Category Archives for "Blog"

Blog articles about the latest technology, threats, attack techniques, and vulnerabilities.

Prediction by the Numbers

Probability and uncertainty are inherent parts of risk. Our understanding of these concepts and our ability to use them to calculate risk can have a direct impact on the quality of our decisions and our ability to manage risk.

The Nova episode Prediction by the Numbers provides a look at the past, present, and future of predictive modeling and some of its limitations.

Please follow and like us:

Info Risk Recommended Reading List

The discipline of Information Risk Analysis combines practice and theory from three primary areas: Information Security, Data Science, and Decision Science.  As such, a effective Information Risk Analysts should be well studied and versed with these concepts. Here is a short list of books/resources that we have on our bookshelf, and believe should be required reading for any Info Risk professional. 

  • August 30, 2018
  • Blog

Black Sky Hazards – The Risk That We Aren’t Ready For

Last fall HealthGuard's CEO traveled to our nation's capital to attend the Healthcare Sector Coordinating Council meeting. The meeting was two days of presentations by industry experts and leaders from both the private sector and government agencies. It included a series of table-top exercises that dealt with a number of issues/disasters, including scenarios that led to major disruptions to regional energy and transportation sectors. 

Inside the Numbers – 11/1/17

This is a first installment of a new piece of content we are calling Inside the Numbers. It will provide an interesting look at some of the facts and figures we uncover while we are performing research and risk analysis for clients. We hope you find it as interesting and maybe even useful. Enjoy! - Apps Garcia

As the data shows, April is the most common month for HIPAA fines to be issued according to the OCR reports to date.

In comparison to HIPAA fines and OCR audits, the ghosts and goblins look pretty friendly. Maybe October isn’t quite that scary after all.

Please follow and like us:

  • November 1, 2017
  • Blog

What is Your Domain Worth?

Let me ask you a simple question: what is your website worth to your organization? I’ll assume that your answer is: a great deal. So here’s my second question: what are you doing to protect it? And I am not talking about protecting it from usual defacement from hackers or infestation with viruses/malware. I am talking about having someone take control of your the domain name associated with your website, thus having complete control of all of the traffic going to your domain (including web, email, etc).

  • April 28, 2017
  • Blog

Healthcare is Facing a New Threat

IoT Devices Getting Bricked

A recent report from Bleeping Computers indicates there is a new strain of malware that is targeting unsecured devices that are part of the Internet of Things (IoT). The malware, called BrickBot, is targeting devices that run the BusyBox Linux embedded operating system. To accomplish its mission, BrickBot utilizes a brute force attack against open Telnet ports and then erases the operating system (a process also known as “bricking”).

  • April 12, 2017
  • Blog

Managing The Risk of Change

Imagine how much easier our lives and jobs would be if the world stood still for a little while. If we could push pause, and make our organizations and the related IT networks and systems stay the same, no new regulations, acquisitions, vulnerabilities, or threats. If only we could just keep things the same so we could catch our breath for a few moments and fix some of the things that are already on our to-do list. Unfortunately, this pause button doesn’t exist yet and we are forced to live with the old adage: the only constant is change.

  • March 31, 2017
  • Blog

Prioritizing Your Issues

In today’s world, IT and security leaders are faced with an ever changing and growing list of issues and projects that need their time and attention. In these fields, we are faced with an ever growing list of issues that need attention: audit findings, security assessments, vulnerability scans, threat intelligence feeds, etc. There is an endless supply of problems that all seem to need immediate attention. Because of this, the one question we consistently hear from clients is: how do we prioritize our work?

  • March 24, 2017
  • Blog
1 2 3 11