February 26, 2010 7:25 PM
Posted by: Arian Eigen Heald
Data Breaches,
DataManagement,
Identity theft,
information security,
information security policy,
medical identity theftThe Department of Health and Human Services has posted a list of the covered entities, (i.e., those that come under HIPAA regulations) that have reported health information data breaches...
April 10, 2009 8:28 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Database,
DataManagement,
Tools for Auditing and Security(Sorry, I apologize for using an acronym, but I couldn't resist.)
Whenever the subject comes up of logging activity in a database, immediately the complaints of "Too much overhead!" can be heard. Everybody thinks it's a good idea in theory, but from a practical standpoint, it adds a lot of...
December 20, 2008 2:11 AM
Posted by: Arian Eigen Heald
Data Breaches,
Database security,
DataManagement,
Identity theft,
Security,
Tearing My Hair OutFor saying the blindingly obvious:
"Companies and schools should find new ways to authenticate the identities of customers, employees and students that do not involve social security numbers, a U.S. consumer protection agency said on Wednesday as part of recommendations to fight identity...
December 11, 2008 5:27 PM
Posted by: Arian Eigen Heald
Automatic Theft Machines,
DataManagement,
Hardware & InfoSec,
Identity theft,
Security Devices,
Stupid TechnologyDid you know that a store that puts in an ATM for customer use also provides a daily log of transactions to the owner? The log includes the Bank name, last four numbers of the account, the customer name, and the transaction.
So if I do an account balance request, that comes up in the log. ...
November 5, 2008 12:01 AM
Posted by: Arian Eigen Heald
DataCenter,
DataManagement,
SecurityPer my previous post, it seems that there is suddenly a lot of discussion in the security blogosphere about cloud computing and the security (or lack) thereof. Seems a number of people have taken note of Microsoft's entry (Azure) into Data Center business development. A lot of really good questions...
October 30, 2008 3:33 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
DataManagement,
Development,
Microsoft Windows,
Security,
Storage,
VirtualizationI had a co-worker ask me yesterday what my opinion on "cloud computing" is, and whether it should be something they could recommend to clients. He had seen announcements about cloud computing from Microsoft
According to a 2008 paper...
August 21, 2008 3:48 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
Data Breaches,
Database,
Database security,
DataManagement,
Identity theft,
IT audit,
Oracle,
PCI DSS,
SAP,
SAS 70,
Security,
SOX,
SQL ServerDatabases are enormous, powerful repositories of data. They can hold payroll, HR personnel data (think social security numbers) stock prices, Accounts Receivable, Client Relationship Management, and customer information. Banks can't live without them. Most medium and many small sized businesses...
August 19, 2008 1:20 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
Data Breaches,
Database,
Database security,
DataManagement,
Identity theft,
IT audit,
Oracle,
PCI DSS,
SAP,
SAS 70,
Security,
SOX,
SQL ServerSo many financial auditors, CEOs, CFOs and others rely on electronic data to understand the complexities of General Ledger, Accounts Payable, etc. In this era of SAP, ADP, electronic time clocks, etc., the one common denominator is the database underlying each application.
Applications...
August 13, 2008 1:53 AM
Posted by: Arian Eigen Heald
Admins and Auditors,
Data Breaches,
Database,
Database security,
DataManagement,
SecurityThe recent report on the Countrywide data theft got me thinking again about how to monitor insider access to databases.
The story is that the thief had access to the...
