Information Security Archives

Archive for the ‘Information Security’ Category

DHS Secretary Chertoff Calls For Better Computer Security

Wednesday, October 22nd, 2008

It is good to start seeing more urgency place upon information security by the various government agencies.
As an example, last week U.S. Homeland Security Secretary Michael Chertoff spoke at the U.S. Chamber of Commerce emphasized the need for increased cooperation between industry and government to secure the nation’s computer systems.
Here’s an excerpt from one of the news reports about the speech…

(more…)

Tags:awareness and training, DHS, Information Security, IT compliance, IT training, Michael Chertoff, policies and procedures, privacy training, risk management, security training
Posted in Information Security | No Comments »

Insider Threat Example: Obama’s Campaign Folks Make Email Mistake

Wednesday, October 15th, 2008

No matter how much technology you throw at trying to prevent security incidents, the weakest link in the organization, your personnel (who could be your strongest link with effective training and ongoing awareness) can defeat that security technology.
On purpose, because of lack of knowledge, or by making a plain ol’ mistake.
And EVERYONE makes mistakes. Fewer if they are more diligently aware though.

(more…)

Tags:awareness and training, Barack Obama, email mistakes, Information Security, insider threat, IT compliance, IT training, policies and procedures, politics, privacy training, risk management, security training
Posted in Information Security, Training & awareness | No Comments »

Commerce Department Issues New Rule For Encryption Exports

Tuesday, October 14th, 2008

Remember all the talk in the 1990’s that surrounded the legalities, and largely restrictions, surrounding how encryption could be used for data sent outside the U.S.? Or how encryption tools and algorithms could be exported? It’s been a significantly more silent issue during this new century.

(more…)

Tags:awareness and training, encryption, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in Information Security, Laws & Regulations | No Comments »

More Need Than Ever For Information Security In A Bad Economy!

Thursday, October 9th, 2008

There is no doubt that this economy is impacting all companies and most individuals. I’ve read about and heard from many organizations that, as a result, their information security and privacy budgets are being drastically reduced, or even cut completely, in an attempt to save money during these uncertain times.
Throwing out the baby with the bath water in this way is a very bad idea!

(more…)

Tags:awareness and training, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in Information Security | No Comments »

Palin Email Hacker Indicted

Wednesday, October 8th, 2008

Around September 10 a widely-reported story broke about how Sarah Palin’s Yahoo! email account was broken into.
Contents of some of her email messages were then widely posted to various Internet websites.

(more…)

Tags:awareness and training, email privacy, email security, hacker, Information Security, IT compliance, IT training, kernell, policies and procedures, privacy training, risk management, Sarah Palin, security training
Posted in Information Security, Laws & Regulations, Privacy and Compliance | 2 Comments »

PII Encryption Required by New Massachusetts and Nevada Laws

Monday, September 29th, 2008

There is a growing trend in laws that require personally identifiable information (PII) to be encrypted.
Encryption in past laws have been directed to be considered based upon risk, but now they are more explicitly required in some laws.

(more…)

Tags:awareness and training, data protection law, encryption, Information Security, IT compliance, IT training, Massachusetts, Nevada, policies and procedures, privacy law, privacy training, risk management, security training
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »

Obtaining Support and Funding from Senior Management

Thursday, September 18th, 2008

Throughout the late spring and summer months I had the great opportunity to participate in an talented workgroup sponsored and led by the European Network and Information Security Agency (ENISA) to create a new, and quite valuable, resource for information security practitioners to help them obtain funding and sponsorship for the training and awareness programs.

(more…)

Tags:awareness and training, ENISA, European Network and Information Security Agency, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in Information Security, Privacy and Compliance, Training & awareness | No Comments »