Think instead about who can deny a single individual access to information, while providing access to 190 other people. Who is entitled to access information in your company? What controls are in place to make sure that people who shouldn’t have access don’t get access? Access Compliance (General) Controls Culture Duty Governance Government Internal controls Policy Third parties Uncategorized

Healthcare Case Study: Identity and Access Management

Data Breach Today

How can a large healthcare delivery system efficiently handle identity and access management for thousands of clinicians and other users of patient data? Robert Siebenthaler of PeaceHealth explains how his organization, which operates 10 medical centers, has developed a fine-tuned, role-based approach



Isn’t it good that airlines are competing based on providing better access to your information? “Firms Push Better In-Flight Web Access,” The Wall Street Journal , February 26, 2018 B4. But it’s a good thing to have better access to information when you are in the air, right? Access Information ValueCompetition is a good thing. Airlines and satellite providers team up to give passengers faster in-flight web service.

Hard-Coded Credentials Found in ID, Access Control Software

Data Breach Today

Researchers Say Other Flaws Also Remain Unpatched Researchers from Tenable Security claim they have found what is essentially a skeleton key for an ID and access control system that could open the doors for anyone, plus other less severe but nonetheless zero-day vulnerabilities

Access 172

HIPAA Case: Hospital Fined for Ex-Employee's Access to PHI

Data Breach Today

Enforcement Action is the Third in Recent Weeks, Eighth This Year In its third enforcement action in recent weeks, federal regulators have hit a Colorado medical center with a HIPAA fine in a case involving failure to terminate a former employee's remote access to patient data.

Access 172

Evaluating the GCHQ Exceptional Access Proposal

Schneier on Security

The basic problem is that a backdoor is a technical capability -- a vulnerability -- that is available to anyone who knows about it and has access to it. Surrounding that vulnerability is a procedural system that tries to limit access to that capability.

Access 113

Why Do Data Brokers Access the Australian Electoral Roll?

Data Breach Today

Restricted Data Access Required by Anti-Money Laundering and Anti-Terrorism Laws Massive data brokers - Equifax, Experian, Illion and others - are leveraging Australia's electoral roll, which is a tightly held and valuable batch of data. While this little-known practice might sound alarming, in fact it's required under Australia's anti-money laundering and anti-terrorism rules

Access 133

FBI: Encryption Blocked Access to 7,800 Devices

Data Breach Today

Director Calls For 'Responsible' Solution That's Not a Backdoor FBI Director Christopher Wray says the agency was unable to access nearly 7,800 devices in fiscal 2017 because of encryption, which he alleges will pose ever-increasing complications for law enforcement.

Ubuntu snapd flaw allows getting root access to the system.

Security Affairs

Security researcher Chris Moberly discovered a vulnerability in the REST API for Canonical’s snapd daemon that could allow attackers to gain root access on Linux machines. Any local user could exploit this vulnerability to obtain immediate root access to the system.”

Access 107

The 4 Pitfalls of Privileged Access Management

Data Breach Today

Bomgar's Sam Elliott on Overlooked Areas of Security Overlooked areas of security and defense include four pitfalls of privileged access management, says Sam Elliott of Bomgar, who offers insights on taking the right steps

Access 140

Why Is Providing Patients Access to Records So Challenging?

Data Breach Today

Access 148

Report: Remote Access Is No. 1 Healthcare Tech Hazard

Data Breach Today

ECRI Institute Calls Attention to Cyber Risks for Second Consecutive Year Hackers remotely accessing medical devices and systems - potentially disrupting care and putting patients at risk - is the No.

Access 156

Modern Identity and Access Management

Data Breach Today

What are the critical questions that need to be addressed by anyone managing identity and access management in a modern enterprise? How do we establish and maintain digital trust without burdening our users? David Duncan of CA Technologies offers answers to these questions

Access 100

Should Staff Ever Use Personal Devices to Access Patient Data?

Data Breach Today

of Veterans Affairs Spotlights Tough Choices When is it acceptable to allow healthcare workers to use their personal smartphones to access patient records? Incident at Oklahoma Dept.

Access 151

The future for “free” Subject Access Requests

Data Protector

Parliamentarians will soon be debating the merits of the Data Protection Bill, and I’m wondering whether much consideration will be given to the implications of the proposal to gift citizens with “free” Subject Access Requests.

Access 156

Facebook Can't Reset All Breach Victims' Access Tokens

Data Breach Today

Social Network Reveals It Cannot Log Users Out of All Third-Party Services Warning: Attackers behind the recently revealed Facebook mega-breach may still be able to access victims' accounts at some third-party web services and mobile apps - and Facebook has offered no timeline for when a full lockdown might occur - although there are no signs of third-party account takeovers

Access 128

Q&A: Here’s why robust ‘privileged access management’ has never been more vital

The Last Watchdog

However, lacking robust protection, privileged accounts, which are intended to give administrators the access they need to manage critical systems, can instead be manipulated to enable attackers to move laterally across an organization’s network. In recognition of the significant security risks privileged accounts can pose, industry research firm Gartner recently released the first-ever Magic Quadrant for Privileged Access Management 1.

Access 129

Access to your information


“Rules to Ease Patient Access to Health Data Are Proposed,” The Wall Street Journal , February 12, 2018 A6. You may be able to see it all on your smart phone, regardless which hospital or doctor generated it. Isn’t it a good thing when the government makes it easier for you to use your information? And to get it for free? Even the treatment notes. What’s wrong with this picture? It makes too much sense. Doesn’t government make our lives more difficult?

