Posts Tagged ‘privacy compliance’

Stay Alert for Stegoloader and Rombertik Malware Threats

Friday, July 17th, 2015

Recently a friend of mine sent me a photo of the image on his computer screen. It was a Windows firewall warning message that his computer had been infected with malware. He said that when he tried to re-boot the computer it got into an endless loop and he could not get it to do anything. He finally took it to the computer repair shop, and they had to reload a new system. Thankfully he had a complete, clean, backup of all his files, so he didn’t lose anything. I asked what the repair folks said the problem was, and he indicated that they didn’t tell him anything specific, only that he “probably had bad malware.” (more…)

Hey, Developers! Save Privacy in the IoT Explosion

Thursday, July 2nd, 2015

I’ve been concerned with and writing about the information security and privacy risks involved with the data created, transmitted and processed by smart devices in the Internet of Things (IoT) for several years since they first started emerging (e.g., here) and will likely be writing on it even more in the coming months and years. According to a new IDC research report, the IoT market will grow from $655.8 billion in 2014 to $1.7 trillion in 2020 with a compound annual growth rate (CAGR) of 16.9%. Will privacy die in this IoT explosion? If IoT developers and manufacturers take action now, I’m optimistic that they can save privacy in the IoT explosion. (more…)

It is Time to Set Social Media Rules

Sunday, June 28th, 2015

Over the past couple of weeks, I have spent a lot of time speaking with one of my clients about social media and posts from employees and contractors that may have a negative impact on the business. And the client is right to be concerned.

Most businesses are now using social media sites to communicate with their customers, potential customers, patients, employees, and everyone in between. However, such communications can often go awry at best, and result in privacy and security violations at worst. Here are just a few examples of what can go wrong. (more…)

Change Controls Are Still Necessary

Friday, June 5th, 2015

In the past week I helped a client whose programming staff had just caused a business disruption for the fifth time in two months because of the changes they made in the program code of their online service. The programmers, and so many of my other clients, have expressed the opinion that they can just code something and plop it out into production, without testing. And then they try to tell me that is “agile programming.” No, it is not. It is unsecure and, quite frankly, lazy programming. (more…)

Corporate Communications Officers Tying The Hands Of Information Security and Privacy Pros

Tuesday, April 29th, 2008

I’ve been here at the CSI SX conference for the past few days, and I’ve had the great opportunity and pleasure of speaking with a large number of folks while here. I was finally able to meet Ron Woerner in person (nice to meet you Ron!) after communicating with him in the Security Catalyst Community over the past 1+ year.
I love coming to these conferences and just talking with the participants. There is always at least one topic for which I receive enlightenment that I had not considered before. During the past few days I’ve spoken with 4 to 5 people who are responsible for information security, all from highly regulated industries, who all say despite their adequate to even generous information security and privacy budgets, some of their most important information security and privacy efforts are being quashed by their corporate communications offices; those responsible for the messages that are sent to personnel throughout the enterprise.


P2P Security Study Released

Monday, April 28th, 2008

The results of an interesting study, “The Ignored Crisis in Data Security: P2P File Sharing,” performed by the Ponoman Institute and sponsored by Tiversa, were recently released on April 21.
Here are a few interesting tidbits from the report…


Do We REALLY Need Doctors To Do Consultations Via Email?

Friday, April 25th, 2008

A few months ago I had some lively back-and-forth blog postings with a doctor who used email and instant messaging (IM) a lot in his practice; here, here and here.
Today my good friend Alec forwarded me another interesting news article (thanks Alec!) about the use of email by doctors; “It’s no LOL: Few US doctors answer e-mails from patients.”


Smart Business Leaders Support Effective Log Management Practices and Necessary Resources

Thursday, April 24th, 2008

The second article in this month’s IT Compliance in Realtime Journal is, “Smart Business Leaders Support Log Management.”
I wrote this with an audience of information security and privacy personnel, along with IT managers, in mind.
Download the formatted PDF version to get the full content, not to mention a nicer looking document.
Here is the unformatted version…


My Information Security and Privacy Convergence Webcast Now Available

Wednesday, April 23rd, 2008

Yesterday the ISSA posted on their website a free webcast I did, “Information Security and Privacy Convergence
Here is the synopsis…


Improve Program Change Controls To Reduce Incidents

Monday, April 21st, 2008

Recently in my Norwich MSIA class we were discussing the importance of program change controls, and I wanted to continue the discussion here because as important as it is, it typically does not get the attention it deserves in most organizations.