The Tech Blog
Technology That Fits Your Business

Your source for the latest in IT Security, Support and Solutions.

Legislative gridlock and wrangling is nothing new, but one of the projects currently caught in a tug-of-war between Congress and the Executive Branch is an initiative known as the National Strategy for Trusted Identities in Cyberspace (NSTIC).  Funding in excess of $24 million, originally intended to help the National Institute of Standards and Technology (NIST) create an online system of trusted credentials to aid in the authentication of online identies during web transacations, is now in doubt. 

NIST, the National Institute of Standards and Technology, is currently revising its guidelines for how computer security incidents are handled in both the business and government sectors.  The original guide was published in March of 2008 and was classed as Special Publication 800-61.  At the time of its publication, the threat environment was very different from the one businesses must confront today.  Then, attacks tended to be short and much easier to detect.

Businesses that use information technology to deal with customers in any way should become aware of the major provisions in the Consumer Privacy Bill of Rights, issued by the White House on 23 February.  The goal of the document is to provide better protection for consumers as well as offer businesses clear guidance in this area.

The federal government's HIPAA notification requirements insist that certain kinds of security breaches be reported. To date, almost 400 such breaches have been documented under the requirements, and nearly 20 million Americans have learned that their personal data may have been compromised. Obviously, this is beneficial neither to the individuals nor to the businesses involved. However, what can be done to prevent such breaches in the future.

The rise of SaaS, or software as a service, has meant that businesses no longer have to store rarely used data on site.  Instead, they can offshore it to the cloud, thereby freeing up valuable infrastructure resources on the premises for data that is accessed far more frequently.  Security experts, however, recommend that companies carefully analyze businesses offering managed services before they offshore certain kinds of data to the cloud. 

In most organizations, keeping business computer systems and infrastructure secure from intrusions and hacking is one of the most critical functions performed by IT staff.  Now, new information emerging from the Government Accountability Office is indicating that the Department of Homeland Security could do far more to help with this task. 

The House Subcommittee devoted to cybersecurity and infrastructure protection is holding hearings this week regarding the founding of a National Information Sharing Organization to be run as a not-for-profit agency that will help to distribute information about online threats.  Such information would be shared not only with the various levels of government but also with business entities across the nation. 

No business wants to find itself the subject of a class action lawsuit, but a growing number of organizations are finding themselves in that unwelcome position because of alleged breaches of confidential information.  Such breaches sometimes occur as a result of carelessness on the part of employees transporting physical repositories of data such as laptops or portable hard drives, but the majority of them are electronic breaches that happen when security measures fail to keep out a malicious attack launched through cyberspace.

One benefit of a managed program model for IT services is the fact that businesses using this approach to IT services have access to expert advice about improving its systems when needed.  In-house IT personnel usually have many diverse responsibilities in small and medium sized businesses, and in many cases, IT personnel actually wear several hats and perform double or even triple job functions. This often leaves them very limited time to see to changes in IT needs.  Frequently they do not have time to spare to stay current with developing cyber security needs and legislation emanating from national and state governments. 

The Office for Civil Rights, a division of the federal government's Department of Health and Human Services, has released more information about the HIPAA audit program designed to assess compliance with the HITECH Act.  This act mandates regular reviews of health care organizations and businesses to ascertain to what degree they are meeting the demands of HIPAA, which refers to the Health Insurance Portability and Accountability Act.