RiskIT Logo

Issue 44                                             Thursday, October 6, 2011 

 

The Twenty Controls That Aren't

 

 

My attention was drawn recently to an ISC Diary "guest post" by Dr. Eric Cole (What are the 20 Critical Controls?) pointing to the SANS 20 Critical Security Conttrols - Version 3.0, which was recently released in August.

In the ISC Diary post, Cole talks about using these controls for "quick wins" and in the controls list itself SANS says, "These controls allow those responsible for compliance and those responsible for security to agree, for the first time, on what needs to be done to make systems safer."

 

To read this article in its entirety, please click:

The Twenty Controls That Aren't

Contractor Tackles Patient Consent Issue

 

Project is Part of Effort to Boost Health Information Exchange

 

Federal authorities have hired a contractor to design, develop and test ways to electronically obtain and record patients' consent to exchange their information. The effort comes as regional and statewide health information exchanges ramp up their efforts to share electronic health records among providers.

 

  

To read this article in its entirety, please click:

Contractor Tackles Patient Consent Issue

 

 

Continuous Monitoring Guidance Issued

 

 

NIST Also Revises SCAP Special Report

 

NIST made public Monday its guidance on how best to employ continuous monitoring to assure the security of information and information systems.

 

Special Publication 800-137, Information Security Continuous Monitoring dor Federal Information Systems and Organizations defines an information security  continuous monitoring strategy and establishing an information security continuous monitoring program.

  

To read this article in its entirety, please click:  

Continuous Monitoring Guidance Issued

    

Cloud CIO: What 'Consumerization of IT' Really Means to CIOs

 

The consumerization of IT isn't just about employees using consumer devices and apps at work. It's about consumers becoming the primary users of internal IT applications, and it has serious ramifications for how CIOs operate and scale their IT infrastructures.

To read this article in its entirety, please click: 

 Cloud CIO: What Consumerization of IT Really Means to CIOs

 

In-House or a Service Provider for Disaster Recovery/Business Continuity?
  

While there is no denying the importance of disaster recovery/business continuity (DR/BC) planning for any enterprise that wants to minimize the impact of unplanned disruptions, it is also a given that there is no one right way to achieve an effective DR/BC strategy.

 

  

To read this article in its entirety, please click:

 

 
RiskIT Logo 
is an email publication provided by

 

Eminere Group Logo 

 

Disaster Recovery Journal

 

 

 

ISACA Logo

 

 

 

 HIMSS Logo

 

 

More Useful Links...
  
  
  
  
  
  
  
  
  
Join Our Mailing List