Archive for May, 2007

The Eyes of IT are Upon You! Curiosity Often Trumps Do The Right Thing According to New Study

Thursday, May 31st, 2007

At a company I did work for there was a middle manager in the IT area who liked to be the person “in the know.” At meetings he always would talk about ideas or plans that otherwise he should not have been privvy to.

(more…)

Handling Complex and Difficult Privacy and Information Security Issues

Wednesday, May 30th, 2007

Only 10 more days until my 2-day seminar, “Handling Complex and Difficult Privacy and Information Security Issues” in Scottsdale, Arizona on June 9th and 10th (Saturday and Sunday)!

(more…)

Outsourced Company’s Unsecure Application Makes U.K. Passport Applicant PII Available to Everyone On the Internet

Wednesday, May 30th, 2007

On May 18 the U.K. Data Protection Commissioner said in a Channel 4 news report he’s going to investigate why an online visa application system allowed the personally identifiable information (PII) of around 50,000 applicants from India who had applied for U.K. passports viewable on the Internet.

(more…)

Insider Threat Example: Leaked Clinton Memo Provides At Least 5 Good Security Lessons

Tuesday, May 29th, 2007

Mid-last week it was widely reported, probably more so in the national news than here in Iowa, that one of Hillary Clinton’s top campaign folks had written a memo to her urging her to skip Iowa and focus on other states. This leaked memo was the grist of much discussion on the political talk shows over the weekend.

(more…)

A Twist Within a New State Breach Notice Law: Maryland’s Also Requires Information Security Safeguards

Monday, May 28th, 2007

Here’s something that you don’t see in other states…
On May 17, Maryland Governor Martin O’Malley signed into law two identical bills, one from the House and one from the Senate, that require businesses to notify state residents if their unencrypted or unredacted personal information, whether in electronic or paper form, is breached. In addition to mandating breach notification, the new law contains data security and data destruction requirements for companies doing business in the state.

(more…)

More Reason to Strengthen Information Security: New MN Law Restricts How Long Merchants Can Retain Purchase Information

Monday, May 28th, 2007

To date we have at least 37 U.S. states that have enacted breach notice laws, (Maryland’s new breach notice law was signed May 17th), but these address how to react AFTER personally identifiable information (PII) has been compromised. Multiple federal-level bills proposed but none yet passed.

(more…)

Emergency and Disaster Planning: Government Establishes a Limited Time Pandemic Flu “Blog Summit”

Friday, May 25th, 2007

Ever since talk of the bird flu pandemic started making the news in 2005, information assurace folks have talked about how this could affect them and their efforts. There have been some very interesting viewpoints and insights. Most related to the loss of availability of personnel needed for the business to continue to function, loss of access to vendors, and to outsourced entities, and other emergency management and disaster recovery issues.
When you start thinking about it and brainstorming with your colleagues you discover there truly are many related information assurance issues.

(more…)

SEC Approved Multiple Compliance Guidance and Rules Documents For SOX, SMBs and Credit Rating Agencies

Thursday, May 24th, 2007

Yesterday the U.S. Securities and Exchange Commission (SEC) approved new guidance documents for SOX Section 404 compliance, modernization of smaller company capital — raising and disclosure requirements, and voted to adopt final rules to implement the Credit Rating Agency Reform Act of 2006.

(more…)

Insider Threat Example: Ex-Coca-Cola Employees Sentenced to Prison For Trying To Sell Trade Secrets To Pepsi

Thursday, May 24th, 2007

An article broke yesterday that closely mirrors one of the discussion topics within the Human Factors seminar that I teach for the Norwich University MSIA program.

(more…)

Inefficient Compliance Activities Costs $$: Survey Says SOX Compliance Costs Were Down In 2006, But They Should Have Been Down More

Wednesday, May 23rd, 2007

On May 16 Financial Executives International (FEI) announced the results of their sixth Sarbanes-Oxley (SOX) compliance survey, based upon a poll of 200 companies subject to SOX. They’ll charge you $99 for the report if you aren’t an FEI member.
However, they give you some teasers on their site:

(more…)