Beware Of How You Answer Audit Or Assessment Questions

If you are regulated under any of the myriad government and industry regulations from ITAR, FIPS, CLETS and PCI, to HIPAA and Red flags, the process of responding to security, integrity, and availability verification is not a simple exercise. It is more than answering questions in the positive. Polices, procedures and declarations of compliance are contracts with your company, partners, clients and government regulatory bodies. What do I mean?

Beware Of How You Answer Audit Or Assessment Questions2011-04-01T04:20:00-07:00

What Can We Learn From The Disaster In Japan?

Disasters are a horrible thing. We can only hope to never have our lives and loved ones involved first hand. But disasters do happen and almost all of us will experience the pain and misery ourselves at different points in our lives. The key is to mitigate the loss and pain through careful preparation. During a disaster our first concern will be for the safety and protection of those closest to us. Once that is secured, we will all begin the transition back to normal life and work.

I have had many tell me that in a disaster they are not going to care about their servers and the PCs at the office. That is true however, at some point, normal life must return. So how do you do that? You must have a disaster recovery plan in place. It must have several components:

What Can We Learn From The Disaster In Japan?2011-03-15T00:58:00-07:00

1.7 Million Patient Records In Massive Data Heist At NYC Hospitals

All I can say is “WOW!” I wonder how much this is going to cost the hospitals. How much damage is done to their reputation? What kind of government settlement, oversight and years of scrutiny will this cost the hospitals when the regulatory agencies are done negotiating with them on penalties and remediation?

Here is the gist of the story:

Thieves made off with the personal health records of an estimated 1.7 million New Yorkers' when they stole backup tapes from four Bronx hospitals In December. According to statement issued by the 14-hospital system on Feb. 11, computer backup tapes were stolen containg the records. The report came just days after the New York City Health and Hospitals Corporation began notifying victims Feb. 9. While it took HHC nearly two months before reporting the data breach, it was well within the 60-day period required by New York state law.

1.7 Million Patient Records In Massive Data Heist At NYC Hospitals2019-04-09T00:25:53-07:00

What Are Your RTO And RPO?

I just had a meeting with one of Alvaka's IT consultants regarding the development of a disaster recovery and business continuity plan for a financial services client of hers. A year ago the client had a very nearly disastrous weather related IT event that could have slammed the whole company beyond imagination. During a heavy downpour a major leak opened up on the roof and dumped significant amounts of water right onto the client’s primary server rack. The servers were so flooded that during the recovery process the techs actually had to de-rack the servers and tilt them over in order to pour out the water. Full disaster was averted when

What Are Your RTO And RPO?2018-05-07T08:51:30-07:00