Unactioned data subject access requests could lead to legal action

IT Governance

Buckinghamshire-based housing developer Magnacrest has been fined for failing to respond to DSARs (data subject access requests) , giving organisations a fresh reminder of the importance of the public’s legal rights to review the information that’s processed about them.

iPhone Hack Allows Access to Contacts, Photos

Adam Levin

Apple’s iOS 12 update includes a workaround that can allow a hacker to access a device’s photos and contacts without having the passcode to unlock it. It does not, however, allow unauthorized users full access to the device, and executing the workaround isn’t exactly an easy thing to do.

Free access TV


“You Can Stream TV, Films Without Paying,” The Wall Street Journal , February 4, 2019 B4. Ways to get many TV shows and movies for free, with ads. What is your information worth if people can see it for free (or for the price of watching some ads)? Theme One: Information Value

D-Link fixed several flaws in Central WiFiManager access point management tool

Security Affairs

D-Link addresses several remote code execution and XSS vulnerabilities affecting the Central WiFiManager access point management tool. D-Link Central WiFiManager software controller helps network administrators streamline their wireless access point (AP) management workflow.

Accessing Cell Phone Location Information

Schneier on Security

The New York Times is reporting about a company called Securus Technologies that gives police the ability to track cell phone locations without a warrant: The service can find the whereabouts of almost any cellphone in the country within seconds.

ID and Access Management: The Next Steps

Data Breach Today

Bringing identity and access management to the next level and investigating the potential that blockchain offers to improve the management of device IDs are among the priority security projects at Sentara Healthcare, an integrated delivery system serving Virginia and North Carolina, says CISO Daniel Bowden

Access 102

IDenticard Zero-Days Allow Corporate Building Access, Location Recon


Multiple hardcoded passwords allow attackers to create badges to gain building entry, access video surveillance feeds, manipulate databases and more. Vulnerabilities administrator access building security data exfiltration default passwords hardcoded credentials identicard premisys Tenable vulnerabilities zero-day

Identity and Access Management is pivotal for GDPR compliance

OpenText Information Management

This is a clear demonstration that the European Union (EU) is very willing to take action and that companies everywhere have to be prepared for GDPR … The post Identity and Access Management is pivotal for GDPR compliance appeared first on OpenText Blogs.

Local-Privilege Escalation Flaw in Linux Kernel Allows Root Access


Vulnerabilities centos Debian Kernel Linux Local Privilege Escalation Red Hat root access vulnerabilityResearchers said the vulnerability "is very easy to exploit.".

Facebook Now Offers Bounties For Access Token Exposure


The newly expanded Facebook bug bounty program sniffs out access token exposure flaws. Uncategorized Vulnerabilities Web Security access tokens bug bounty Facebook Facebook bug bounty hacker Privacy Security

Remote Access & the Diminishing Security Perimeter

Dark Reading

Where security really matters, the enterprise is only as secure as the endpoints it allows to access its sensitive core systems

5 Tips for Managing Privileged Access

eSecurity Planet

Privileged access management (PAM) can help Some accounts are more valuable than others.

Tips 88

Facebook Admits Giving Partners Access to Messages


A Facebook partnership with Netflix, Dropbox, Spotify, and Royal Bank of Canada gave them access to messages. Facebook Privacy data misuse Data Privacy dropbox Netflix Royal Bank of Canada Spotify

FitMetrix Exposes Millions of Customer Details, Accessed by Criminals


Breach Cloud Security Privacy Web Security cloud storage criminal access data breach Elasticsearch fitmetrix gym customers misconfiguration open server personal information public accessGym customer data, including contact information, birth dates and height/weight data, opens the door to convincing follow-on social-engineering attacks.

How to respond to a data subject access request

IT Governance

What is a data subject access request (DSAR)? Data subjects have the right to send organisations a personal data request for: Confirmation that their data is being processed; Access to their personal data; and. Write a data subject access request procedure.

How Cyber Essentials can help secure your access controls

IT Governance

This blog covers access controls. Deficient access controls result in security breaches. Any organisation whose employees connect to the Internet needs some level of access control in place. Secure your access controls.

Digital Security: Preventing Unauthorized Access to Company Data


Modern cyberthreats cost companies in many ways. Major data breaches have led some chief executives to resign from their organizations. Brand damage, fines, lost business and revenues, and dips in stock prices are only tip of the breach-aftermath iceberg. Organizations must recognize and mitigate the threats that affect their digital security most. Businesses should assess common and concerning threats and the safeguards they need to protect digital information.

Why Digital Archives Expand Access and Awareness

IG Guru

Here was my challenge: the archives was institutional with no public access, and I was a […]. The post Why Digital Archives Expand Access and Awareness appeared first on IG GURU. I was once the director of an archival collection related to historical buildings around the world.

Alleged Chinese-hackers accessed thousands of EU diplomatic cables

Security Affairs

According to a report published by the New York Times, alleged China-linked hackers accessed thousands of sensitive EU diplomatic cables. The New York Times revealed that alleged Chinese state-sponsored hackers accessed thousands of sensitive EU diplomatic cables from the EU’s diplomatic missions around the world. The hackers carried out spear-phishing attacks aimed at EU officials in Cyprus to gain access to the diplomatic communications network.

How to write a GDPR-compliant data subject access request procedure – with template

IT Governance

The EU’s GDPR (General Data Protection Regulation) gives data subjects the right to access their personal data from data controllers that are processing it and “to exercise that right easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing”.

Open Access Week


Open Access campaign. Lucy Ayre discusses how she ran a successful digital marketing campaign to promote Open Access week at the University of Derby by getting out of the library and working across teams.

Access Now Is Looking for a Chief Security Officer

Schneier on Security

The international digital human rights organization Access Now (I am on the board ) is looking to hire a Chief Security Officer. I believe that, somewhere, there is a highly qualified security person who has had enough of corporate life and wants instead of make a difference in the world.