Archive for March, 2009
Tuesday, March 31st, 2009
Upon reading and researching HIPAA and the impact of the HITECH Act upon it, basically broadening its applicability as well as adding new requirements for privacy breach notifications, I recently was compelled to write an article about what I foresee as likelihood that, after a very frustratingly slow start (by several years!) of HIPAA enforcement, increasingly more HIPAA sanctions will be made in the coming months and years.
SearchCompliance printed my article in three parts in their Compliance Tips section…
(more…)
Tags:awareness and training, convictions, HIPAA, HITECH Act, Information Security, IT compliance, IT training, policies and procedures, privacy awareness, privacy breach, privacy training, risk management, sanctions, security awareness, security training
Posted in Laws & Regulations, Non-compliance Sanctions Examples, Privacy and Compliance | No Comments »
Thursday, March 26th, 2009
I first realized the need for information security and legal compliance areas to closely collaborate on converging issues in the mid-1990’s while establishing the information security and privacy requirements for one of the first online banks. Over the past 5+ years I’ve been actively evangelizing through my 2-day classes, conference and meeting speeches, and many articles and other publications about the need for information security, privacy and legal compliance areas to collaborate, and pointing out the areas where these responsibilities converge.
(more…)
Tags:awareness and training, Information Security, information security and privacy convergence, IT compliance, IT training, laptop theft, policies and procedures, privacy awareness, privacy breach, privacy training, risk management, security awareness, security training
Posted in Information Security, Privacy and Compliance | No Comments »
Wednesday, March 25th, 2009
I was very happy to be invited to Carnegie Mellon University (CMU) to speak about information security and privacy convergence last month at their CyLab research and education center. It was a great experience!
(more…)
Tags:awareness and training, Carnegie Mellon, CyLab, Information Security, IT compliance, IT training, policies and procedures, privacy awareness, privacy training, risk management, security awareness, security training
Posted in Information Security | No Comments »
Tuesday, March 24th, 2009
I’ve heard far too many business leaders in lesser-regulated industries, of organizations of all sizes, say something to the effect of, “Oh, we don’t have any information that hackers would find of any value.”
(more…)
Tags:awareness and training, identity theft, Information Security, IT compliance, IT training, policies and procedures, privacy awareness, privacy training, risk management, security awareness, security training
Posted in identity theft, Information Security, Privacy and Compliance | No Comments »
Monday, March 23rd, 2009
Over the weekend I did some research to make sure I am up to date with all the current U.S. state and U.S. territories breach notice laws…
(more…)
Tags:awareness and training, breach notice laws, Information Security, IT compliance, IT training, policies and procedures, privacy awareness, privacy breach, privacy training, risk management, security awareness, security training
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »
Sunday, March 22nd, 2009
I’ve been reviewing some “canned” information security and privacy training offerings in the past few months, and I’m seeing that many of them are trying to dump TOO MUCH information on those taking them; learners can only absorb so much information within a short period of time and retain it for any significant amount of time!
(more…)
Tags:awareness and training, Information Security, IT compliance, IT training, policies and procedures, privacy awareness, privacy training, risk management, security awareness, security training
Posted in Information Security, Privacy and Compliance, Training & awareness | No Comments »
Thursday, March 19th, 2009
I’ve been using Twitter now (http://www.twitter.com/privacyprof) for three going on four weeks. I’ve found it to be a very great way to be in touch with the latest news and happenings, and also to get in touch with other folks who care about and want to discuss the same types of topics as I do. I also see using Twitter within business organizations as a very good awareness raising tool. More on that in another post. But for now I want to discuss some of the potential personal hazards of tweeting…
(more…)
Tags:awareness and training, Information Security, IT compliance, IT training, policies and procedures, privacy awareness, privacy training, risk management, security awareness, security training, social network security, twitter
Posted in Information Security, Privacy and Compliance | No Comments »
Wednesday, March 18th, 2009
Here are some encryption solution reviews, from David Strom at PC World, that anyone who wants to protect their laptop data, as well as information security, and yes privacy, practitioners should find useful…
(more…)
Tags:awareness and training, data protection, encryption, Information Security, IT compliance, IT training, laptop security, policies and procedures, privacy training, risk management, security training
Posted in Information Security | No Comments »
Tuesday, March 17th, 2009
Would you notice a $20 – $30 fraudulent charge mixed in with a lot of other charges…most people have more than 10 according to a financial fraud expert friend…on your credit card statement?
It looks like in Bulgaria they really lower the sanctions boom on those committing computer fraud..
(more…)
Tags:awareness and training, computer crime, cybercriminal, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in identity theft, Information Security, Privacy Incidents | No Comments »
Monday, March 16th, 2009
Here’s another awareness raising opportunity…
(more…)
Tags:awareness and training, BCP, business continuity, Information Security, IT compliance, IT training, Norwich, policies and procedures, privacy training, risk management, security training
Posted in Information Security | No Comments »