Assured SPC

Assured SPC Blogs

Latest from Assured SPC

Incremental or Agile Cybersecurity Description: Organizations struggle with many cybersecurity issues. These issues include managing information security risk, changing threats and the cost of safeguards. An effective solution is to approach cybersecurity as a step-by-step journey. Barry Weber, vCISO and Privacy Practice Leader for Assured SPC, presented a view of how to improve cybersecurity without boiling the ocean in the webinar hosted by Secure the Village in March 2021. Speaker: Barry Weber, ITIL, CISM is…
Overview Many privacy laws require that organizations implement “reasonable security”.  There have been many definitions of reasonable security.  The Sedona Conference issued a final commentary on reasonable security for personal information on February 17, 2021.  This definition is likely to be accepted by courts and other adjudicators across the US.  It is based on a cost-benefit analysis of safeguards implemented by an organization at the time of a data breach. The intended audience for this…
Announcing a Secure The Village Webinar on Cybersecurity (without boiling the ocean) Date and Time: March 11, 2021 (10-11am PT) Description: Organizations struggle with many cybersecurity issues demanding attention, time and money. These issues include managing information security risk, the ever-changing landscape of threats and the cost of safeguards. An effective solution is to approach cybersecurity as a step-by-step journey rather than a destination. Barry Weber, vCISO and Privacy Practice Leader for Assured SPC, will present…
Minimizing privacy requirements is good for business At Assured SPC, we help businesses satisfy regulatory and third-party requirements for information security and consumer/resident privacy.  Whenever possible, we provide guidance on how to avoid and minimize cost and impact of privacy compliance requirements.  There is an answer Businesses have a right to minimize the ongoing effort and cost of privacy compliance. And there is one foundational method to do this.  The answer is in data minimization.…
Learnings from the Solarwinds Orion cybersecurity attack  Some details on the Solarwinds attack are coming out.  Full details on the attack may not be fully understood for months. But we know it has been significant. I participated in an insightful webinar conducted by #cyberereason yesterday. There was a conclusion that I’ve been thinking about since. Normal indicators of compromise that shared by threat intelligence participants not useful for this attack. The conclusion was that for…
Top 5 CCPA Privacy Do’s (and Don’ts) There is a lot of talk about legal privacy requirements, the steps to implement a privacy program and technology that can assist.  Here is a list of what we consider the Top 5 Privacy must do’s or don’ts. 1. Get rid of personal information that does not have a business purpose The most important and least costly thing that a business can do to comply with privacy regulations…
Data breaches and the 30 day cure The California Consumer Privacy Act provides a business a 30-day cure period that consumers must give the business before suing for statutory damages. I’ve had many discussions with other security professionals about how long it takes to implement security safeguards (typically longer than 30 days) and whether implementing a safeguard after a breach could be considered a cure for a data breach at all.   There are a couple…
Reasonable Security in the Law Many laws require that businesses implement “reasonable security” practices and procedures or reasonable security safeguards.   Some of these include GLBA, HIPAA, CCPA and the NY SHIELD Act.  To many the definition of reasonable security is elusive and ambiguous. I speak with many attorneys that focus on privacy and data security. Whenever I meet a new one, I ask for their definition of “reasonable security”. There is a definition based on…
The President and HIPAA There has been a huge trend over the last couple of days on Google and, I presume, other search engines for ‘Does HIPAA apply to the President?’ The short answer is YES. The Long Answer HIPAA affords all patients the same rights and protections, including Presidents. The HIPAA Privacy Rule ‘…establishes national standards to protect individuals’ medical records and other personal health information…’ The Privacy Rule sets limits and conditions…
Comparison of GDPR, CCPA, CPRA and PEPIDA Comparing privacy laws can be challenging Some US companies need to comply with GDPR.   Others need to comply with the California Consumer Privacy Act, CCPA. If the California CPRA ballot initiative passes in November, US businesses that needed to comply with CCPA may need to remap their personal information (PI) to identify the locations of the newly defined Sensitive Information and to address new requirements for managing Service…