

Centene Corporation looses hard drives that contained PHI!
Centene reported that hard drives located in their data center have been removed and can not be located. Their decision to not encrypt their external drives makes us nervous because they did not account for internal theft or attacks. While storing data in the data center is physically secured from an outside threat, the control does not account for internal threats, meaning monitoring employees that are allowed to access the datacenter. Centene requires an information securit


Cyber Disclosure Act requires Board to have a Cyber expert!
Board experts are very concerned with the Cybersecurity Disclosure Act of 2015 which requires publicly traded organizations to disclose in their investor filings with the SEC whether any member of the Board is a cyber security expert. This is a game changer as the government is aiming to ensure these entities are taking cyber matters seriously. 90 percent of the companies in the world do not have a cyber expert on their Board or even in their workforce. The mandatory reporti


Yellowstone County Jail Improves Physical Controls!
The Yellowstone County Jail invested a few million dollars into improving the physical security of their facility. They upgraded their cameras and door locking mechanisms to be electronic rather than using keys and locks. These improvements will aid to their security program, however, once an entity decides to go “digital”, they must ensure all other aspects of security are above board. For example, moving to an electronic /digital locking mechanism requires firewalls, server


Rochester Medical Center Breach!
New York State attorney general fines Rochester Medical Center for having a non-existent information security training program. An employee of the Medical Center released patient information to her future employer without gaining permission from the patients. Obviously, this is a huge infraction according to the HIPAA Security Rule. Often we mention implementing an information security program into firms, and while security awareness training is a huge part of that program,


Top Security Stories of 2015
Ashley Madison – The Ashley Madison breach impacted politicians, users and many dignitaries as sexual preference information along with names, credit card information and other personal identifiable information were released to the public. Italian surveillance software maker, Hacking Team suffered a major breach that released 400 gb worth of secret information online. Both Dell and Lenovo placed many customers at risk by executing a self signing certificate on all personal co

SUU offers a new Masters degree program!
SUU offers a new Masters degree program! Southern Utah University recently announced a new masters of science in cyber security beginning in the spring of 2016. The program is set for learners who aspire to gain knowledge on information security and for those who are looking to expand upon their current knowledge set. The program will address cyber defense, breach notifications, technical security and many more. I believe this program will yield great results in educating the