Archive for January, 2008

Some more information and ideas for Data Privacy Day, January 28

Sunday, January 27th, 2008

Last Thursday I posted about how tomorrow (1/28) is International Data Privacy Day.
I was delighfully surprised to receive an email in response to my blog post from Leonardo Cervera, the coordinator of Data Privacy Day 2008! Be sure to check out his site to find comprehensive information about all the activities being done for Data Privacy Day, as well as seeing the world-wide support Data Privacy Day is being given…it is good to see government agencies and large corporations acknowledging the importance of preserving privacy.

(more…)

Insider Threat: Worker Deletes 7 Years of Files; Lesson? Make Backups!!

Friday, January 25th, 2008

Here is another example of what a worker, entrusted with access to business files, can do…and also provides a lesson about business continuity…
I just watched a CNN clip, “Cyber Sabotage” that provides a very good example of how costly the insider threat can be.

(more…)

Insider Threat: Worker Deletes 7 Years of Files; Lesson? Make Backups!!

Friday, January 25th, 2008

Here is another example of what a worker, entrusted with access to business files, can do…and also provides a lesson about business continuity…
I just watched a CNN clip, “Cyber Sabotage” that provides a very good example of how costly the insider threat can be.

(more…)

January 28 is International Data Privacy Day

Thursday, January 24th, 2008

Did you know that International Data Privacy Day is fast approaching? On Monday, January 28 the United States joins 27 European countries to celebrate Data Privacy Day 2008. “The day will feature several efforts to promote the importance of data protection, including a meeting at Duke University among European and U.S. privacy experts.

(more…)

Improve Information Security And Privacy By Engaging Your Personnel And Their Children…Our Future Information Security and Privacy Leaders

Wednesday, January 23rd, 2008

Personnel will understand information security and privacy issues better if they can relate to the issues within their own lives. If they can see how the issues impact their family members and friends, that helps to raise awareness even more. If they can see their children’s perspectives of the issues, and see how their family members may be unknowingly putting their information at risk, it helps them to see even more the importance of the issues, and also helps them to guard against the associated threats even better.

(more…)

Social Engineering Schemes Increase: Great Case Study From An Actual Event

Tuesday, January 22nd, 2008

Last month I finished the second issue of my Protecting Information publication and the topic couldn’t be more timely: social engineering.
Just today I have already read in my daily news items 5 articles about social engineering! One in particular, “CUNA Mutual Warns on Costly HELOC Scam,” provides not only a great example of a current social engineering scam, but it would also make a great case study for social engineering training and within your awareness communications and activities. Here’s a quick overview…

(more…)

CMS Announces Plans To Actively Audit Hospitals For HIPAA Compliance

Monday, January 21st, 2008

The U.S. Centers for Medicare and Medicaid Services (CMS) announced last week that they plan to audit 10 – 20 hospitals for HIPAA compliance in the next 9 months according to a Government Health IT article.

(more…)

Insider Threat Example: Former Cox Employee Sent To Jail (And More) For Hacking System

Sunday, January 20th, 2008

It is not only important, but absolutely necessary, to let personnel know what your information security and privacy policies are, along with your organization’s sanctions, and then consistently enforce your policies. If personnel know that policies are not enforced, and that there is no negative consequence for not properly safeguarding information and systems, it becomes easy for personnel to not follow policies when it is inconvenient or time-consuming to do so. It is also easier for personnel to do bad things as vendettas when they get upset.

(more…)

FTC Hands Down Another FTC Act Noncompliance Penalty For Bad Online Application Security

Friday, January 18th, 2008

Yesterday the U.S. Federal Trade Commission (FTC) handed down yet another penalty against an online retailer, Life is good, Inc., for not properly safeguarding their online ecommerce applications.
The FTC charged they were in violation of the FTC Act because they promised in their online privacy statement that they would safeguard their customer data, but yet a hacker “was able to use SQL injection attacks on Life is good’s Web site to access the credit card numbers, expiration dates, and security codes of thousands of consumers.”

(more…)

A Roadmap For Successful ITIL Implementation

Thursday, January 17th, 2008

The final chapter of my ebook, “The Shortcut Guide to Improving IT Service Support through ITIL” was just released!

(more…)