Kadrith's comments

http://hipaacow.org/ is another good resource for anyone in this field. In the top nav select Resources, Documents and then the subgroup you want information for. Right now the site has Privacy & Security, EDI and Risk Toolkit.

Disclaimer: I am involved with HIPAA-COW on the Security, Risk and soon the Technical Security working groups; we release a lot of information to help people.

If the code is released with an Open Source license, haven't they already met the claim? Sure the company could be bought out, but the code can't be.

Even if they were bought out the code would still be available and someone else could provide the service and continue development. Releasing the code seems like the best guarantee possible.

I saw this article a few days ago which covers some good things email clients could do to help improve security around phishing:

http://www.tripwire.com/state-of-security/security-awareness...

The problem is that there is a lot of information which can help technical people figure out if something is suspicious but the email clients don't use that info to help non-technical people know if something is safe.

I just use ground coffee in the cup-sized filter. My wife and I wake up at different times so this prevents wasted coffee without the pods.

From what I recall the parents assets can be used, up to a certain percentage, to determine what the child is eligible for. One way around this is to use a Roth IRA, since it allows you to take money out for college without a penalty and would not be used to determine FAFSA.

Perception of how the money is made. Generalizing a bit, but most people feel that Google earned the money honestly while Wall Street got their money dishonestly.

Facetime?

Any chance of being able to link Dwolla to this in the future?

I think the OP meant access to regular BBC programming; not the Olympic coverage.

It also does not mean that CL has any obligation to provide that data to another for free. If you want the data in multiple locations, post it to those other locations.

I know, but I thought the existence of robots.txt was why Google is allowed to crawl sites. If a site disagrees with the crawling they can add a robots.txt entry and Google will honor it. It at least shows that you are giving the publisher an option.

Does PadMapper respect the robots.txt file?

Isn't this a difference in what DirecTV has implemented in their applications? I read the OP as asking for applications that do not function on an Android tablet or function significantly different on an Android tablet vs. an Android phone.

Did you ever read about Titan Rain? http://www.time.com/time/magazine/article/0,9171,1098961,00....

It talks a bit about how one person tracked attacks through multiple countries back to China.

I had a question along those lines come up recently where I work. Someone had heard a little about the lawsuit and asked if there was a concern that Oracle was suing organizations that used Java. The person I spoke with admitted that they knew almost nothing about the issue, just that Google used Java and got sued; and since we use Java in some cases could it mean that we were open to the possibility of being sued by Oracle.

That is how all of our resumes work; HR just verifies the information and has no role in determining whether someone is appropriate...unless it is for an HR job. Someone in our department must review every resume for the initial pass before HR begins the background checks or schedules interviews. It takes longer to hire someone but we know that nobody is making decisions for our department.

"No HR department can interview people without a degree when there are so many people with degrees. A degree doesn't get you in the door, but is a minimum standard for just about any job."

Nonsense. I have never been to college and I am currently responsible for the IT Security of a mid-sized health network. Not only was I hired without a degree but I've been promoted several times.

I also have no technical certifications, at various points in the past I had some but have let them lapse. Having a piece of paper may make things easier, but in the end it comes down to whether or not you can sell yourself to the organization.

HIPAA stands for "Health Insurance Portability and Accountability Act" there is nothing about privacy in the name.

My experience has been very different however I work in a place that does care about the burden placed on people by compliance. I am also heavily involved with compliance, drafting policies and the implementation of those policies. When someone wants a new policy implemented I have a rule that they are the first ones I hold to the new policy.

One example was a change to the password complexity requirements for our organization (health care); since this was approved by senior leadership I changed the passwords for senior leadership first and did not allow any exceptions to the new policy. This ensured that the people who initiated the policy and are in a position to change the policy are the first ones impacted by it. If something was horribly wrong I would only change the policy or provide an exception if anyone who met the same criteria was also to be given the exception. If the exception is by job title or position I would require that they explicitly put that in the policy; that has never been requested though.

When there is a process to communicate issues and a culture that actually cares, compliance isn't as bad. For example we instituted a stricter change management process about a year ago.

We got people together to figure out what we thought a good balance was between the compliance needs, operational needs and the problems we were attempting to solve. As we were using the new process we gathered information from people then reviewed the entire thing at around six months. Based upon the feedback we made changes to the process, loosening somethings and tightening other parts. We have another meeting to review this in a few weeks since there have been some new proposals for how to streamline the process.

As far as management learning the rules, I tend to not have too much issue with that. If they don't follow the rules and are unwilling to comply their access to all systems will be shut off; the IT security group reports to me. :) Once people know you will go so far as to shut off their access for not cooperating it is amazing how quickly they work with you when an issue arises.

For us there is always a process to get exceptions with any policy; but the person performing the action may not be authorized to give themselves an exception arbitrarily.

There are some US laws against insider trading and information disclosure for public companies; that is typically the main concern leading to this type of behavior for the financial industry.