News in Brief

HIPAA rules; a free browser security test; and managing security knowledge

Government Publishes Final HIPAA Rules

The Department of Health and Human Services (HHS) published the final version of its information security standards for the Health Insurance Portability and Accountability Act (HIPAA), including hundreds of pages of revisions from previous versions. Affected companies must comply with the new rules by April 21, 2005.

For the previously released privacy standards, companies must comply by April 14 of this year. The final HIPAA security standards cover such things as risk tolerance, risk analysis, security policies and procedures, and contingency plans for attacks. HHS does not dictate which technology companies must use.

Free Browser Vulnerability Test

Web browsers are a crucial productivity tool but a vehicle for potentially malicious code. With all of the vulnerabilities, whether you’re using Internet Explorer, Mozilla or Opera, it's wise to test your browser on a regular basis. One option: the free Browser Security Test from Scanit Belgium. The test runs in your Web browser, safely testing for, and reporting, vulnerabilities and how to close them. It is available at:

PwC Upgrades Security Knowledge Management Tool

PricewaterhouseCoopers announced its Enterprise Security Architecture System (ESAS) 5.0, a Web-based security knowledge management tool to help companies create and promote security policies. The new version gives the product a facelift with new screens and interfaces. Under the hood, it gives sites more content management flexibility by distributing management and allowing controlled access to content. New authentication and user management capabilities include an integrated LDAP authentication and support for third-party authentication software, and easier user provisioning. For more information, visit:

About the Author

Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.