Yan Kravchenko
More by Yan Kravchenko
An Introduction to the Open Software Assurance Maturity Model (OpenSAMM)
December 22, 2014
The Open Software Assurance Maturity Model (OpenSAMM) was developed by OWASP and is comprehensive in nature, covers all aspects of application security, and still allows each application to be evaluated in under one hour.
Mobile Application Threat Modeling
November 24, 2014
Perform a threat assessment for mobile applications, whether developing a new app or reviewing an existing one. Pentesting essential insights shared.
Things not to overlook in the new PCI DSS 3.0
November 14, 2013
This post highlights some of the most significant, noteworthy, and understated changes in the new PCI DSS 3.0.
DEA Electronic Prescription of Controlled Substances – Certification Clarification
December 5, 2011
On October 16th, 2011 the DEA released a series of clarifications regarding the requirements for Electronic Prescriptions of Controlled Substances (EPCS). Let's discuss.
Mayo Clinic's Solution for Social Media Challenges
September 9, 2011
The Mayo Clinic recently launched Mayo Clinic Center for Social Media intended to help train medical practitioners and patients about the use of social media to improve patient care.
Security and Privacy Considerations in "Meaningful Use"
August 9, 2011
One of the common and consistent themes at HIMSS (Healthcare Information and Management Systems Society) this year was achieving "Meaningful Use" requirements so that healthcare providers can apply for EHR (Electronic Health Record) stimulus money.
EMR Security in the Cloud
August 2, 2011
I recently had the opportunity to review an article by Michael Koploy of Software Advice titled "HHS Data Tells the True Story of HIPAA Violations in the Cloud".
HIPAA May not Protect Compulsive Liars
March 30, 2011
At a recent networking event I heard a manager express frustration over managing an employee who got caught up in her own fairy tales that resulted in a very embarrassing termination.
Does DLP Help Solve HIPAA Concerns?
September 3, 2010
One of the most promising technologies for automatically enforcing compliance with sensitive data handling practices is Data Loss Prevention (DLP) technology and it is quickly gaining popularity and adoption across many industries.
Business Associates Need to Understand HIPAA & HITECH Requirements
August 31, 2010
Even though the full extent of the HIPAA and HITECH requirements will not be required for Business Associates until 2011, my experience with helping organizations reach compliance with appropriate security requirements suggests that compliance efforts should begin right away.
HITRUST Part 4 Looking Forward
January 13, 2010
In this conclusion of the HITRUST blog series, I would like to discuss some definite opportunities and challenges that HITRUST is likely to face.
HITRUST Part 3 Certification Explained
December 30, 2009
As a continuation of the HITRUST blog series, in this post I would like to explore the concept of certification, and what it means.