Posts Tagged ‘reputation’
Thursday, November 29th, 2012
Are you faking it online? Or faking it at work? While faking it certainly has its benefits in both places, I want to touch upon a couple of concerns I have with using fake identities. (more…)
Tags:awareness, breach, compliance, customers, data protection, e-mail, electronic mail, email, employees, employment, facebook, fake IDs, hiring, HR, human resources, IBM, Information Security, information technology, infosec, IT security, job applicants, laws, messaging, midmarket, non-compliance, patients, personal information, personally identifiable information, personnel, PII, policies, privacy, privacy breach, privacy professor, privacyprof, Rebecca Herold, reputation, risk, security, sensitive personal information, social media, social networking, SPI, systems security, test data, training, twitter
Posted in Social Media | 2 Comments »
Wednesday, November 21st, 2012
Growing numbers of organizations are trying to figure out the benefits of anonymizing, or as HIPAA (the only regulation that provides specific legal requirements for such actions) puts it “de-identifying,” personal information. Healthcare organizations see benefits for improving healthcare. Their business associates (BAs) see benefits in the ways in which they can minimize the controls around such data. Of course marketing organizations salivate at the prospects of doing advanced analysis with such data to discover new trends and marketing possibilities. The government wants to use it for investigations. Historians want to use it for, yes, marking historical events. And the list (more…)
Tags:anonymization, anonymized, audit, awareness, BAs, breach, CEs, compliance, customers, data protection, de-identificaiton framework, de-identification, de-identify, e-mail, electronic mail, email, employees, employment, Herold de-identification, HHS, HIPAA, hiring, HITECH, HR, human resources, IBM, Information Security, information technology, infosec, IT security, job applicants, laws, messaging, midmarket, non-compliance, OCR, patients, PbD, personal information, personally identifiable information, personnel, PHI, PII, policies, privacy, privacy breach, Privacy by Design, privacy professor, privacyprof, Rebecca Herold, reputation, risk, security, sensitive personal information, SPI, systems security, training
Posted in HIPAA, privacy, Uncategorized | No Comments »
Wednesday, October 31st, 2012
Last week I got the following question:
“By becoming ISO 27001 certified does that automatically mean we comply with HIPAA and HITECH requirements? Are there any requirements of HIPAA/HITECH that are not required to meet ISO 27001 standards?”
This is not the first time I’ve gotten this question, and others similar. As new technology businesses, cloud services and other businesses are popping up to provide services to large regulated organizations, start-ups are increasingly looking for a way to differentiate themselves from their competitors, and also prove that they have not only effective security controls in place, but that they also (more…)
Tags:27001, 27002, audit, awareness, breach, certification, compliance, customers, data protection, e-mail, electronic mail, email, employees, employment, HHS, HIPAA, hiring, HITECH, HR, human resources, IBM, Information Security, information technology, infosec, ISMS, ISO27001, ISO27002, IT security, job applicants, laws, messaging, midmarket, non-compliance, OCR, patients, personal information, personally identifiable information, personnel, PII, policies, privacy, privacy breach, privacy professor, privacyprof, Rebecca Herold, reputation, risk, security, sensitive personal information, SPI, systems security, training
Posted in HIPAA, HITECH, Laws & Regulations | No Comments »
Monday, October 22nd, 2012
Last week one of my Facebook friends started a “friends only” discussion on his wall. It was a very interesting discussion, and one of his friends took the discussion, pretty much verbatim, and posted within a “public” (as in meant for the world to see) popular blog site. So the information on the Facebook page, where around 250 – 300 people could see the posts were now in a location where the bazillion (possibly a bit fewer) blog readers could see all the posts and the full names of those who made them. This is not the first time a situation like this has occurred. A lot of the information posted on people’s social media pages are really tempting to take and use as examples, or for business activities such as for marketing and promotions. However, doing so could get you into some personal and/or legal hot water. As organizations and individuals consider taking information they find on social media sites, they need to consider the reasons why doing so may not be a good idea after all.
Reason #1: It will (more…)
Tags:awareness, breach, compliance, copyright, Creepshots, customers, data protection, e-mail, electronic mail, email, employees, employment, facebook, Gawker, hiring, HR, human resources, IBM, Information Security, information technology, infosec, IT security, job applicants, laws, LinkedIn, messaging, Michael Brutsch, midmarket, non-compliance, patients, personal information, personally identifiable information, personnel, PII, policies, privacy, privacy breach, privacy professor, privacyprof, Rebecca Herold, Reddit, reputation, risk, security, sensitive personal information, social media, social network, SPI, systems security, training, twitter, Violentacrez
Posted in Social Media | 2 Comments »
Monday, October 1st, 2012
Today is October 1st, which is also Blue Shirt Day™ World Day of Bullying Prevention©!
Cyber bullying is a topic I cover in my Q3 2012 issue of Protecting Information Journal, and my youth reporter for this quarter’s issue, Lexx, wrote about his personal experience with cyber bullying. Typically only my subscribers get to read these great articles, but in honor of Blue Shirt Day™ I want everyone to have a chance to read his article that provides important insights into how so many of our children are dealing with this growing problem. Here it is in its entirety; please provide feedback, not only to me, but also for my talented youth reporter! (more…)
Tags:awareness, Blue Shirt Day, breach, bullying, CiviliNation, compliance, cyber bully, cyberbully, Daniel Solove, e-mail, electronic mail, email, Information Security, information technology, infosec, IT security, Mary Kay Hoal, messaging, non-compliance, online posting, personal information, personally identifiable information, PII, policies, privacy, privacy breach, privacy professor, privacyprof, protecting information, protecting information journal, Rebecca Herold, reputation, security, sensitive personal information, social media, SPI, Sue Scheff, systems security, training, tweet, twitter, YourSphere
Posted in Cyber Bullying | No Comments »
Sunday, April 1st, 2007
I first started hearing about reputation-based technologies used in conjunction with filtering messages a couple of years ago. What a great idea! It does make sense to analyze the characteristics of a message to help determine whether or not it is legitimate, spam, contains malware, or is likely to be some other type of message you do not want getting onto your corporate network, doesn’t it? Trying to determine the “reputation” of the message seems to be a good additional check. Banks and credit card companies have been doing similar types of activities for decades, looking at the reputation of their loan and card applicants, when generating credit scores. It seems as though this type of analysis, while not fool-proof, could also have the potential to greatly assist with keeping unwanted messages from clogging the enterprise networks and mailservers.
(more…)
Tags:awareness and training, image spam, Information Security, IT compliance, messaging technology, policies and procedures, privacy, reputation, risk management, spam
Posted in Information Security | 5 Comments »
