I got my week’s issue of Time magazine in the mail today, and lo-and-behold the cover and feature story was about Twitter!

I must admit that I thought for a long time that Twitter was just a useless time-sucking addictive Web 2.0 tool. Then I tried Twitter (http://twitter.com/privacyprof) in February and discovered it was a great source for breaking news, pointers to papers and research papers, real-time tweets from interesting conference sessions, and a great way to meet others from all over the world with similar interests. Sure, there are DEFINITELY security and privacy dangers, but there are also information gold nuggets. You make Twitter as valuable as you want it to be; as it can be.
Even if you don’t use it, you definitely need to make sure your web 2.0 policies cover the use of Twitter! I’ve seen some VERY sensitive information tweeted. See item #4 below for some good examples of policies.
I ran across a ton of great information this week. Here are most of my tweets from the past 6-7 days for you to find some gold nuggets of useful information for yourself:

1. RT @BreakingNews: La Russa says Twitter has agreed to pay legal fees and make a donation to his Animal Rescue Foundation after impersonat…
2. RT @USATODAY: Unemployed receive free Botox at Va. clinic http://tinyurl.com/o34bd5
3. @rcalo: EFF put out an incredible Terms of Service tracker, which alerts you to changes. Congrats! http://tinyurl.com/o2yc32
4. Orgs, C the Web 2.0 policies 4 gud exmpls =>RT @marlinex: Microblogging & Twitter Best Practices Docs http://bit.ly/tVZsi #socmedsc #gov20
5. Got in mail 2day + just read while running; intrstng! RT @digiphile: Reading @TIME on Twitter http://bit.ly/uVgE2 By @StevenBJohnson
6. RT @BreakingNews: Prosecutors tell BNO News: Former high ranking U.S. officials charged with espionage for Cuba. http://adjix.com/84fe
7. RT @Reuters: FLASH: Former U.S. State Dept. official, wife arrested for spying for Cuba for nearly 30 years -Justice Dept.
8. Demonstrates importance of good policy writing @sectorprivate …” , not the office in which the computer was being used.”
9. Intrstng! @sectorprivate “…any policy regarding computer monitoring involved monitoring the computer system itself…”
10. @sectorprivate I noticed that; but it’s an important question that those in the case should consider.
11. Ive been looking 4 great backup storage;a possibility SanDisk Ultra Backup 64GB w/encryption Anyone use/recommend/warn? http://bit.ly/qlXVT
12. Blog “NOT Providing Training and Awareness Is The Dumbest Idea For Information Security” http://bit.ly/aRzPs
13. #insiderthreat in UK PRT @privacyint: Government staffers caught looking up details of celebrities on…ID register. http://bit.ly/RUWVQ
14. RT @privacyint: Bermuda is closely following the UK on DNA policy, noting that the UK has not yet changed policy sinc… http://bit.ly/XvLJ3
15. RT @VBalasubramani: EPIC: “Congress Approves Bill Limiting TSA’s Use of Whole-Body Imaging” http://bit.ly/3EUgAq (RT @SusanLyon @txitua)
16. Intrstng! Were policies in place? RT @sectorprivate: Hidden Camera Case Turns on Expectation of #Privacy in Workplace http://bit.ly/16E3cc
17. RT @clarinette02: …Let’s care about our planet today 5th June http://www.youtube.com/home…
18. Need privacy/infosec ed in K-12 RT @PrivacyCampDC: Kids, the Internet, and the End of Privacy: The Greatest Generati… http://ow.ly/bifG
19. #medicalidentitytheft RT @DrJosephKim: Fake Health Insurance Scams http://bit.ly/cXMl0
20. @marlinex Highly skeptical w/security reportd N Jan that was putonit; given Presidential Records Act probly nothng intrstng evn if they did!
