When checking system access, make sure you look at all the different items that affect the user’s access. For example, the user might need one or more of the following:
- Application ID
- Application role or group
- Membership in an local server group, Active Directory (AD) group, or UNIX Group
- Access to the application’s share and/or folder on the server
- Database ID
- Database role, including access permissions (read/write)
- Other permission (from a home-grown application code or enterprise identify management system)
Continue reading →
Filed under Audit, How to..., Security, Technology
Tagged as access, active, AD, admin, application, Audit, batch, confidential, contractor, data, database, directory, employee, file, financial, folder, format, generic, group, hipaa, HR, ID, LDAP, log, membership, new, non-personal, OS, PCI, permission, personal, role, script, setup, share, sox, system, Unix, user
The American Recovery and Reinvestment Act includes changes to HIPAA, including:
- Much higher civil penalties for violations.
- Covered entities must disclose security breaches when client data is exposed.
- Business associates will be subject to the same civil and criminal penalties as covered entities.
The changes are not effective until February 2010.
David Mortman of Searchsecurity.com provides an overview of the changes here.
For a more comprehensive list of changes, see Thomson Hine (PDF).
Filed under Audit, Security
Tagged as 2010, act, breach, business associates, covered entity, data, david mortman, exposed, hipaa, penalty, recovery, reinvestment, searchsecurity.com, Security, thompson hine, violation
When checking system access, make sure you look at all the different items that affect the user’s access. For example, the user might need one or more of the following:
ITauditSecurity 