Posts Tagged ‘corporate governance’

If People Aren’t Trained The Best Security Will Go For Naught

Saturday, June 2nd, 2007

This week there has been much talk in the U.S. news about how Andrew Speaker, the now notorious TB patient (more specifically extensively drug-resistant tuberculosis, or XDR-TB), apparently very easily circumvented security controls to come back into the U.S. via Canada.
My heading is a paraphrase of a longer quote I really like from Charles Schumer that he made about this incident, but that also applies very nicely to all information security practices.

(more…)

Handling Complex and Difficult Privacy and Information Security Issues

Wednesday, May 30th, 2007

Only 10 more days until my 2-day seminar, “Handling Complex and Difficult Privacy and Information Security Issues” in Scottsdale, Arizona on June 9th and 10th (Saturday and Sunday)!

(more…)

Emergency and Disaster Planning: Government Establishes a Limited Time Pandemic Flu “Blog Summit”

Friday, May 25th, 2007

Ever since talk of the bird flu pandemic started making the news in 2005, information assurace folks have talked about how this could affect them and their efforts. There have been some very interesting viewpoints and insights. Most related to the loss of availability of personnel needed for the business to continue to function, loss of access to vendors, and to outsourced entities, and other emergency management and disaster recovery issues.
When you start thinking about it and brainstorming with your colleagues you discover there truly are many related information assurance issues.

(more…)

SEC Approved Multiple Compliance Guidance and Rules Documents For SOX, SMBs and Credit Rating Agencies

Thursday, May 24th, 2007

Yesterday the U.S. Securities and Exchange Commission (SEC) approved new guidance documents for SOX Section 404 compliance, modernization of smaller company capital — raising and disclosure requirements, and voted to adopt final rules to implement the Credit Rating Agency Reform Act of 2006.

(more…)

Inefficient Compliance Activities Costs $$: Survey Says SOX Compliance Costs Were Down In 2006, But They Should Have Been Down More

Wednesday, May 23rd, 2007

On May 16 Financial Executives International (FEI) announced the results of their sixth Sarbanes-Oxley (SOX) compliance survey, based upon a poll of 200 companies subject to SOX. They’ll charge you $99 for the report if you aren’t an FEI member.
However, they give you some teasers on their site:

(more…)

The Need to Build Security In: Poor Implementation of Indianapolis Public Schools Website Allows Viewing of PII For 7000+ Students and Teachers

Friday, May 18th, 2007

Today Monsters and Critics reported, “Indianapolis Public Schools exposes thousands to risk of identity theft.”
Apparently the Indianapolis Public Schools (IPS) website “that allows teachers to post reviews, student-writing samples, grades, and other confidential material to the IPS network” was implemented and configured without much attention to security.

(more…)

Does Using “Certified” Software Products Improve Compliance?

Thursday, May 17th, 2007

It seems the term “certified” is being used more and more…for professionals, hardware, software, you name it.
You see software vendors touting that their products have been certified and that they will help companies meet “compliance,” but I have found very little research into what this really means, or if it means anything at all.

(more…)

Information Security and Privacy Professionals Must Partner on Over 15…no wait…Over 20 Different Enterprise Issues

Wednesday, May 16th, 2007

Not too long ago I blogged about the need for information security and privacy professionals to work together to address safeguarding sensitive and personally identifiable information (PII). Within it I talked about how a workshop Chris Grillo and I created and give, “Handling Complex and Difficult Privacy and Information Security Issues,” discusses over 15 common issues that these professionals need to partner on.

(more…)

Reducing Attack Exposure for Internet-Facing Applications

Thursday, May 3rd, 2007

Yesterday the Channel 12 news in Jackson, Mississippi reported a Kennesaw, Georgia business had its Internet-facing computer system hacked. That business’s application is “now generating thousands of counterfeit messages to businesses and consumers, purporting to be a complaint filed with the BBB.”

(more…)

SOX Amendment Defeated: Information security and SMBs

Tuesday, May 1st, 2007

A week ago today (April 24, 2007) the senate defeated an amendment in a 35 – 62 vote for allowing more lax internal control reuiqements for small and medium sized businesses (SMBs) under the Sarbanes-Oxley Act (SOX).

(more…)