21. Would make a good case study “How Safe Are Your Medical Records?” http://bit.ly/tBKtl
22. Likely stunt! Strng enrypt hard 2 crack RT @WebSecurityNews: Hackers Decode Obama’s Blackberry Messages for Public Sharing http://ow.ly/bcgh
23. Remove data + be green with disposal “Decommission PCs” http://bit.ly/e70r5
24. Higher ed has big challenges RT @sectorprivate: #privacy Colleges Give Themselves C+ for Network Security http://tinyurl.com/q2vo5k
25. Interesting! RT @sectorprivate: #privacy 10 most dangerous web search terms revealed http://tinyurl.com/qaub2t
26. Good to see such communications RT @DrInfoSec: CalPERS’ issues scam alert on Phishing, Vishing, and Smishing http://tinyurl.com/q2b3cm
27. RT @bnatechlaw: Store Payment Info In Your Online Store? Watch Out For Patent Infringement Lawsuits http://viigo.im/NlK
28. RT @sciam: Is there such a thing as “cell phone elbow”?: CNN and others are reporting an increasing number of ce.. http://tinyurl.com/qwcma6
29. Hopefully sane judgment will prevail RT @stejules: La Russa sues Twitter over false page http://tinyurl.com/pvm9qr #twitter #sued
30. @BurgessCT til then orgs must perform strong due diligence + include security requirements details in contracts
31. @BurgessCT HITECH Act addresses third party responsibilities under HIPAA; see http://bit.ly/lakcs Need reg that’s not industry dependent
32. RT @DrInfoSec: Drive-By Attacks vs. Social Engineering There’s limit to what security software can do to protect http://tinyurl.com/qgnrks
33. Sadly not surprising many do 4 many reasons RT @jmlsCITPL: Study finds IT security pros cheat on audits http://bit.ly/GFIBw
34. Better education would reduce # of these incidents RT @jmlsCITPL: Peer-to-peer identity thief sentenced to 51 months http://bit.ly/rnFlN
35. @clarinette02 I’m giving my class (updating this tomorrow) twice in that time-frame http://bit.ly/pTNSa DM me for more details
36. RT @SCMagazine: DHS appoints new director of National Cybersecurity Center: The U.S. Department of Homeland Secu.. http://tinyurl.com/obbvvx
37. …so glad this WH gets it! “”The general public needs to be well informed to use the technology safely.” Many more good quotes within.
38. Education naysayers read this! “White House cybersecurity review pushes awareness training” http://bit.ly/Bwnn8
39. RT @ITCompliance: “Top compliance issues for $FNM: Privacy & President’s initiative/accounting for TARP money”-@retheauditors | #cw2009
40. RT @danphilpott: NIST released a new draft of SP 800-53 Rev 3 Recommended Security Controls…: http://is.gd/Nj8n
41. @BurgessCT I have same questions! “accident” = “lack of controls” “lack of training” “mistake” “all the above” ???
42. Indeed! RT @BrettTrout: Swoopo – “about as close to pure, distilled evil in a business plan as I’ve ever seen” http://is.gd/NgHh
43. #insiderthreat RT @idexperts: Data Breach- U.S. Releases Secret List Of Nuclear Sites Accidentally http://bit.ly/ltMUM
44. Definitely gimmick! RT @DrInfoSec @securls: StrongWebMail: ‘Hack into our CEO’s email, win $10k’ http://tinyurl.com/psovvy [gimmick?]
