Category Archives: Education

Education, Training, and Awareness

ISACA Membership discounts & perks for you

I have found so much value in my ISACA® membership that I wanted to extend a personal invitation to you. ISACA is currently sponsoring a Member Get a Member program, and I believe you would benefit from joining ISACA as I have.

Many professionals join ISACA because of its globally recognized certifications such as the Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™).

With an ISACA membership, you'll have endless access to a global network of free resources and discounts on conferences, webinars, training, certification exam registration fees and prep materials, the industry-leading COBIT® 5 framework and a global professional network of 140,000 professionals.

ISACA membership is an invaluable resource for keeping on top of the IT audit, control, security, cybersecurity, risk, privacy and governance industry. Learn more about ISACA's many benefits.

If you join ISACA today, you will not only get the remainder of 2015 FREE with your paid 2016 membership but if you sign up online before 31 December 2015 and enter my ISACA member ID number 202860 then your new member processing fee will be waived!

Join me and tens of thousands of professionals who are benefiting from ISACA membership. Sign up online today at www.isaca.org/MemberInvitee.

If you have any questions about ISACA, please feel free to reach out to me.

Best regards,

Todd Adam Plesco, CISM, CBCP

Cornell Prescription Pharmacy $125k in HIPAA violations

[from the Office for Civil Rights (OCR) in the US Department of Health and Human Services]

Cornell Prescription Pharmacy (Cornell) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule with the Department of Health and Human Services (HHS), Office for Civil Rights (OCR).  Cornell will pay $125,000 and adopt a corrective action plan to correct deficiencies in its HIPAA compliance program.  Cornell is a small, single-location pharmacy that provides in-store and prescription services to patients in the Denver, Colorado metropolitan area, specializing in compounded medications and services for hospice care agencies in the area.

OCR opened a compliance review and investigation after receiving notification from a local Denver news outlet regarding the disposal of unsecured documents containing the protected health information (PHI) of 1,610 patients in an unlocked, open container on Cornell's premises. The documents were not shredded and contained identifiable information regarding specific patients.  Evidence obtained by OCR during its investigation revealed Cornell's failure to implement any written policies and procedures as required by the HIPAA Privacy Rule.  Cornell also failed to provide training on policies and procedures to its workforce as required by the Privacy Rule.

"Regardless of size, organizations cannot abandon protected health information or dispose of it in dumpsters or other containers that are accessible by the public or other unauthorized persons," said OCR Director Jocelyn Samuels. "Even in our increasingly electronic world, it is critical that policies and procedures be in place for secure disposal of patient information, whether that information is in electronic form or on paper."

In addition to the $125,000 settlement amount, the agreement requires Cornell to develop and implement a comprehensive set of policies and procedures to comply with the Privacy Rule, and develop and provide staff training. 

OCR offers helpful FAQs concerning HIPAA and the disposal of protected health information:  http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/disposalfaqs.pdf

If you believe that a person or organization covered by the Privacy and Security Rules (a "covered entity") violated your health information privacy rights or otherwise violated the Privacy or Security Rules, you may file a complaint with OCR.  For additional information about how to file a complaint, visit OCR's web page on filing complaints at http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html.

Rules for Writers

Originally from William Safire's Rules for Writers 

  1. Parenthetical words however must be enclosed in commas.
  2. It behooves you to avoid archaic expressions.
  3. Avoid archaeic spellings too.
  4. Don't repeat yourself, or say again what you have said before.
  5. Don't use commas, that, are not, necessary.
  6. Do not use hyperbole; not one in a million can do it effectively.
  7. Never use a big word when a diminutive alternative would suffice.
  8. Subject and verb always has to agree.
  9. Placing a comma between subject and predicate, is not correct.
  10. Use youre spell chekker to avoid mispeling and to catch typograhpical errers.
  11. Don't repeat yourself, or say again what you have said before.
  12. Use the apostrophe in it's proper place and omit it when its not needed.
  13. Don't never use no double negatives.
  14. Poofread carefully to see if you any words out.
  15. Hopefully, you will use words correctly, irregardless of how others use them.
  1. Eschew obfuscation.
  2. No sentence fragments.
  3. Don't indulge in sesquipedalian lexicological constructions.
  4. A writer must not shift your point of view.
  5. Don't overuse exclamation marks!!
  6. Place pronouns as close as possible, especially in long sentences, as of 10 or more words, to their antecedents.
  7. Writing carefully, dangling participles must be avoided.
  8. If any word is improper at the end of a sentence, a linking verb is.
  9. Avoid trendy locutions that sound flaky.
  10. Everyone should be careful to use a singular pronoun with singular nouns in their writing.
  11. Always pick on the correct idiom.
  12. The adverb always follows the verb.
  13. Take the bull by the hand and avoid mixing metaphors.
  14. If you reread your work, you can find on rereading a great deal of repetition can be by rereading and editing.
  15. And always be sure to finish what

