Oh, boy, reading this Wall Street Journal story, “Ten Things Your IT Department Won’t Tell You” brought back some memories of personnel who went to great lengths to get around security requirements!
Archive for July, 2007
Insider Threat and Cowboys: The Wall Street Journal Tells Your Personnel How To Get Around Your Security
Tuesday, July 31st, 2007International PII Data Transfers: New Requirements from Spain
Monday, July 30th, 2007In this global economy it is important for you to know, understand and follow the data protection laws in all the countries where you have offices, have customers, store personally identifiable information (PII) and from where PII is accessed. Each country has nuances within their laws that could create quite a big obstacle if you are doing business there and find you must suddenly stop because you are out of compliance with their data protection laws.
Do You Think Privacy Is Really Dead?
Saturday, July 28th, 2007I occasionally post to the Cutter Consortium blog, and the recent topics there have involved privacy.
Retail Locations Have Unique Challenges With PCI DSS Compliance
Friday, July 27th, 2007I’ve been intrigued lately with PCI DSS compliance. It has all retailers on edge, has multiple vendors drooling, and has spawned new laws and bills, such as in Minnesota and Texas. I’ve had interesting discussions about it with those who process credit card payments, and I’ve been doing some research into the various issues.
Confusing Folks: PHR, PHI, PII, NPPI, and Dozens of Other Acronyms…It’s Still All Personal Information
Wednesday, July 25th, 2007I really enjoy reading survey results. I can’t help myself. Whether the surveys are well-done, sloppy, long, short, statistically accurate or obviously statistically invalid, I still find them interesting. Especially when they cover what the general public and non-IT/non-infosec person thinks or knows about information security and privacy, or some industry-specific issue.
Privacy Initiatives Sincere Or Marketing Ploy?
Tuesday, July 24th, 2007Reminder: Your “Privacy in the 21st Century” Submissions Need to Be in by July 27th…This Friday!
Tuesday, July 24th, 2007Last week I posted about this year’s Global Security Week.
PCI DSS and Identity Theft
Monday, July 23rd, 2007Over the past month or so I’ve been discussing the Payment Card Industry (PCI) Data Security Standards (DSS) with some of my information assurance practitioner friends and colleagues and what they’ve been doing to meet the requirements and accompanying challenges. I was thinking about some of the issues over the weekend.
Insider Threat Example: Payroll Employee Threatens To Illegally Use Other Employees’ PII If Not Given a Good Review
Sunday, July 22nd, 2007Here’s another example of the insider threat similar to situations that I’ve heard of happening many times throughout the years through conversations with folks at conferences and other professional meetings.
