Archive for the ‘Training & awareness’ Category

Make Privacy One of Your 2012 Resolutions

Tuesday, January 3rd, 2012

Happy New Year!  I hope your year is starting out great.  Have you made it to day 3 without breaking any of your resolutions?  How about adding one more… (more…)

Don’t Let School Break Be A Privacy Break-In!

Friday, June 3rd, 2011

A couple of days ago I published my monthly Privacy Professor Tips message, “Summer Break-in.”  I provide these tips free to anyone who wants to sign up for it on my web site and fills out one of the boxes that says, (more…)

Legal Requirements for Information Security and Privacy Awareness and Training

Wednesday, March 30th, 2011

Earlier today following my online seminar, “Effective Training and Awareness: The Key to Information Security Success”  (, I received the following question: 

 Where might I locate a summary breakdown of training regulations by industry? i.e. Pharma 


A Conversation About Privacy On the Internet with Rafal Los

Saturday, February 12th, 2011

I recently engaged in an interesting discussion with Rafal Los about the erosion of privacy as it relates to the Internet in general, and social media sites specifically.  I think my readers will some useful points and insights within our conversation; especially considering the often perceived adversarial relationship between anonymity and privacy.  I welcome your feedback!

So here we go… (more…)

HIPAA Compliance Investigations And The Insider Threat

Wednesday, February 2nd, 2011

I’ve been getting a lot more questions about HIPAA and HITECH lately from folks I’ve never met, but who have concerns about the security and privacy of their health information (“protected health information” or “PHI” as referenced within HIPAA/HITECH), businesses that are trying to understand how to protect PHI according to the regulatory requirements, and a growing number who express frustration with the unsecure ways in which clients, customers, patients and business partners are sharing information with them.  There just are not enough hours in the day to answer them all, but  I decided I’d start sharing some of the questions, and my corresponding answers, that seem to be topics that a wide range of readers may be interested in.

I was recently contacted by someone who had a question about a recent HIPAA complaint against Rowan Regional Medical Center (more…)

2011 Information Security, Privacy and Compliance Soothsaying

Monday, December 20th, 2010

Looking ahead to what will happen in the coming year is always an interesting exercise.  Just like within a great novel, foreshadowing occurs every day in our lives to drop the hints of things that are likely to come.  The trick is to separate out the valuable hints from the extraneous breadcrumbs that are dropped by dozens of other inconsequential sources that mislead us and cause us to fail in our predictions.   We shall see at the end of the year how close I am with the following predictions… (more…)

Reining In Mobile Computing Risks

Sunday, October 3rd, 2010

As demonstrated over and over again over the past several years, mobile computing devices and storage media present a huge risk to business and personal information.  Because of the portability of these devices, organizations are basically entrusting the security of the information stored upon them into the hands of the people using them.  It is vital that an effective mobile computing device and storage media security and privacy management program is in place.

A mobile computing device and storage media security and privacy management program should be able to answer the questions: (more…)

Security and Privacy: Trends, Tools and Techniques

Wednesday, August 12th, 2009

I’m in Houston this week giving my class “Security and Privacy: Trends, Tools and Techniques.”


Movies and TV Shows to Use for Infosec and Privacy Training and Awareness

Tuesday, June 23rd, 2009

After many long hours, I’ve finally submitted the draft manuscript for the 2nd edition of my “Managing an Information Security and Privacy Awareness and Training Program” book. However, I will still have one more chance to make changes. One of the 23 appendices within my book provides lists of resources; books, web sites, activities, games and so on. One of my lists is for movies and television shows that can be used in training or for awareness activities…


Info Sec & Privacy Days/Weeks/Months

Monday, June 15th, 2009

As I’ve mentioned a few times before, I’m in the final lap of finishing the 2nd edition of my book, “Managing an Information Security and Privacy Awareness and Training Program.” Woo hoo!
Over the weekend I updated “Appendix N – Designated Security and Privacy-Related Days.” Here are the days, weeks and months I’ve found are devoted to raising awareness about various info sec and privacy issues (this is in a much nicer-looking table format in my book)…