This is Douglas Davidson's Typepad Profile.
Join Typepad and start following Douglas Davidson's activity
Join Now!
Already a member? Sign In
Douglas Davidson
Columbus, Ohio
I work with business leaders and executives who are nervous their company's critical data might be exposed and who are scared they are not compliant with government rules and regulations.
Interests: Entrepreneurship, Leadership, Information Risk Management, Information Security, Small Business, Compliance, HIPAA Fatherhood, Church, Family, Coaching Youth Sports, Football, Wresting, Rugby, Boy Scouting, Camping, Gardening
Recent Activity
Image
It has been a while since I've felt compelled to share a thought on Secure Value. My last post was a still relevant suggtion to test you web site's security that I wrote 15 months ago. Several things in my life and in the news have coverged to suggest that even if my voice might be a small one we need more voices talking about managing risk and securing our digital values. This has been a tough winter no matter where you live. Two weeks ago amid another report of an incoming winter storm my wife went to our neighborhood... Continue reading
Posted Mar 15, 2014 at Secure Value
Qualys (Photo credit: Wikipedia) One of Jacadis' longest standing partners is Qualys. Qualys produces a vulnerability management suite that helps our customers manage vulnerabilities, measure compliance and maintain security. Qualys also publishes a set of free tools for the public to use. You can check your web site with FreeScan. With your FreeScan, you can run scans to detect security threats: Network perimeter vulnerabilities Web application vulnerabilities Malware hosted on your website We recommend and some regulatory or contractural obligations may require regular site scanning. Scanning regularly for vulnerabilites and malware is part of a best practice security program. We... Continue reading
Posted Nov 10, 2012 at Secure Value
Image
Is your business prepared for the next big storm? Have you considered the potential obstacles to your successful ongoing operations that a man made or natural disaster might create? Have you changed your operation to reduce the impact? Do you know what you'll do if you lose key technologies? or access to facilities? or if your employees can't get to work? Sandy is a reminder that bad things happen. In the news we'll see the emotional stories about lost loved ones, miraculous rescues, incredible destruction, innocent animals, ruined fortunes and so on. We won't see much about the small business... Continue reading
Posted Oct 31, 2012 at Secure Value
I've been invited to present to the GroundWork Group's Nonprofit IT forum over the lunch hour on Tuesday, October 10th. The presentation is titled Not Just Another HIPAA Presentation: Canary in a coal mine: 5 questions to ask to confirm your HIPAA compliance. Are you familiar with the role of the canary in a coal mine? Back in the old days coal miners would carry canaries in small cages down deep into the mines with them. If deadly gases such as methane or carbon monoxide were collecting in the shafts and tunnels, the canary would die alerting the miners to... Continue reading
Posted Oct 7, 2012 at Secure Value
Insurance (Photo credit: Christopher S. Penn) I’ve had two clients in two weeks present to us as part of an assessment an incident response plan template provided to them as part of the documents their cyber liability insurer provided them along with their policy. Neither client had done anything with the template yet presented them as proof that they did indeed have an incident response plan. Incidents that are handled on the fly without any prepared plan can be a magnitude more costly thatn those that are managed through a prepared plan. For that reason I think it is a... Continue reading
Posted Sep 5, 2012 at Secure Value
I don't usually post these kinds of postings, but our Vulnerability Management Overwatch team responded to a question from a client this morning. I thought I would pass it along for you to use. Initial reports from this morning show that there is a new vulnerability in Java. This particular exploit can successfully infect a fully patched computer running Windows 7 and the latest Java Upate. Currently there is no update from Oracle. This particular vulnerability works against across all browsers in different operating systems. Once activated the exploit will download a virus which will allow it to connect to... Continue reading
Posted Aug 27, 2012 at Secure Value
Image via CrunchBase In what seems to be a common trend in Cloud service businesses, Dropbox announced a security breach this week in which an user e-mail addresses and passwords were obtained from an employee account. Earlier this month, Yahoo made a similar announcement with at least 400,000 users e-mail addresses and passwords breached with the resulting information posted online by a group of hackers trying to push yahoo to secure their numerous vulnerabilities. Back on June 6th, LinkedIn confirmed that there was a major security breach on their website and that “some passwords” were stolen from user accounts. Those... Continue reading
Posted Aug 3, 2012 at Secure Value
Given upcoming customer committments and continued business growth, Jacadis anticipates adding two positions within the next 60 days. We believe we need a Penetration Testing Specialist and a Security Analyst to add to our growing services team in that time period. Before we formally posted at all the usual places I wanted to put both postings up here to see who might have an interest. Again, we envision two positions: For Jacadis, a Network Security Engineer, works on assessments but primarly solves client problems post assessment with the implementation and operation of security technologies and controls. For Jacadis, a PT... Continue reading