45. Blog post “Rights for Privacy Breach Victims” http://bit.ly/9Hj9s
46. 16 CC#’s copied; 1yr credit monitoring provided RT @idexperts: Sony notifies 5k customer of credit card breach http://bit.ly/15aJ6t
47. Oh, my RT @bbcnews: Consumers consider broadband internet as essential a utility as water or electricity, .. http://tinyurl.com/od6c6f
48. Nice notes! Much privacy+infosec still 2 discuss, eh? RT @Canuckflack: I’ve posted some comments on #cfp09 today – http://bit.ly/SViFd
49. Indeed! RT @LegalGRC: The SEC has been emphasizing that firms need to create a culture of compliance for many years: http://short.to/cey2
50. RT @InfoSecJobsUK: NHS Scotland loses patients’ medical history data http://bit.ly/FTIxS
51. ! RT @WSJ: Oracle May Build Netbooks http://bit.ly/13PoJV
52. RT @idexperts: MSNBC: Why Phishers Love Facebook http://bit.ly/172Pje
53. Thoughtful article RT @rcalo: Peter Swire on the gov’s use of Web 2.0. http://tinyurl.com/2e2od
54. RT @marianmerritt: Blog entry: How Much Do you know about Cyberbullying? Take the quiz: http://bit.ly/JDFfY
55. @infoseccynic Many things! Enforcement, sanctions, accountability, customer demands, + 1 comprehensive law instead of 100s wud B good start
56. RT @stejules: Man Gets Robbed After Tweeting That He is on Vacation: http://digg.com/d1smNv?t
57. U know if it’s online? RT @clarinette02: ‘Privacy paradox’ survey study presented by PhD student of Carnegie Melon Uni #cfp09
58. @infoseccynic 2 many “privacy policies” as written R actually NON-privacy policies! Wordy confusing + doubletalk 2 create image of privacy
59. @infoseccynic Orgs must understand what their privacy policies actually say(most don’t) and then impl procs to support them.
60. Without controls, oversight + accountability fraud will occur! RT @Reuters: FBI targets fraud in TARP, stimulus fund http://bit.ly/vZsaj
61. Most privacy policies are poorly written! RT @publicfunction: Privacy study shows Google’s eyes are everywhere http://bit.ly/15I5AL
62. RT @clarinette02: Man Twitters and is attacked by tree – CNET News: http://bit.ly/meNQk
63. U knew this was coming! RT @BrianHonan @domdingelom @chiefmonkey @ddrager CISP Auditor sued for credit card data breach http://bit.ly/X5iR5
64. RT @abcnews: China blocks Twitter before Tiananmen anniversary http://bit.ly/nNOtt
65. #HIPAA doesn’t cover burial info RT @AHIMAResources: “Nebraska to release burial records”: http://tinyurl.com/nwxtpv
66. New free ebook from Norwich MSIA grad Roger Bouchard “Securing Fibre Channel Fabrics” SAN Security http://bit.ly/3Rvov
67. RT @clarinette02: Intel fined record $1.45 billion by European Commission for abusing its dominant position in computer micro processors.
68. Seems a fine line to #FCRA noncompliance! RT @idexperts: New blog post: Mysterious Prepaid Debit Card Appears in Mail http://bit.ly/1bh0rb
69. 16:31 min RT @StopHCommerce: New YouTube video from the White House: The President speaks on Cyber Security: http://bit.ly/zyctO
70. RT @ekistics22: Blogging ‘Victims’ Perspectives: The 2008 ITRC Annual Identity Theft Survey’ http://bit.ly/cK6MN
71. PII “may have been acquired” btwn Dec 30 ’06 – Feb 24 ’09 “Hundreds of Aviva customers notified of data breach” http://bit.ly/27ZzR
72. RT @TechnologyGeek: Digg – Texas Blogger Jailed After Failing to Turn PC Over to Judge http://bit.ly/NwVP8
73. #privacy #classification “European Union: Proposed Amendments to Right of Information Law” http://bit.ly/s1IYm
74. RT @BreakingNews: Microsoft Corp. says it is also adding Twitter and Last.fm to it’s Xbox Live services.
75. #trademark #law “China: Judicial Interpretation on Well-Known Trademarks” http://bit.ly/xzmc7
76. RT @sectorprivate: IAPP Can. Receives Grant 2 Expand Networking Programs 4 Canadian Privacy Professionals http://bit.ly/Btj5E
77. Blog “Common InfoSec & Privacy Training Mistakes” http://bit.ly/i6IHx
78. Traveling? Take your passport! “New U.S. border rules take effect for land and sea entry” http://bit.ly/LZLUO
79. #Insiderthreat #HIPAA Stronger safeguards needed RT @HCCA_News HOSPITAL EMPLOYEE INDICTED FOR STEALING PATIENT RECORDS http://bit.ly/gibLF
80. @streetsec Will this be available online after your event?
