HIPAA COMPLIANCE NEWS & INFORMATION

on March 20, 2023 at 12:00 PM

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink The post USENIX Security ’22 – Agnieszka Dutkowska-Zuk, Austin Hounsel, Amy Morrill, Andre Xiong, Marshini Chetty, Nick Feamster – ‘How and Why People Use Virtual Private Networks’ appeared first on Security Boulevard.

on March 20, 2023 at 11:58 AM

Many software supply chain security practices have been widely adopted, but there is still a lot of room for improvement, according to a recent OpenSSF survey of 167 software professionals. The post Software supply chain security practices are maturing — but it’s a work in progress appeared first on Security Boulevard.

on March 20, 2023 at 11:44 AM

Tools like Code Dx that support automation are the answer to faster software development delivery cadence. The post Automate your DevSecOps to take the pressure off triage appeared first on Security Boulevard.

on March 20, 2023 at 11:42 AM

Investing in People Doesn’t Take AI AI is not an investment; ask any bank. Decisions made by people powered by artificial intelligence should keep the accountability and responsibility of the organization the same. Now that ChatGPT-XYZ has soaked into the corporate, educational, and government DNA, what role should AI play in the decision logic for the organization? Is AI telling us the future of our company? Who should we invest in? People have discovered how easy it is to key a few words into a prompt and outcomes their answer! People ultimately should be the investment for the organization. AI can tell us things that help shape a theory or provide background trending points, but people are the ones that should be at the top of the list for budget, not technology, not AI, and certainly not CEO bonuses and their golden parachutes. Watching banks collapse didn’t start yesterday or the day before. This tragic time happened in the 1980s with the savings and loan scandal. Yes, even then, politicians were bought and paid for. In 2001, we had the DOT.Com crash. Many investors, VCs, and even traders all prompted up companies with valuations that turned out to be false so that they make a buck—those who didn’t understand this loss. Now, jump ahead to the mortgage crisis of 2008. Again decisions are made to make home-buying affordable, even for people who usually do not qualify. Decisions made by “people,” not machines, were at the heart of these financial disasters. Present day — 2023- The era of cloud technology, MFA, and artificial intelligence, and we still have the same results. People are making decisions on where and how to invest. Even with the disaster at FTX, people, again, not AI, decided with investors’ money. Still, with every compliance regulation, privacy law, and Federal government policy governing the banking and finance industry, we have banks dropping like flies and bigger ones stepping in with a load of cash to keep the whole thing from falling apart. Will AI save the day by predicting the collapse of the bond market? Was there some AI in the mix at SVB? Even without a Chief Risk Officer? Ultimately, are our organizations cutting corners and not making strategic educational investments in people? Yes. AI, similar to the technology dreams that never delivered the ROI or any form of ROA, continues to be a darling to those in the “know” that understand that this functionality without oversight gives the people using these tools the means to “beat the system” not enhance it for the greater good. Did AI stop SVB from handing out bonuses before the collapse? Or only people in the “know” knew that all auditing and compliance controls were still active to track withdrawals and unauthorized payments would not send up a flag. Investing in people means simply having employees, partners, and executives fully educated on their job to know what they do matters to their customers, investors, and even taxpayer in this country. Cutting corners and “banking” on AI and other automation to save the day becomes an excuse for the lack of oversight, accountability, and responsibility. When did an organization last host a “technology with responsibility” workshop? The money spent on the bailout of these banks could easier have paid for an MBA program for many inside the organization to help make their organization a better company. People are the investment in the “now” and the “future.” The post Investing in People Doesn’t Take AI appeared first on Security Boulevard.