[Cialug] Infragard Meeting - August 19th - Getting Started with ISO 27000
Zachary Kotlarek
zach at kotlarek.com
Thu Aug 6 09:15:33 CDT 2009
On Aug 6, 2009, at 8:49 AM, Todd Walton wrote:
> "HIPAA"
>
> These industry methodologies fascinate me. Geeks have their roots in
> the nurturing soil of plastic and silicon. It's easy to understand
> those things. And so it fascinates me that thin air can provide
> nutrients as well. Who'd think you could create real value from just
> setting policies and methods and practices and all that?
HIPAA has a couple of fairly specific and (mostly) reasonable
technical requirements, and about 4.7 million pages of documentation
requirements, many of which call for technical jargon. It's a prime
target for a consulting gig where you print out the same threat
analysis, business continuity plan, security policies, etc. for each
customer with pretty minor customizations. Combine that with an on-
site visit that demonstrates the 14 different ways they are sending
IIHI unencrypted and/or unauthenticated in violation of the privacy
and/or security rule and you'll have them thoroughly impressed.
Now there's also sometimes real work to be done, and bits of HIPAA are
tricky to get right. I'm just saying you can do a lot of it with a
search-and-replace report customization and charge $100/page for the
privilege. Just ask my clients. ;-)
Zach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2746 bytes
Desc: not available
Url : http://cialug.org/pipermail/cialug/attachments/20090806/3f68f4f7/attachment-0001.bin
More information about the Cialug
mailing list