Sometimes a few words from a software vendor, potential partner or consulting security expert tell you everything you need to know about whose advice is worthwhile — when it’s best to smile and nod, or whether you need to interrupt and challenge someone who’s seriously off the rails. Here are 10 telltale phrases that signal troublesome advice.
"Our software is HIPAA (SOX, etc.) compliant."
No, it’s not.
Many security standards, such as the Health Insurance Portability and Accountability Act and the Sarbanes-Oxley Act, include requirements for the implementation and operation of a system. These detail the actual practice of protecting sensitive data, not just the type or design of security controls.
Proper security controls in a piece of software can support compliance with HIPAA, Sarbanes-Oxley or other regulatory requirements, but a direct claim of compliance-in-a-box is laughable. There’s no way to box up a proven-compliant life cycle into an unimplemented piece of software without incorporating your data and experience.
Have you heard these before?
"It uses an encrypted database." "… a proprietary security algorithm …" "You’re 77.83% compliant." "…all the data at your fingertips…" "… policies are ready-to-implement …" "It’s secure; just plug it in." "… highly customized security system …" "… completely removes files and evidence …" "Distribution of your content is controlled."
READ MORE at computerworld.com