Posted Jul 27, 2012 at Secure Value
Our company, Jacadis,is seeking a full-time office manager to join our information security team. We seek a full-time, experienced administrative professional to manage and direct communication, provide support for company principals and field staff, manage the business office and finances, coordinate services invoicing and reporting and provide event support and planning. Frankly, this is the person that will help us keep the details in order while we take care of our customers' information security needs. The Office Administrator will report directly to and be supervised by myself. You'll be joining a fantastic team. If you are interested I've provided more... Continue reading
Posted Jun 28, 2012 at Secure Value
Health and Human Services's Office of Civil Rights, the organization responsible for much of the HIPAA / HITECH enforcement process including audits has published its privacy, security and breach audit protocols yesterday. I'm putting them on my weekend reading list. I wanted to let you know they were available should you want to dive into them yourselves. The protocols are available at http://ocrnotifications.hhs.gov/hipaa.html. At first blush, they seem to be extremely lightweight, but as with most regulatory efforts the devil is in the details. This will be something you will want to incorporate into your health care compliance activities. Some... Continue reading
Posted Jun 27, 2012 at Secure Value
Jacadis helps some of its clients manage their vulnerability and patch management programs. That includes providing some actionable information on the Microsoft patch digests. Here is the message that preceeded last week's Patch Tuesday. I'll share these in the future in advance of Patch Tuesday. Let me know if you are struggling with your vulnerability and patch management processes. We can help. Microsoft has released its advanced notification for the next round of security patches to be released on Tuesday June 12th. The updates patch the following products: Windows XP Service Pack 3 Windows Vista Windows 7 Windows Server 2003... Continue reading
Posted Jun 26, 2012 at Secure Value
After a forced vacation from the blog due to an office move I am here to warn you. I'm back. That said I'm getting reoriented to the knowledge needs of entrepreneurs who must protect their critical data and to the risk management needs of those infosec and auditing types who must assure their small business vendors are doing the right thing. As I do that a quick tip ... If you are a regular tweeter log in to twitter and check your authorized apps. I was surprised when I resurfaced at the number of apps that were authorized to use... Continue reading
Posted May 25, 2012 at Secure Value
Mobile computing creates a huge foundation for workforce efficiency and effectiveness as well an interesting toolbox for innovation. It creates an increased attack surface as well. Mobility poses many security-related challenges (such as anonymous connections, “always on” connections, cleartext network traffic, wireless networks, etc.), most of which are not usually fully addressed. We routinely see these issues uncovered in customer security assessments where innovation unknowingly led to security exposures. We also occaisionally hear from business leaders and innovators that security concerns are slowing innovation. Our CTO Jerod Brennen is facilitating a Mobile Security Workshop to help you regardless of where... Continue reading
Posted Apr 4, 2012 at Secure Value
We have an opportunity to assist a client with a security administration project. A detailed job description is attached. In summary we are looking for a top performing windows administrator with high integrity, familiarity with information security technologies and topics and a desire to grow into the information security field. Please send interest to me via email. Contact information is in the job description. Download Security Administrator 2011 Continue reading
Posted Mar 3, 2012 at Secure Value
When we started Jacadis in 2001 most work focused on assessing whether client's networks were secured, particularly at the firewall, and helping companies implement servers "hardened" or properly secured to be exposed to the public internet. Today we still assess client networks to determine whether they are secured properly. We answer the questions "are you vulnerable" and "are you secure" but those assessments include a lot of other assets that can be attacked such as web sites, mobile devices, remote access facilities, wireless as well as the paper in your dumpster and your employees. We are also increasingly asked "are... Continue reading
Posted Feb 28, 2012 at Secure Value
Jacadis is on the lookout for a tech-savvy, curious college student with an interest in information security and privacy to join our services team. There is an opportunity for top performers to be offered a full-time position upon graduation. Associate Security Analyst Internship We are looking for a technically astute college student with an interestnd aptitude in information security, above average communication skills who is self-starting and hard working to join our professional services team on a part time basis. Primary responsibilities may include some or all of the following activities: Assist in providing on-site and remote support for customer... Continue reading
Posted Feb 24, 2012 at Secure Value
