It takes about 2 minutes to change the Windows local Administrator password using easily obtainable tools on the Internet. Personal data should be encrypted. Period. It\’s not that hard – there are several drive and file encryption tools available and this should be considered minimum level of due care. Unfortunately, encrypting data is not a HIPAA requirement, even though it should be.
If you store your customer\’s information, it should be protected against theft. Both HIPAA and Gramm-Leach-Bliley Act require risk assessments to be performed by the company. Theft is a credible threat and must be addressed in the risk assessment.
It takes about 2 minutes to change the Windows local Administrator password using easily obtainable tools on the Internet. Personal data should be encrypted. Period. It\’s not that hard – there are several drive and file encryption tools available and this should be considered minimum level of due care. Unfortunately, encrypting data is not a HIPAA requirement, even though it should be.
If you store your customer\’s information, it should be protected against theft. Both HIPAA and Gramm-Leach-Bliley Act require risk assessments to be performed by the company. Theft is a credible threat and must be addressed in the risk assessment.
George Toft, CISSP
Chief Security Officer
My IT Department
http://www.myITaz.com
Has anyone used certmagic.com for CISSP Certified Information Systems
Security Professional to study for the CISSP exam?