Archive

By Page:

• Home
• Blog
• Publications
• Research
• Learning
  • Intrusion Detection Systems: Learning with Snort
    • Installing Snort on Linux
    • Creating a Linux Virtual Machine
    • Getting and Installing Tools
    • Installing Snort on Windows
    • Configuring Snort
    • Getting and Installing Necessary Tools
    • Generating Alerts
    • Retrieving Source Files
    • Installing a Syslog Server
    • Installing Tools from Source
    • Setting up MySQL
    • Configuring Snort on Linux
    • Compiling Shared Object Rules
    • Setting up Barnyard2
    • Generating Alerts on Linux
    • Prerequisites to Installing BASE
    • Installing BASE
    • Graphing in BASE
• About
  • Privacy Policy
  • Stephen Gantz
• Contact
• Archive

By Month:

• January 2023
• December 2020
• April 2017
• February 2017
• December 2016
• October 2016
• August 2016
• July 2016
• May 2016
• April 2016
• November 2015
• October 2015
• September 2015
• August 2015
• July 2015
• May 2015
• April 2015
• March 2015
• February 2015
• January 2015
• December 2014
• November 2014
• April 2014
• October 2013
• May 2013
• March 2013
• February 2013
• January 2013
• January 2012
• December 2011
• September 2011
• August 2011
• May 2011
• March 2011
• January 2011
• November 2010
• October 2010
• September 2010
• August 2010
• July 2010
• June 2010
• May 2010
• April 2010
• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• August 2009
• July 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009

By Category:

• Architecture
• Cloud Computing
• Critical Infrastructure
• Cybersecurity
• Data Breach
• ECPA
• Europe
• Featured
• FERPA
• FISMA
• Fraud
• Governance
• Health IT
• HIPAA
• HITECH
• Identity Management
• Infosec
• Integrity
• Legal
• Management
• NwHIN
• Policy
• Privacy
• Risk Management
• Training
• Trust
• Uncategorized
• Vendors

By Post:

