Information Security & Technology Consulting
Information Security is changing as rapidly as the hacker techniques and new technologies that hit the industry. The projects below are efforts to better help companies deal with integrating security practices into their efforts or to deal with changes in regulatory or data protection governance.
HIPAA QuickStarts for Small Business
The latest ACA changes are hitting providers and insurance companies hard. The challenges include integrating with state exchanges, migrating to the latest coding changes, and now needing to demonstrate you meet Meaningful Use for funding. And small providers are still faced with whether they meet the standard HIPAA requirements.
This project is developing QuickStarts - templates, checklists, and recommendations for best practices in helping small healthcare businesses identify and take steps to meet HIPAA and ACA requirements a step at a time.
Best Practices for Inegrating Security in Agile Projects
Software development efforts often view Information Security as the enemy, and rightly so in many cases. It is difficult to create software products quickly AND integrate in the security methodologies and fix flaws. Add in cutting-edge efforts with mobile apps or agile for even more challenges!
This project outlines the lessons learned from building a software assurance program at a leading business and the lessons learned on making it work. Case study, best practices, and recommendations included.
Rapid Security Code Review Tactics
Code reviews are often seen as an effective way of identifying significant security flaws, yet they can also be time consuming and difficult to do.
This project, based on the seed work of Microsoft's Michael Howard, extends the effort to triage the scope and focus of code reviews. With decision trees that narrow the focus on code for specific security flaws, this project offers a faster way to review key code sections.