Home » Author Archives: Joshua Merkel

Author Archives: Joshua Merkel

Assessing the Usefulness of the NIST 800-53 Appendix J Privacy Controls


Contractors to the federal government and information security professionals are no doubt familiar with NIST Special Publication 800-53. Provided by the National Institute of Standards and Technology (NIST), the 800-53 is a set of controls intended to protect federal information systems from “hostile cyber attacks, natural disasters, structural failures, and human error.” Since their inception, these controls have gone through ...

Read More »

The Internet of Things: Super Cool. Absolutely Terrifying.

big brother

“The poster with the enormous face gazed from the wall. It was one of those pictures which are so contrived that the eyes follow you about when you move. BIG BROTHER IS WATCHING YOU, the caption beneath it ran.” Remember this line from the beginning of George Orwell’s 1984? I hope it doesn’t become the unofficial tagline of the burgeoning Internet ...

Read More »

Privacy by Design for Data Protection: Useful or Useless?


Privacy by Design (PbD) is a data privacy and protection concept developed by our friendly Canadian neighbors. In general, PbD espouses the embedding of data privacy elements into organizations’ technologies and business practices. The goal is to bake privacy into the data life cycle, thereby foregoing the inefficient ad hoc privacy bolt-ons that we’re all familiar with.  It’s great in theory. ...

Read More »

Your Guide to Conducting a HIPAA Risk Assessment

HIPAA states that a covered entity or business associate “must conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic protected health information held by the covered entity or business associate.” This risk assessment requirement oft becomes a sticky issue for organizations subject to HIPAA. Why? Because covered entities and ...

Read More »