Our local business community is up in arms about a recent string of (currently 9) armed robberies that have occcured over the last several weeks. Many businesses are now taking extra precautions to protect their valuables and their employees. In a community targeted release about the situation, Hilliard City Police Department suggests that "Every business should take an active part in making their business safe. Here are some suggestions to help prevent robbery: Have at least two employees open and close the business Install a robbery alarm Place a surveillance camera behind the cash register facing the front counter with... Continue reading
Posted Feb 1, 2012 at Secure Value
Image via Wikipedia Yesterday a client rescheduled a meeting because "the State" showed up to audit their medical operations. The State of Ohio regulators conducts spot visits in this industry on a spontaneous basis. When they come in, typically unannounced, everything stops so that they can conduct their spot audit. "Hi, I'm from the <FTC/HHS/DHS/ETC> and I need to see your log files and your patch management reports ... " Do you think information security and privacy compliance will ever get to that point? Continue reading
Posted Jan 19, 2012 at Secure Value
I am putting the finishing touches on an executive presention for a client. Our finding, after a series of technical tests, a review of their policies and their security administrative compents was that they are generally proactive on securty from a technical perspective but any additional maturation or improvement of their program requires management involvement. I am going to present this to senior management team that has already informed me they don't want to hear that message. This isn't the first time Jacadis has encountered such a situation. Why should senior management be involved in security decisions? At some level... Continue reading
Posted Jan 18, 2012 at Secure Value
Last week I gave a Lunch and Learn Presentation to a group of business people and enterpreneurs at the Dublin Chamber of Commerce on Living Securly in a Digital World. Researching the topic for fresh material I tripped across a Unisys study that shows a disturbing gap between what employees and what employers think about data use in the enterprise: While 67% can access non-work-related websites only 44% of employers agree. While 52% of workers say they can store personal data on the company network only 37% of employers agree. Do you have that same perception gap in your company?... Continue reading
Posted Dec 18, 2011 at Secure Value
I am giving a talk to the Dublin Chamber of Commerce this Thursday on Living Securely in a Digital World. As I've started preparing my presentation I've come to realize that almost everything we do or have done in the analog (fancy name for "real world") we can now do in the digital world. I'm going to talk from frmy experience, but I'd like yours as well. Here are some things I do online that used to be real world things for me ... would you share your list? Communicate with friends Search for employees Plan and record my workouts... Continue reading
Posted Dec 13, 2011 at Secure Value
Forecast is for some snow tomorrow here in Columbus. One of my clients just last week shared it had taken a couple of months to get maintenance to test the back up generator. They finally went to fire it up to test that it worked and .... nothing. Tried again. Nothing. Their hardware vendor responded quickly. Turns out that the broken part was under warranty but was 48 hours away. The test was conducted on one of those warm sunny days we had before Thanksgiving. We aren't supposed to get much snow tomorrow but you never know here in Ohio.... Continue reading
Posted Nov 29, 2011 at Secure Value
I've been bombed (not spammed because I know the people sending me the emails) with this message from a number of Verizon representatives. Tablets are fast becoming a useful tool in business and our everyday lives. More and more businesses are buying tablets to help streamline workflow and bee more efficient. More and more people are buying tablets for personal use because of their small size, ease of use and their multi-functionality versus a laptop. Tablets bought in the United States: 2010 – 19.5 million 2011 – 54.8 million (proj) 2012 – 103.4 million (proj) 2013 – 154.2 million (proj)... Continue reading
Posted Nov 19, 2011 at Secure Value
I have lots to say about what I’ve learned at the Gartner IT Symposia in Orlando as well as some other events relating to small business security and risk management. But I came back to a team that had further positioned Jacadis for growth. So instead of blogging I’ve been working to build out some additions to our work team. We are currently looking for a hands on IT Project Manager with the capability and motivation to grow our services team along with their career. This is the posting we'll be placing formally on Monday. Is this you? Do you... Continue reading
Posted Nov 4, 2011 at Secure Value
Jacadis is about to begin the search for a security analyst to join our team. Likewise, we also have the desire to build an ongoing relationship with 1 or 2 independent security analysts who could take project work on as it comes in. The positions we are looking to fill are all similar to the job description I've attached to this post. The employee analyst will ideally be a generalist with any alphabet soup acronyms (PCI DSS, HIPAA, GLBA, ISO, etc.) being a bonus. The independents we are looking for will ideally have some HIPAA or healthcare security in their... Continue reading
Posted Oct 3, 2011 at Secure Value