to take this opportunity to discuss the topic a little more.
Sending Cleartext IM and Email Is *NOT* Secure Even If Your Doc Says It Is…Part 1
Monday, November 19th, 2007I got some interesting comments and questions, and lots of good direct feedback, about my blog post on sending cleartext patient information last week, “HIPAA: Beware Doctors Who Claim They Don’t Have To Follow Safeguard and Privacy Requirements” so I wanted to take this opportunity to discuss the topic a little more.
HIPAA: Beware Doctors Who Claim They Don’t Have To Follow Safeguard and Privacy Requirements
Thursday, November 15th, 2007My good friend Alec recently made me aware of a very interesting blog post made by a physician (thanks Alec!) that is frankly quite troubling.
The World is Miffed About Spam & Phishing
Thursday, October 18th, 2007Several weeks ago I got spam from an information security company about a seminar they are putting on. I did not respond; I wasn’t interested. Since that time I have received many messages, all with the same content, from various people from that organization, the tone of which really ticked me off. The following is an excerpt.
Data Will Always Be Less Safe In The Future…I Don’t Want To Get Gussied Up To Talk On The Phone
Wednesday, October 17th, 2007I have a blog problem…there are way too many things I want to blog about and not enough hours in the day to do it! Throughout each day I note news items from the TV, or website news articles, or research, or reports, or just observations while at businesses or in public, and I only have a chance to blog about a small fraction of them. Today I think I’ll just briefly mention five of the topics I’ve planned to blog about, along with a brief note about each, and then maybe I’ll be able to revisit them sometime in the near future and discuss them at greater length.
Iowa Universities Provide Examples of Good and Bad Information Security and Privacy
Wednesday, October 10th, 2007In the past week the two largest universities in Iowa provided examples of both great and poor security practices. Let’s see…how about the bad example first?
New Nevada Law Explicitly Requires Organizations to Encrypt PII Sent Through Networks
Tuesday, October 9th, 2007To date there have been several laws that direct organizations in certain industries to consider using encryption as one way to protect data based upon the organization’s considered risks, and laws that make encryption a factor in decisions regarding breach notifications, but until now no laws that I’m aware of explicitly required personally identifiable information (PII) to be encrypted. The state of Nevada has now changed that!
Lack of testing, lack of built-in security, and inadequate protection for stored data lead list of PCI noncompliance items
Tuesday, October 2nd, 2007I figured that since the PCI DSS compliance deadline for Level 1 merchants was this past Sunday that there would probably be a ton of published news reports about it on Monday. There were…and today as well! One that caught my eye was in eWeek on Monday, “Comparison Shows Very Little Shift in PCI Failures.”
