About a decade ago, I personally witnessed the handover of the simplest, cheapest, and most effective disaster recover plan ever.
Let me first give you a little background….
I worked for a great IT director, who moved to another company, much bigger, and brought me with him.
In the new company, he again was responsible for all IT, and he brought me along to manage security and disaster recovery.
If I named this company, at least 25% of you would recognize it, even those of you around the world–true story, too.
If you haven’t determined how server virtualization changes your audit plans, you better get moving. I’m not just talking about a virtualization audit (more on that later), but the audits that you typically do every year or on a multi-year cycle.
For example, if every year you do an audit on all networks, servers, applications, and databases that host your key financial reporting or PHI systems, you’re looking at policies and procedures, configuration management, security (including patching), user access, logging, and so on. But do you first consider whether those assets run on virtualized servers?
Ready for another free Dummies ebook? Now you can register for and download a free copy of Data Backup Dummies.
According to i365 (formerly EVault), the ebook describes how to:
The American Recovery and Reinvestment Act includes changes to HIPAA, including:
- Much higher civil penalties for violations.
- Covered entities must disclose security breaches when client data is exposed.
- Business associates will be subject to the same civil and criminal penalties as covered entities.
The changes are not effective until February 2010.
David Mortman of Searchsecurity.com provides an overview of the changes here.
For a more comprehensive list of changes, see Thomson Hine (PDF).
Filed under Audit, Security