The Regs


HHS fires wave motion gun: creeps closer to meaningful use

HHS fires wave motion gun: creeps closer to meaningful use

(If you don’t get the reference, subtract 50 geek points). So, if you haven’t heard the news, HHS (finally) submitted their proposed final rule for meaningful use to the OMB last week.  Of course, everyone is very excited (oooo…. shiny new rules) and very nervous (Oh noes!  New rulz!11!!) about  the changes. Of course, those of us with a security bent are particularly keen on...

Read More

Some mixed reactions about FFIEC authentication guidance

Last month, if you remember, the FFIEC put out their 2005 authentication guidance. We harshed on it here, saying that we didn’t think that there was much of a difference between the 2001 guidance and the 2005 guidance. We’ve received some mixed feedback to that commentary from folks in FS (folks that I’ve worked with in previous lives)… As of now, I’ve spoken to...

Read More

Musings on DITSCAP, FIPS, and the TCSEC

I came across this article this morning. For those of you who don’t feel like reading it, basically it says that RedHat and SE (Security Enhanced) Linux are going through common criteria certification so that it can be used in the US government. Good news, right? On the surface, it would seem so – but I think it points out a problem inherent in the process. First of all,...

Read More

Useful Information About SOX

A must read article about compliance with plenty of useful and intelligent commentary from Diana.

Read More

Guidelines for eBanking Security

The Electronic Banking Group of the Basel Committee on Banking Supervision, a consortium of banks from the US, Europe, and Asia, has released two new/finalized documents, “Risk Management Principles for Electronic Banking” and “Management and supervision of cross-border electronic banking activities.” The documents are offered as guidance rather than ‘hard and...

Read More

Sarbanes-Oxley Balancing Act">Sarbanes-Oxley Balancing Act

An eweek article that takes a look at what Sarbanes-Oxley meanrs to companies. “Of particular interest is Section 404 of Sarbanes-Oxley, which requires companies to perform a self-assessment of risks for business processes that affect financial reporting.” The take away here is that though there are companies that help provide tools that faciliate reporting for compliance, the...

Read More