Archive for September, 2009

McAfee Data Protection, HIPPA, HITECH and breach notification.

September 14, 2009 Leave a comment

Last week, one of my colleagues asked me to comment on 45 CFR Parts 160 and 164, which for those of us who can’t remember all the code names for the various USA Federal docs, is the one in which the Department of Health and Human Services publishes its interim final rule under HIPPA and HITECH re what data falls under these regulations, what a “breach” means, and the conditions in which data is deemed to have been “protected”.

Under HITECH/HIPPA, basically there is a duty in the USA to care for the privacy of “unsecured protected health information” – this means that anyone electronically processing our heath information has a duty of care to make sure no unauthorised people gain access to it, and a legal duty to inform us if a breach (or possible breach) of trust occurs. Read more…


Is Encryption enough? Why just encrypting data doesn’t solve today’s information security concerns.

September 3, 2009 7 comments

“But if it’s encrypted, why do I need to login?” the customer across the desk asks me with incredulity.

I realise that I’m about to get into a discussion which boarders on theological and raises passion in both security and business leaders alike. A discussion that I’ve had many times over the last two years, and will have many more times in the near future.

“Because, without authentication, there’s no point to encryption”. I reply, knowing full well that this isn’t an answer that’s wanted, or understood.

With a stifled sigh I start to explain.. Read more…

Bitmask searches in LDAP, or How to exclude disabled users..

September 3, 2009 3 comments

Following on from my post on Bindings and connector settings, I thought I’d expand on how to use bit-mask searches in the connector Object filter.

Bit-masks are not complex for those who know Boolean arithmetic, and there are a million resources on the web to teach you that, but how to use them in an Active Directory search is obtuse to say the least.

To do a boolean  “AND” search, you use the tag “1.2.840.113556.1.4.803”, to do “OR” the tag is “1.2.840.113556.1.4.804”.

Easy eh? I guess I should give you a practical example. Read more…