 Originally published in the June 1986 issue of Writers' digest by Frank L. Visco

  1. Avoid Alliteration. Always.
  2. Prepositions are not words to end sentences with.
  3. Avoid cliches like the plague. (They’re old hat.)
  4. Employ the vernacular.
  5. Eschew ampersands & abbreviations, etc.
  6. Parenthetical remarks (however relevant) are unnecessary.
  7. It is wrong to ever split an infinitive.
  8. Contractions aren’t necessary.
  9. Foreign words and phrases are not apropos.
  10. One should never generalize.
  11. Eliminate quotations. As Ralph Waldo Emerson once said, “I hate quotations. Tell me what you know.”
  1. Comparisons are as bad as cliches.
  2. Don’t be redundant; don’t use more words than necessary; it’s highly superfluous.
  3. Profanity sucks.
  4. Be more or less specific.
  5. Understatement is always best.
  6. Exaggeration is a billion times worse than understatement.
  7. One word sentences? Eliminate.
  8. Analogies in writing are like feathers on a snake.
  9. The passive voice is to be avoided.
  10. Go around the barn at high noon to avoid colloquialisms.
  11. Even if a mixed metaphor sings, it should be derailed.
  12. Who needs rhetorical questions?

$1M for FBI’s Most Wanted Cyber Fugitive Nicolae Popescu

FBI is offering a $1 Million reward for Romanian cybercriminals Nicolae Popescu and Dumitru Daniel Bosogioiu who were originally charged in a criminal complaint with 11 other defendants for their participation in a cyber fraud conspiracy which targeted U.S.-based websites such as Cars.com and AutoTrader.com  RewardThe defendants allegedly pretended to sell cars from nonexistent auto dealerships in the United States and created phony websites for these fictitious dealerships. As part of the scheme, the defendants produced and used high-quality fake passports to be used as identification by co-conspirators in the United States to open American bank accounts. After the “sellers” reached an agreement with the victim buyers, they would often email them invoices purporting to be from Amazon Payments, PayPal, or other online payment services, with instructions to transfer the money to the American bank accounts used by the defendants. The defendants and their co-conspirators allegedly used counterfeit service marks in designing the invoices so that they would appear identical to communications from legitimate payment services. The illicit proceeds were then withdrawn from the U.S. bank accounts and sent to the defendants in Europe by wire transfer and other methods.
*The charges in the complaint and the indictment are merely allegations, and the defendants are presumed innocent unless and until proven guilty.

Cyber Security Tips for College Computer & Mobile Device users

Cyber Tips for College

(from staysafeonline.org)

When you’re in college, your computer and mobile devices are primary tools in your educational and social life. Students use the Internet for homework, research, social networking, online shopping and other activities.

The Internet is an amazing tool, but must be used safely and securely.

When you log on to a college campus network (or any network), what you do online could impact not only your computer, but other students and the network as well. By combining up-to-date security tools with good judgment, you and your college community are much less likely to encounter a security violation, loss of data, or system problems.

The first step is STOP. THINK. CONNECT. 

Keep a Clean Machine

  • Keep security software current: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
  • Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.
  • Protect all devices that connect to the Internet: Along with computers, smart phones, gaming systems, and other web-enabled devices also need protection from viruses and malware.
  • Plug & scan: “USBs” and other external devices can be infected by viruses and malware. Use your security software to scan them.
Protect Your Personal Information

  • Secure your accounts: Ask for protection beyond passwords. Many account providers now offer additional ways for you verify who you are before you conduct business on that site.
  • Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.
  • Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals.
  • Write it down and keep it safe: Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer.
  • Own your online presence: When available, set the privacy and security settings on websites to your comfort level for information sharing. It’s ok to limit who you share information with.
Connect With Care

  • When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or if appropriate, mark as junk email.
  • Get savvy about Wi-Fi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.
  • Protect your $$: When banking and shopping, check to be sure the sites is security enabled. Look for web addresses with “https://” or “shttp://”, which means the site takes extra measures to help secure your information. “Http://” is not secure.
Be Web Wise

  • Stay current. Keep pace with new ways to stay safe online: Check trusted websites for the latest information, and share with friends, family, and colleagues and encourage them to be web wise.
  • Think before you act: Be wary of communications that implores you to act immediately, offers something that sounds too good to be true, or asks for personal information.
  • Back it up: Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely.
Be a Good Online Citizen

  • Safer for me more secure for all: What you do online has the potential to affect everyone – at home, at work and around the world. Practicing good online habits benefits the global digital community.
  • Post only about others as you have them post about you.
  • Help the authorities fight cyber crime: Report stolen finances or identities and other cybercrime to the Internet Crime Complaint Center and to your local law enforcement, state attorney general and campus police as appropriate.