• After 11 years, FedRAMP is now the law
• SolarWinds compromise focuses new attention on trust in vendor supply chain
• Repeal of planned FCC privacy rules leave ISPs largely unregulated
• Tax season means it’s time to watch out for W-2 scams
• European Court of Justice rules against UK on data retention
• After Yahoo! breach, can users do anything to protect their online data?
• Delta and other air carriers show how not to do disaster recovery
• It’s hardly treason, but Trump’s call for Russian hacking still encourages illegal actions
• FedRAMP not delivering on promise of standard authorization
• FDIC data breaches indicate systemic failures in security management and monitoring
• Epic Mossack Fonseca breach tied to basic patch management failures
• MedStar attack apparently enabled by unpatched software
• OPM (finally) notifies people affected by breach
• What’s the harm in inaccurate personal information?
• Hopes for better privacy protection in CISA depend on conference committee reconciliation
• European Court ruling invalidates Safe Harbor
• T-Mobile customers suffer breach because company relied on Experian
• Retiring an email server with sensitive data on it? Learn some lessons from Clinton
• Want to reduce unauthorized login attempts? Use Google Authenticator
• It’s (past) time for two-factor authentication
• 4th Circuit rules that obtaining cell site location data requires a warrant
• Threat of phishing attacks shows no signs of diminishing
• WordPress security essentials
• No upside to OPM data breaches
• Subpoena? Court order? Search warrant? How the government can get your data
• 11th Circuit court says no warrant needed for cell site location data
• Lawsuit for improper access to medical records faces many challenges
• Cyber insurance transfers risk but doesn’t replace due care
• Installing Snort on Windows
• Is Clinton’s use of a private email server a big deal or not?
• Feds seek centralized threat analysis with CTIIC
• Anthem breach enabled by compromising administrator credentials
• VMware exec Tony Scott named new Federal CIO
• HealthCare.gov shares consumer data with lots of third parties
• Changes coming for federal infosec managers
• Newly arriving from DHS: binding operational directives
• FISMA 2014 codifies many current federal security practices
• Three years in, FedRAMP offers 3 paths to compliance
• NIST updates security control assessment procedures
• Update to FISMA signed into law
• Home Depot breach shows vulnerability of external vendors
• Operational security lessons from the Target breach
• Microsoft Azure Cloud receives FedRAMP provisional authorization
• Two Amazon Web Services environments attain FedRAMP compliance
• NIST releases 800-53 revision 4
• Tracking source of South Korean cyber attack illustrates challenges for U.S.
• Weaknesses in Census Bureau security symptomatic of poor information security program
• Executive action on critical infrastructure protection renews debate on privacy and information sharing
• First cloud service provider authorized under FedRAMP
• Supreme Court rules unanimously that GPS tracking of suspects requires a warrant
• OMB outlines approach for cloud computing security
• TRICARE data breach shows (again) why encryption of removable media is essential
• Supreme Court will hear case on GPS tracking, warrants, and the 4th Amendment
• VA decision to allow iPad use without FIPS certification provides good example of risk-based decsion making
• HIPAA “access report” potentially much simpler to implement, more valuable than accounting of disclosures
• HHS releases new draft accounting of disclosure rules
• Proposed amendments to ECPA would restrict disclosure of geolocation data
• Privacy and Security Tiger Team recommends federal PKI cross-certification for all NwHIN participants
• Canadian court finds privacy protections apply to personal data stored on employer-owned computer
• Supreme Court ruling on contractor background checks includes internal debate on privacy rights
• Mistaken assumptions about authorized users constrains the trustworthiness of information systems
• More lessons to be learned from WikiLeaks on information sharing, access control, and trust
• Healthcare entities leary of new government policy extending beyond HIPAA
• Consider risks, business impact when making tradeoffs between security and productivity
• Using cellphone GPS tracking, family helps police catch man who robbed them
• VA over-disclosure of EHR data highlights difficulty in managing fine-grained consent
• Trust enables, but is not required for, both cooperation and collaboration
• Decisions to trust others are both personal and subjective
• When does technical competence trump historical performance
• Illustrating different applications of the concept of trust
• Rewarding processing speed at the expense of accuracy is a failure of risk managment
• Evaluating technical tools and services as an exercise in trust
• Lots of health data breaches reported to HHS, only trivial ones to FTC
• Rules still pending on privacy and security requirements for PHRs
• NCHICA offers recommendations to health care providers on security and meaningful use
• Six weeks away from Cyberscope deadline, many agencies remain unclear on requirements
• Anakam aquisition creates potential for online ID proofing and authentication
• Conflicting rulings leave open debate on privacy protections for social network data
• Supreme Court to hear corporate challenge to FOIA based on “personal” privacy
• Identity theft from hospital records violates more than HIPAA
• Health data privacy remains a key factor in slower U.S. adoption of EHRs
• Questions to consider about GPS data, location tracking, and privacy expectations
• Can GPS be used to track your movements, without a warrant? That depends…
• Trustworthy organizations do what they should even in the absence of legal enforcement
• ACLU mounts legal challenge to border searches of electronic devices
• Practical challenges to worthwhile intentions for training more security professionals
• Congressionally legislated privacy may not consider benefits of information sharing
• Major cloud computing privacy legal issues remain unresolved
• Proposed SEC rule on asset-backed securities calls for troubling amount of personal information disclosure
• Seattle public schools extend off-campus speech policies to online activity
• Court rules that continuous GPS monitoring infringes on reasonable expectations of privacy
• The right to sue remains an important element of contract-based governance models
• Despite emphasis on risk analysis, health IT security won’t change much under meaningful use
• Public trust in health IT as a case study in system trust
• Airline use of personal data on passengers likely not constrained by Privacy Act
• HHS withdraws final health data breach notification rule for revision
• Google Apps for Government receives federal authorization to operate from GSA
• Health IT policy intensifies focus on consent
• Significant work remains to produce standards and rules on accounting of disclosures for PHI
• Wisconsin court ruling addresses a different aspect of privacy and personal e-mails