Cyber insurance provides an opportunity to address residual risk in your information security program to offset the costs due to a data breach of ePHI. However, individuals polices, coverage and exclusions are highly variable, so just like any security control it's important to understand your security risk profile before an appropriate security insurance policy can be defined. An assessment, such as a HIPAA Security Risk Analysis should be the first step in any insurance policy strategy. Here's why: A) You'll have to do it anyway, B) The safest approach is to avoid a breach in the first place, C) Your risk profile will enable a better tailored policy.
Gordon Lyon, better known by his online alias of Fyodor and as the creator of the very popular (and awesome) tool Nmap has released the results of the Nmap 2010 User Survey which he performs every couple of years. The survey is filled out by members of the Nmap-Hackers mailing list, one of several mailing lists that Fyodor maintains which is made up of many smart minds in the security world. The 2010 survey had more than 3000 participants throw their vote in for the most popular security tools in the industry, both commercial and opensource. The votes are then tabulated and revealed in a ranked list on Fyodors sectools.org website.
Sectools.org was first launched in 2000 and cataloged the top 50 security tools, in 2003 it had 75 tools, 2006 brought 100 tools, and this newest update brings the total to 125. Sectools has become one of the de-facto places I’ll tell wannabe penetration testers and other security noobs to check out to learn the ways of the security trade. If a new user takes the time to download and master each of the referenced tools they will quickly move from noob to leet.
This update has not only brought an additional 25 tools to the total count, but has also introduced additional features including user ratings and reviews, tracking of new releases for each tool indexed, searching and sorting capabilities and more. As Fyodor himself says “It’s like a frickin’ Yelp for security tools!”. I would have to agree.
Go check out the new site if you haven’t already. There are many gems lurking on that list that even some of the most seasoned security guys may not have heard of.