How did the following happen…there are many options…insider threat? Poor IT storage controls? Poor applications development controls? Perhaps using real personally identifiable information (PII) for test purposes? Hacker break-in? Through an outsourced company with access to the PII, but who also had poor controls? There are so many possibilities…
Archive for the ‘Information Security’ Category
FEMA Records Of 16,000 Katrina Victims Posted Online
Tuesday, December 23rd, 2008Information Security & Privacy Training Should NOT Be Optional
Monday, December 22nd, 2008Over the past couple of weeks I’ve heard three different information security and privacy officers talk about making information security and privacy training within their organizations optional…not required…for personnel who have access to information assets and personally identifiable information (PII). Leaving training to the discretion of employees is very risky!
HHS’s New Privacy & Security Framework Based Upon The OECD Privacy Principles
Friday, December 19th, 2008Earlier this week, the Department of Health and Human Services issued a framework, “Nationwide Privacy and Security Framework For Electronic Exchange of Individually Identifiable Health Information December 15, 2008” for protecting patient privacy and securing medical records, in particular online protected health information (PHI) records.
Effective & Unique Information Security and Privacy Training & Fun Stuff
Thursday, December 18th, 2008One of my areas of expertise, and a great passion of mine, is information security, privacy and compliance training and awareness activities. No organization will have a successful information security or privacy program without having effective training and ongoing awareness communications. Humans are the most vulnerable, as well as most valuable, component of an information security program. You MUST communicate to your personnel what they need to do to effectively safeguard information…such knowledge is not innate!
One of the most measurably and visibly effective training events I have ever done over the past couple of decades is having employee teams or departments throughout the organization compete with each other to identify the most information security and privacy risks…
Blackberry Disposal Lessons From McCain & Palin
Tuesday, December 16th, 2008Another real-life example to show the importance of having effective policies and procedures in place for not only information disposal, but also for the disposal of computers and storage media…
ED and HHS Gives Guidance for HIPAA and FERPA Relationship
Friday, December 12th, 2008Insider Threats Even More Significant During Down Economy
Tuesday, December 9th, 2008I’ve written a lot about the insider threat, and the many different motivations for insiders to do malicious things (in addition to the other two types of insider threats of mistakes and lack of awareness).
Here are a couple of recently published research reports that shows how this horrible economy is impacting information security and making organizations even more vulnerable to privacy breaches…
Recommendations To President Elect Obama For How To Improve Cybersecurity
Monday, December 8th, 2008Today the Center for Strategic and International Studies (CSIS) Commission on Cybersecurity for the 44th Presidency released a report, “Securing Cyberspace for the 44th President,” that includes recommendations for a comprehensive strategy to improve cybersecurity in federal systems and in critical infrastructure.
2008 Best Privacy Advisers Survey
Sunday, December 7th, 2008Last night when I got the following news, it really made my day! 🙂
