What are HIPAA Administrative Safeguards? The Health Insurance Portability and Accountability Act of 1996 (HIPAA, PL104-191) was enacted to protect the privacy and availability of health insurance coverage and medical information. The law’s primary goals include protecting health insurance coverage for workers and their families in the event that the insured employee changes or loses […]
Category: Outsourced IT
What is the Digital Identity Ecosystem? The proposal formally known as the National Strategy for Trusted Identities in Cyberspace is now the Identity Ecosystem- a proposal from the United States federal government to improve identity authentication on the Internet and make online transactions safer. The proposal has four goals1: The Identity Ecosystem will add another […]
Categories
Data Historians
What are Data Historians? A data historian is a type of time-series database designed to efficiently collect and store process data from a Supervisory Control and Data Acquisition (SCADA) or automation system. SCADA is a computer-based system for gathering and analyzing real-time data to monitor and control equipment that deals with critical and time-sensitive materials […]
What are File-Sharing Best Practices? File sharing is a common, yet dangerous, daily business activity. Take time to evaluate your file sharing methods to ensure that you are choosing the most secure procedures. Consider the following best practices as you decide how you will send and receive files securely: Multi-factor authentication. Use multi-factor authentication (MFA) […]
What is an Inadvertent Disclosure under HIPAA? An inadvertent disclosure is an event where a health professional unintentionally reveals protected health information (PHI) to an unauthorized person by mistake. Generally, if PHI is disclosed to unauthorized personnel, a breach of PHI is presumed to have occurred. Depending on the size of the unauthorized disclosure, HHS […]
Categories
Randomness and Entropy
What are Randomness and Entropy? Most modern encryption relies on randomly generated keys. Random numbers are used in many places within the realm of information technology, and they are also used in other fields, such as in the sciences. In mathematical statistics, randomness has been defined as, “of or relating to a type of circumstance […]
Categories
Configuration Management
What is Configuration Management? Configuration management (CM) is a systems engineering process for establishing and maintaining consistency of a product’s performance, functional, and physical attributes with its requirements, design, and operational information throughout its life. For example, in routers or operating systems, manufacturers often set the default configurations with predefined passwords or pre-installed applications. When […]
Categories
Cross Domain Solutions
What are Cross Domain Solutions? The U.S. National Institute of Standards and Technology (NIST) defines cross domain solutions (CDS) as: “A form of controlled interface (a boundary with a set of mechanisms that enforces the security policies and controls the flow of information between interconnected information systems) that provides the ability to manually and/or automatically […]
Categories
DDoS-for-Hire
What is DDoS-for-Hire? Distributed denial-of-service (DDoS) cyberattacks are malicious attempts to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of internet traffic. DDoS-for-hire is a service that allows anyone to perform a DDoS attack, for prices as low as $10 per […]
Categories
CIS Benchmarks
What are CIS Benchmarks? CIS Benchmarks from the Center for Internet Security (CIS) are a set of globally recognized and consensus-driven best practices that are designed to help security professionals implement and manage cybersecurity defenses. CIS Benchmarks were developed with a global community of security experts, and the guidelines help organizations protect themselves from emerging […]