The Security Blog» Ariel Silverstone| Intelligent Business Security

Thoughts on Intel’s “Global Digital Infrastructure Policy” document

On July 16, 2010, Intel released a thought and policy document titled "Global Digital Infrastructure Policy". In this document, Intel shared with the readers what it has been doing regarding driving elements of security into the global infrastructure (as they termed, GDI); what they are doing with regards to working with certain governmental [...]

Proposed Changes to HIPAA / HITECH, Part I

On July 8, 2010, the Office of Civil Rights (OCR) of the Department of Health and Human Services (HHS) issued its long awaited (and for some, dreaded) proposed changes to HIPAA. While several of the changes are merely ‘procedural’, I find that there are significant changes to certain sections – with some loopholes closed. I [...]

The Needed Rebirth of Security

A Brief History of Internet-Time When we look at our (over-)connected life today, it is hard to remember that only ten years ago, some of us had no Internet. When we look at legislative efforts, such as the EU, Finland, or Frances, to declare 'access to the Internet' or 'access to high-speed data' to be [...]

Clearing the Cloud Part III || How Do You Solve A Problem Like “A Cloud”? || Cloud Computing Security

This entry is part of a wonderful series, Clearing the cloud» In the first in this series of "Clearing the Cloud" columns, I explored the dangers of jumping too soon into Cloud Computing. In the second in the series, I defined relevant risks that we must consider when implementing Cloud Computing and promised to show [...]

Clearing the Cloud Part II |A Ray of Sunshine On A Cloudy Day || Cloud Computing Security

This entry is part of a wonderful series, Clearing the cloud» In the first in this series of "Clearing the Cloud" columns, I explored the dangers of jumping too soon into cloud computing. In this article, the second in the series, I continue my vision on how to manage and secure cloud-computing solutions. Clearing the Cloud [...]

201 CMR 17:00 A New Dawn

Back in early September, I shared with my readers that I sent a letter (you can see it here) to the Massachusetts Office of Consumer Affairs and Business Relations, OCABR, with suggestions to improve 201 CMR 17:00. On Friday, October 30th, 2009, I have received a letter from the OCABR informing me of the new [...]

The Security Berry-meter | Security and The Blackberry

Blackberry Security Flak upon flak, hay upon hay, has been dumped on the Blackberry, and its maker, RIM, since the announcement, few days ago, of availability of >a code allowing someone to turn the berry into a microphone. This is not an indictment against RIM, conversely – it is a triumph. Unlike other [...]

Evolution of Defense in Depth

בע"ה Evolution of Defense in Depth As security professionals will tell you, one of the basic principles of a good security program is the concept of Defense in Depth. Defense in Depth is arguably the most time-tested principle in Security, and applies to physical security, as well as information security. Defense in Depth builds on [...]

Comments on 201 CMR 17:00

Readers of my blog know that I was a big supporter of Massachusetts Breach Notification proposed law, 201 CMR 17:00. You may also have known that I authored an article, together with Ken Mortensen, esquire, about the rule, at CSO Magazine. You can see the article at "201 CMR 17: A New Tea Party!" At the [...]

How to Create a Privacy Policy | Part 5

This entry is part of a wonderful series, How to create a Privacy policy» Hello and thank you for reading this final installment in the How to Create a Privacy Policy series of mine. Here is what we accomplished so far: Sample Privacy Policy Purpose: To define privacy expectations of visitors to the [...]