Posts Tagged ‘regulatory compliance’

Obscure Email Security Issues: Whitehouse Provides Lessons in Email Management Practices and Using Non-Business Email Accounts to Conduct Business

Sunday, April 15th, 2007

So much is in the news lately related to information assurance it is hard to pick which one to share my thoughts about. However, the misuse of email, managing email, and the maintenance of email systems, which I know I’ve already talked about recently, just keeps bubbling to the top of concerns.
Throughout last week and over the weekend while watching the news programs, listening to the political pundits, and reading various news magazines there has been much talk about how perhaps millions of Whitehouse emails have seemed to have vanished, along with discussion about the use of non-Whitehouse systems for Whitehouse business emails.


Obscure Email Security Issue: 5 Lessons About Re-using Email Addresses

Thursday, April 12th, 2007

Does your organization ever re-use email addresses whenever someone leaves the company? Do you know that some of your customers‚Äô and personnel’s email service providers re-use email addresses when their subscribers leave? Probably more than you realize.


What Were They Thinking!? U.S. Marshals Put The PII of Thousands of People on a D.C. Street For Anyone To Take

Saturday, March 31st, 2007

I read a lot of articles about incidents; it is hard to keep up with them all! However, one I ran across on the WUSA 9News Now site in Washington D.C. grabbed my attention.


Software Licensing Infringement: Man Sentenced to 27 Months of Prison For Selling $700,000 Worth Of Illegally Copied Software

Friday, March 30th, 2007

One of the earliest types of activities I did with regard to compliance was a desktop computer-by-computer audit of a subsidiary that my employer at the time had just acquired. This was in the first half of the 1990’s. I found one licensed copy each of around 15 different software programs they used for business. I found anywhere from 25 to 150 copies of each of the software packages throughout the organization. At that time it was common for businesses to be unaware of software licensing requirements. However, I did find a few cases of folks who had actually tried to make a profit off the copies by selling them to friends.


What A Nice Surprise: I’m On the IT Security List of Top 59 IT Security Influencers!

Thursday, March 15th, 2007

It was quite a wonderful surprise to read an email message this morning from IT Security telling me I was put on their list of top 59 IT security influencers for 2007.


Trying To Determine Actual Numbers of Privacy Breaches Since 1980; An Exercise in Futility?

Wednesday, March 14th, 2007

Today a press release caught my eye, “Hackers get bum rap for corporate America’s digital delinquency.”
Hmm…sounds interesting. Let’s see what is behind this nicely-hooking title.


Preventing Data Leakage Through Email and Instant Messaging

Tuesday, March 13th, 2007

Incidents continue to accumulate and hit the daily headlines. Many of them involve the loss of sensitive information through some type of messaging activity. The losses can have devastating impacts to business.
The messaging-related incidents are sometimes technology-based, such as social-engineering tactics through instant messaging (IM) communications, sometimes they pre-meditated malicious activities, and sometimes they are just plain ol’ “OOPS!! What the heck did I just do!!!!???” types of situations.


“Protecting Personal Information: A Guide for Business”: Free from the FTC

Thursday, March 8th, 2007

Today the U.S. Federal Trade Commission (FTC) released a 24-page guide, “Protecting Personal Information: A Guide for Business
Within the guide the FTC advises businesses to protect personally identifiable information (PII) through the following actions:


How Access Management Compliance Supports Good Business

Thursday, March 8th, 2007

Many business leaders I speak with now have great concern for data protection law and regulation compliance, which is certainly prudent. However, often when digging into the details of their compliance plans and activities, I find most of the effort and budget is going towards initiatives for firewall and perimeter protection, with increasing implementations for encryption.


New Benchmark Research Report Released Today from IT Policy Compliance (ITPC): “Taking Action to Protect Sensitive Data”

Wednesday, March 7th, 2007

Today IT Policy Compliance released a new benchmark research report, “Taking Action to Protect Sensitive Data.”
I had the great oppportunity to not only have a sneak peak at the report, but also to speak yesterday about the report with Jim Hurley, the Managing Director for IT Policy Compliance who authored the report, and Heriot Prentice, Director of Technology at The Institute of Internal Auditors (IIA) which is one of the sponsors for the IT Policy Compliance site.