Archive for April, 2007

Insider Threat Example: Former Wal-Mart Employee Spied Because His Managers Told Him To

Wednesday, April 4th, 2007

I have seen organizations where management and staff members were so fixated on protecting the company, to the disregard of observing laws and complying with policies, that they ended up doing completely inappropriate actions that involved infringing on privacy and breaking laws.

(more…)

Privacy Act: FTC Proposes Allowing Disclosure of PII Records to Third Parties To Assist Data Breach Response Within Gov’t Agencies

Tuesday, April 3rd, 2007

On March 29 the FTC published a proposed new routine use, (72 Fed. Reg. 14814, 3/29/07), that would allow FTC records governed by the Privacy Act to be disclosed to “appropriate” persons and entities when reasonably necessary to respond and prevent, minimize, or remedy harm resulting from a U.S. government agency data breach or compromise.

(more…)

How Long Has It Been Since You’ve Done An Awareness Activity? Privacy and Security Week Starts April 8

Monday, April 2nd, 2007

Awareness activities are an important and necessary component of an effective, layered, information assurance program. Too little time is spent on communicating information security and privacy requirements, threats, vulnerabilities, and other related issues within most organizations. Providing regular traning and ongoing awareness activities to all personnel, along with customized training to targeted groups with unique information security responsibilities, such as call centers, sales and marketing folks, and applications and systems developers, as is also very important.

(more…)

What Businesses Need to Know About Reputation-Based Messaging Technology

Sunday, April 1st, 2007

I first started hearing about reputation-based technologies used in conjunction with filtering messages a couple of years ago. What a great idea! It does make sense to analyze the characteristics of a message to help determine whether or not it is legitimate, spam, contains malware, or is likely to be some other type of message you do not want getting onto your corporate network, doesn’t it? Trying to determine the “reputation” of the message seems to be a good additional check. Banks and credit card companies have been doing similar types of activities for decades, looking at the reputation of their loan and card applicants, when generating credit scores. It seems as though this type of analysis, while not fool-proof, could also have the potential to greatly assist with keeping unwanted messages from clogging the enterprise networks and mailservers.

(more…)