Posts Tagged ‘insider threat’
Wednesday, January 7th, 2009
According to a new Cisco study:
(more…)
Tags:awareness and training, Information Security, insider threat, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in Information Security | No Comments »
Wednesday, January 7th, 2009
According to a new Cisco study:
(more…)
Tags:awareness and training, Information Security, insider threat, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in Information Security | No Comments »
Monday, December 29th, 2008
Okay, this story begs the question, why didn’t someone at the Naval Research Laboratory notice disappearing equipment…?
(more…)
Tags:awareness and training, computer crime, crminal, Information Security, insider threat, IT compliance, IT training, Naval Research Laboratory, policies and procedures, privacy training, risk management, security training, theft, Victor Papagno
Posted in government, Information Security, Lost & Stolen Laptops | 2 Comments »
Tuesday, December 9th, 2008
I’ve written a lot about the insider threat, and the many different motivations for insiders to do malicious things (in addition to the other two types of insider threats of mistakes and lack of awareness).
Here are a couple of recently published research reports that shows how this horrible economy is impacting information security and making organizations even more vulnerable to privacy breaches…
(more…)
Tags:awareness and training, cybercrime, Information Security, insider threat, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in Information Security | No Comments »
Wednesday, November 5th, 2008
Here’s another email incident example to add to your files…
(more…)
Tags:awareness and training, email incident, email security, hackers, Information Security, insider threat, IT compliance, IT training, passwords, policies and procedures, privacy training, risk management, security training
Posted in Information Security, Privacy Incidents | No Comments »
Tuesday, October 28th, 2008
Here’s a story that points to how vulnerable people are to identity theft and other types of crimes and frauds from slimy family…and ex-family…members…
(more…)
Tags:awareness and training, identity theft, Information Security, insider threat, IT compliance, IT training, policies and procedures, privacy training, protecting information, risk management, security training
Posted in identity theft | No Comments »
Wednesday, October 15th, 2008
No matter how much technology you throw at trying to prevent security incidents, the weakest link in the organization, your personnel (who could be your strongest link with effective training and ongoing awareness) can defeat that security technology.
On purpose, because of lack of knowledge, or by making a plain ol’ mistake.
And EVERYONE makes mistakes. Fewer if they are more diligently aware though.
(more…)
Tags:awareness and training, Barack Obama, email mistakes, Information Security, insider threat, IT compliance, IT training, policies and procedures, politics, privacy training, risk management, security training
Posted in Information Security, Training & awareness | No Comments »
Monday, September 1st, 2008
Now, here’s a great example of an organization actually following through on their procedures to review access logs, and then to apply sanctions and take necessary other actions in response to non-compliance with not only organizational policies, but also with applicable laws…
(more…)
Tags:awareness and training, Information Security, insider threat, IRS, IT compliance, IT training, John Snyder, Kentucky, logs review, policies and procedures, privacy training, risk management, security training
Posted in Information Security, Non-compliance Sanctions Examples, Privacy and Compliance | No Comments »
Saturday, August 30th, 2008
I’ve been doing a lot of work with data retention and disposal policies and procedures lately, remembering the silly things I have read about with regard to organizations getting rid of their computers, such as selling their computers on eBay when they no longer need them…without removing the information! This is certainly not a phenomenon that is confined to the U.S.
Lo and behold, another situation has happened where an organization sold their old computer on eBay…for a bargain at £77 ($141), and it contained a a huge amount of personally identifiable information (PII), including credit card applications, on what is reported to be as many as over 1 million customers. Here are a few excerpts from the report in Forbes…
(more…)
Tags:awareness and training, data disposal, Information Security, insider threat, IT compliance, IT training, laptop incident, outsourcing risks, PII, policies and procedures, privacy incident, privacy training, risk management, security training, vendor risks
Posted in Information Security, Lost & Stolen Laptops, Privacy and Compliance, Privacy Incidents | No Comments »
Monday, August 25th, 2008
Yesterday I read about the 7th criminal conviction and sentencing that has been given under HIPAA, “Woman gets 14 months in ID theft case.”
(more…)
Tags:awareness and training, Health Insurance Portability and Accountability Act, HIPAA, identity fraud, identity theft, Information Security, insider threat, IT compliance, IT training, Jay Meckenstock, Leslie A. Howell, Nicole Lanae Stevenson, policies and procedures, privacy training, risk management, security training
Posted in identity theft, Laws & Regulations, Non-compliance Sanctions Examples, Privacy and Compliance, Privacy Incidents | No Comments »
