Ransomware Attacks Can Target Your System Backups

An evolving threat Ransomware now has a frightening new threat: preventing your ability to recover from backups. At Alvaka Networks, we are currently involved in some of the largest ransomware recovery projects, both insured and uninsured. The most sinister [...]

Ransomware Attacks Can Target Your System Backups2021-03-14T23:40:18-07:00

Three things healthcare organizations can do to help protect their organizations from cyber risk and security breaches

By Oli Thordarson, CEO of Alvaka Networks I was recently asked to write a short column on “What three things healthcare organizations can do to help protect their organizations from cyber risk and security breaches?” for the ABL Organization. It [...]

Three things healthcare organizations can do to help protect their organizations from cyber risk and security breaches2020-05-18T14:31:37-07:00

Legal quicksand: Shrink-wrap and click-wrap agreements – Part 2

Typical Shrink-Wrap Terms and Conditions While the type of terms and conditions found in shrink-wrap agreements vary greatly from vendor to vendor, there are a number of common themes. In general, shrink-wrap agreements include the following potentially problematic terms: [...]

Legal quicksand: Shrink-wrap and click-wrap agreements – Part 22020-05-18T14:47:38-07:00

Legal quicksand: Shrink-wrap and click-wrap agreements – Part 1

Shrink-wrap and click-wrap agreements are the fine print you see, among other things, when you click through terms and conditions in accessing an online service (e.g., in connection with a cloud computing service) or as part of the installation [...]

Legal quicksand: Shrink-wrap and click-wrap agreements – Part 12020-05-18T14:54:06-07:00

New password guidelines from the US federal government via NIST

The National Institute of Standards and Technology (NIST) has issued new guidelines regarding secure passwords. Who is NIST? NIST is a non-regulatory federal agency whose purpose is to promote U.S. innovation and industrial competitiveness by [...]

New password guidelines from the US federal government via NIST2023-02-07T07:44:11-08:00

BlueCross BlueShield Announces August 5th Data Breach Discovery

Tustin, CA - The most interesting part of this BlueCross BlueShield announcement is not that they found the breach on August 5th.  What is interesting when you read further into the announcement is that they say “Our investigation further revealed [...]

BlueCross BlueShield Announces August 5th Data Breach Discovery2017-09-18T00:38:04-07:00

Some Good Q&A on Backup and Disaster Recovery

1. Where should small businesses start with disaster recovery, whether or not they already have a DR plan in place? What is the first question the small business owner needs to ask?

I recommend starting with determining RTO and RPO.  If the small business owner starts here he or she will be off to a good start with the DR plan.  What are RTO and RPO?

•         RTO – Recovery Time Objective, the time between the disaster and when the system has been made operational again.  Why is this important?  Different businesses have different costs associated with...

Some Good Q&A on Backup and Disaster Recovery2015-03-02T15:43:00-08:00

Why are Patch Management and Change Management Important?

Alvaka Networks has arguably the best and most sophisticated patch management process in the Orange County, Los Angeles County and possibly the US.  Not many firms can deploy vast quantities of patches to valuable high availability servers and PCs with smoke testing qualify control while following the sun globally during selected narrow service windows.

Change Management
Change management is vital to every stage of the patch management process. As with all system modifications, patches and updates must be performed and tracked through the change management system. It is highly unlikely that an enterprise-scale patch management program can be successful without proper integration with the change management system and organization.

Like any environmental changes, patch application plans submitted through change management must have associated contingency and backout plans. What are the recovery plans if something goes wrong during or as a result of the application of a patch or update? Also, information on risk mitigation should be included in the change management solution. For example, how are desktop patches going to be phased and scheduled to prevent mass outages and support desk overload? Monitoring and acceptance plans should also be included in the change management process. How will updates be certified as successful? There should be specific milestones and acceptance criteria to guide the verification of the patches' success and to allow for the closure of the update in the change management system....

Why are Patch Management and Change Management Important?2021-01-27T21:42:49-08:00

What nineteen audiences in twelve months taught me?

Navigating Fear in the Security and Compliance World

In advancing technology it is fear of having a project go sideways, over budget or fail to accomplish the stated objective that has many frozen. What if that technology we recommend doesn’t work as we hope? What if it is something required by law (such as encryption in healthcare) that we fear an unknown outcome so much that we won’t act? What if we miss a key component of a project or underestimate the effort required and the entire project goes over our budget?

What nineteen audiences in twelve months taught me?2014-12-17T23:02:14-08:00