Okay, why would a large city like San Francisco make such a silly, preventable mistake like allowing one employee to be able to establish a super user type of account and then lock everyone else out of the government network?
“Hacker Holds Key to City’s Network: An Alleged Hacker Won’t Reveal Secret Password to Unlock San Francisco’s Network”
Archive for July, 2008
Insider Threat Example: San Fran IT Employee Exploits Poor Security Practices
Thursday, July 17th, 2008Organizations of All Sizes Need IT Security & Privacy Training
Thursday, July 17th, 2008Many organizations create broadly scoped information security training for all their personnel to take, but too few create targeted training for groups that need to have specialized knowledge for certain topics. Different departments within an organization handle different types of information, and have different types of contact with business partners, customers and other employees. So doesn’t it make sense that the payroll folks would need training specific for their job responsibilities, and sales folks would need training specific to their responsibilities that are are very different from the payroll folks, and so on?
According to the U.S. Census Bureau, small businesses employ more than half of all Americans. Very few small and medium sized businesses (SMBs) have specialized IT staff; most of the owners or personnel take on the day-to-day IT tasks themselves, operating on a wing and a prayer that nothing will go wrong. These huge numbers of folks within SMBs are also taking care of the IT security and privacy activities…hopefully.
Organizations of All Sizes Need IT Security & Privacy Training
Thursday, July 17th, 2008Many organizations create broadly scoped information security training for all their personnel to take, but too few create targeted training for groups that need to have specialized knowledge for certain topics. Different departments within an organization handle different types of information, and have different types of contact with business partners, customers and other employees. So doesn’t it make sense that the payroll folks would need training specific for their job responsibilities, and sales folks would need training specific to their responsibilities that are are very different from the payroll folks, and so on? Also, legal requirements those in various industries need specialized training. For example, those in the healthcare space in the U.S. need HIPAA training.
According to the U.S. Census Bureau, small businesses employ more than half of all Americans. Very few small and medium sized businesses (SMBs) have specialized IT staff; most of the owners or personnel take on the day-to-day IT tasks themselves, operating on a wing and a prayer that nothing will go wrong. These huge numbers of folks within SMBs are also taking care of the IT security and privacy activities…hopefully.
Get Involved With The 4th Annual Global Security Week!
Wednesday, July 16th, 2008For the past couple of years I’ve been involved with a fantastic group of people who have put their passion, time and resources into helping raise awareness of security issues throughout the world. Dr. Gary Hinson and Brian Honan in particular have invested literally hundreds (perhaps thousands?) of hours into Global Security Week throughout the past four years.
Get Involved With The 4th Annual Global Security Week!
Wednesday, July 16th, 2008For the past couple of years I’ve been involved with a fantastic group of people who have put their passion, time and resources into helping raise awareness of security issues throughout the world. Dr. Gary Hinson and Brian Honan in particular have invested literally hundreds (perhaps thousands?) of hours into Global Security Week throughout the past four years.
Get Involved With The 4th Annual Global Security Week!
Wednesday, July 16th, 2008For the past couple of years I’ve been involved with a fantastic group of people who have put their passion, time and resources into helping raise awareness of security issues throughout the world. Dr. Gary Hinson and Brian Honan in particular have invested literally hundreds (perhaps thousands?) of hours into Global Security Week throughout the past four years.
630,000+ Laptops Lost at Airports Each Year!
Tuesday, July 15th, 2008My good friend Alec sent me some great links to statistics about the numbers of laptops lost at airports each year…thanks Alec! 🙂
Here they are…
Great New Privacy Guidance Tools From The EU
Monday, July 14th, 2008Do you have any customers in any of the 27 European Union (EU) countries? Do you have any personnel in the EU? COULD YOU have?
Any company sending or receiving personally identifiable information (PII) of a very wide range of possibilities…many more items are considered as PII outside of the U.S. than within the states…to or from other countries must abide by the data protection (read “privacy”) laws for those countries. The EU Data Protection Directive (95/46/EC) establishes the minimum PII data protection requirements that ALL companies, any where in the world, must follow to send PII for their citizens over their country borders. Each of the EU countries also have specific data protection laws that may be even more restrictive than the EU Data Protection Directive (95/46/EC).
Outsourcing and Customer Service Thoughts…
Friday, July 11th, 2008Over this past week I had some interesting (to me any way) experiences related to customer service and some of the general business risks of outsourcing…
FISA Change Gives Telecoms Immunity; Headaches Ahead For Businesses?
Thursday, July 10th, 2008In case you didn’t hear about it yet, President Bush just signed into law changes to the U.S. Foreign Intelligence Surveillance Act (FISA) that, among other things, grants immunity to telecom companies that cooperate with the secret warrantless wiretap program.