81. RT @streetsec: My Ottawa keynote: Social Networking Security – Manage risks of staff using Facebook and Linked In. http://bit.ly/13XGxg
82. Nice work gentlemen! RT @agent0x0: Issue 21 (IN)SECURE Magazine w/article by myself + @DidierStevens http://tinyurl.com/27e55x pgs 8 + 100
83. RT @nggauthier: Electronic Discovery and Electronic Decisions Highlight Privacy Issues in Litigation http://tinyurl.com/ng6alx
84. Winners were from 1903 + 1953 “Oldest Data Loss Incident – Contest Winners” http://bit.ly/v9yhN #privacy
85. US should do similar! RT @caparsons: OPC Awards $454,000 for privacy research and awareness http://tinyurl.com/lgyu3d #privacy #Canada
86. In MN “Romanian Immigrant Gets Eight-and-a-Half-Year Prison Sentence For phishing over 7,000 people in seven years” http://bit.ly/1273qe
87. Aetna announces data breach of 65,000 employees through job application site + phishing scam http://bit.ly/xrNxa
88. In US “More states try to halt cell phone use by teen drivers” http://bit.ly/y3XnZ
89. 1 area where we’ve come a long way baby! Women’s sports “Photos show early women’s PE at U of I” http://bit.ly/g7A8f
90. Vry odd 4 MN sheriff’s deputy 2 spy on IA group yah! RT @sectorprivate: Spying on Iowa group raises privacy issues http://tinyurl.com/nbkm62
91. By using VPNs + remote working RT @PrivacySecurity: Protecting Image Files Not Only to Address HIPAA, But Save Money http://ow.ly/acZl
92. #Infosec + #privacy consulting sales folks; don’t make clients promises that are impossible for your consultants to fulfill!
93. Contained SSNs + health info “Resident finds school records in Chicago alley” http://bit.ly/18CtST
94. RT @SecurityMatters: Identity thieves getting more clever: Identity Theft Resource Center http://bit.ly/11Wkm0 (SFGATE)
95. @retheauditors Love the Cranberries! U may also like 1 of Dolores O’Riordan’s latest; eg Ordinary Day http://bit.ly/SBMoM
96. Impacts of lost/stolen PII continue for years “Real Fraud: Dumpster Diving and Other ID Theft Nightmares” http://bit.ly/X2gfw #privacy
97. #HIPAA “State Tells Eyewitness News It Plans to Get Involved With Dumped Medical Records” http://bit.ly/rJl7Y
98. Could B very damaging 2 those falsely accued RT @caparsons: Police can share records even if charge dropped: court http://tinyurl.com/kpxquf
99. Surveilling the surveillant! “Search for Google car a Twitter triumph” http://bit.ly/QtCmr
100. RT @PrivacyCampDC: Sen. Feinstein has introduced the Robocall Privacy Act – 2009 – S.1077 http://ow.ly/9YGJ #robos #TopProg #TCOT #Privacy
101. In Australia, Good info; add audio to be fab! 🙂 RT @PrivacyNow: Synergies btw privacy and record keeping http://bit.ly/WkRHp
102. RT @marciahofmann: Google’s Andrew McLaughlin is joining the Obama administration as deputy chief technology officer. http://bit.ly/YvlTF
103. @BurgessCT We should create list of statements we’d like 2 see orgs make following breach; that are truthful + actually sincerely apologetic
104. @BurgessCT yes!”we apologize for our blunder, and we’ll continue to watch for evidence…and will help you do the same…”
105. @s_crawford Yes; they must be told the risks, but too many are not and go on false assumptions that create false security

Tags: awareness and training, Information Security, IT compliance, IT training, policies and procedures, privacy training, privacyprof, risk management, security training, twitter

This entry was posted on Friday, June 5th, 2009 at 8:24 pm and is filed under Information Security, Privacy and Compliance, Training & awareness. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.