HHS fires wave motion gun: creeps closer to meaningful use
(If you don’t get the reference, subtract 50 geek points). So, if you haven’t heard the news, HHS (finally) submitted their proposed final rule for meaningful use to the OMB last week. Of course, everyone is very excited (oooo…. shiny new rules) and very nervous (Oh noes! New rulz!11!!) about the changes. Of course, those of us with a security bent are particularly keen on...
Read MoreSome mixed reactions about FFIEC authentication guidance
Last month, if you remember, the FFIEC put out their 2005 authentication guidance. We harshed on it here, saying that we didn’t think that there was much of a difference between the 2001 guidance and the 2005 guidance. We’ve received some mixed feedback to that commentary from folks in FS (folks that I’ve worked with in previous lives)… As of now, I’ve spoken to...
Read MoreMusings on DITSCAP, FIPS, and the TCSEC
I came across this article this morning. For those of you who don’t feel like reading it, basically it says that RedHat and SE (Security Enhanced) Linux are going through common criteria certification so that it can be used in the US government. Good news, right? On the surface, it would seem so – but I think it points out a problem inherent in the process. First of all,...
Read MoreUseful Information About SOX
A must read article about compliance with plenty of useful and intelligent commentary from Diana.
Read MoreGuidelines for eBanking Security
The Electronic Banking Group of the Basel Committee on Banking Supervision, a consortium of banks from the US, Europe, and Asia, has released two new/finalized documents, “Risk Management Principles for Electronic Banking” and “Management and supervision of cross-border electronic banking activities.” The documents are offered as guidance rather than ‘hard and...
Read MoreSarbanes-Oxley Balancing Act">Sarbanes-Oxley Balancing Act
An eweek article that takes a look at what Sarbanes-Oxley meanrs to companies. “Of particular interest is Section 404 of Sarbanes-Oxley, which requires companies to perform a self-assessment of risks for business processes that affect financial reporting.” The take away here is that though there are companies that help provide tools that faciliate reporting for compliance, the...
Read MoreFriday September 10, 2010
Diana Kelley's profile