RiskIT Logo

Issue 35                                                     Friday, August 5, 2011 


NIST Guidance: More Emphasis on Privacy



With the expected arrival of NIST's fourth revision to Special Publication 800-53 in December, more privacy controls will be included to the security control guidance, establishing a stronger relationship between privacy and security.

It's happening now because of the "explosion" of information technology, says Ron Ross, the Mational Institute of Standards and Technology's senior computer scientist.

To read this article in its entirety, please click:

NIST Guidance: More Emphasis on Privacy



Using Trust Maps to Manage Critical Systems


What is a Trust Map?


For about a year now we have been getting questions from folks about basic trust maps, when they are and how they are used.


After answering several times person to person, we thought it might be time for a simple blog post to refer folks to.


The purpose of a trust map is to graphically demonstrate trust between components of your organization or business process. It is a graphic map of how authentication occurs, what systems share accounts and what systems trust what other systems in an environment.



To read this article in its entirety, please click:

Using Trust Maps to Manage Critical Systems



EHR Access Report Objections Pour In


Federal quthorities have received more than 275 comments on a proposed Accounting of Disclosure Rule, including many complaints that its patient recirs access report provision is impractical. The provision would require healthcare organizations to provide patients, upon request, with a complete list of everyone who has electronically viewed their information


To read this article in its entirety, please click: 


Getting Your Business Back: Pulling Together Business Continuity, Crisis Management and Disaster Recovery



I have talked to many organizations about their recovery programs, and an observation that I have made that seems to be a common thread is that the responsibility for recovery seems to lie in several different (and often uncoordinated) department. It begs the question, who is responsible for business recovery within a company? I've seen the Business Continuity group report to the CFO, the Risk Officer, the COO and the IT department. But structure and reporting does not equal recovery.

To read this article in its entirety, please click: 

 Getting Your Business Back...


Native Auditing In Modern Relational Database Management

Traditionally, Relational Database Management Systems (RDBMS) ship with auditing tool that allows database administrators to monitor the database from a security perspective.


Information provided includes what events occur (logon/logoff), what database objectives are being accessed, what data is queried, etc.


The most common reason for using auditing is to determine when a database user executes some sort of SQL. The SQL statement is logged by the auditing subsystem in the form of a clear text log file, xml file, binary file, audit table(s) or remote system log.



To read this article in its entirety, please click:


RiskIT Logo 
is an email publication provided by


Eminere Group Logo 


Disaster Recovery Journal











More Useful Links...
Join Our Mailing List