Recently, I had the opportunity to conduct a HIPAA/HITECH Risk Assessment for a regional healthcare provider. In this project, a HIPAA/HITECH compliance assessment was required prior to the risk assessment work.
After the project kick-off meeting, various meetings were...
Often in security we get so caught up in firewall rules, anti-virus alerts, answering audit or compliance surveys and such that we sometimes put the cart before the horse. We focus on implementing the little details without developing or updating our overall strategy....