Okay, why would a large city like San Francisco make such a silly, preventable mistake like allowing one employee to be able to establish a super user type of account and then lock everyone else out of the government network?
“Hacker Holds Key to City’s Network: An Alleged Hacker Won’t Reveal Secret Password to Unlock San Francisco’s Network”
Archive for the ‘Information Security’ Category
Insider Threat Example: San Fran IT Employee Exploits Poor Security Practices
Thursday, July 17th, 2008Organizations of All Sizes Need IT Security & Privacy Training
Thursday, July 17th, 2008Many organizations create broadly scoped information security training for all their personnel to take, but too few create targeted training for groups that need to have specialized knowledge for certain topics. Different departments within an organization handle different types of information, and have different types of contact with business partners, customers and other employees. So doesn’t it make sense that the payroll folks would need training specific for their job responsibilities, and sales folks would need training specific to their responsibilities that are are very different from the payroll folks, and so on?
According to the U.S. Census Bureau, small businesses employ more than half of all Americans. Very few small and medium sized businesses (SMBs) have specialized IT staff; most of the owners or personnel take on the day-to-day IT tasks themselves, operating on a wing and a prayer that nothing will go wrong. These huge numbers of folks within SMBs are also taking care of the IT security and privacy activities…hopefully.
Organizations of All Sizes Need IT Security & Privacy Training
Thursday, July 17th, 2008Many organizations create broadly scoped information security training for all their personnel to take, but too few create targeted training for groups that need to have specialized knowledge for certain topics. Different departments within an organization handle different types of information, and have different types of contact with business partners, customers and other employees. So doesn’t it make sense that the payroll folks would need training specific for their job responsibilities, and sales folks would need training specific to their responsibilities that are are very different from the payroll folks, and so on? Also, legal requirements those in various industries need specialized training. For example, those in the healthcare space in the U.S. need HIPAA training.
According to the U.S. Census Bureau, small businesses employ more than half of all Americans. Very few small and medium sized businesses (SMBs) have specialized IT staff; most of the owners or personnel take on the day-to-day IT tasks themselves, operating on a wing and a prayer that nothing will go wrong. These huge numbers of folks within SMBs are also taking care of the IT security and privacy activities…hopefully.
Get Involved With The 4th Annual Global Security Week!
Wednesday, July 16th, 2008For the past couple of years I’ve been involved with a fantastic group of people who have put their passion, time and resources into helping raise awareness of security issues throughout the world. Dr. Gary Hinson and Brian Honan in particular have invested literally hundreds (perhaps thousands?) of hours into Global Security Week throughout the past four years.
Get Involved With The 4th Annual Global Security Week!
Wednesday, July 16th, 2008For the past couple of years I’ve been involved with a fantastic group of people who have put their passion, time and resources into helping raise awareness of security issues throughout the world. Dr. Gary Hinson and Brian Honan in particular have invested literally hundreds (perhaps thousands?) of hours into Global Security Week throughout the past four years.
Get Involved With The 4th Annual Global Security Week!
Wednesday, July 16th, 2008For the past couple of years I’ve been involved with a fantastic group of people who have put their passion, time and resources into helping raise awareness of security issues throughout the world. Dr. Gary Hinson and Brian Honan in particular have invested literally hundreds (perhaps thousands?) of hours into Global Security Week throughout the past four years.
Laws & Regulations Require Security & Privacy Training & Awareness
Wednesday, July 9th, 2008I’m in the final weeks of creating some privacy breach training courses that will not only help personnel to prevent privacy breaches, but also help support compliance with the FACTA Red Flags rule, the at least 45 U.S. privacy breach notice laws, plus many other laws and regulations.
Over the past decade+ there have been a large number of laws, regulations and industry standards that have specifically stated the need for organizations to provide information security and privacy training and awareness to their personnel.
Information Security and Privacy Education Lesson Fines And Court Penalty Judgments
Tuesday, July 8th, 2008My July issue of “IT Compliance in Realtime” has been published!
This month I continue to focus on the importance of information security and privacy training and awareness to not only improve security and privacy preservation, but also to meet a very wide range of compliance requirements. The first article in this month’s Journal is, “Information Security and Privacy Education Support Compliance.” Download the PDF of the full Journal issue for the formatted, best-looking version.
Here are the first couple of sections from that article…
Just Because Security Is Simple Doesn’t Mean People Will Do It
Thursday, July 3rd, 2008Information Security and Privacy Convergence Is Nothing New…Both Areas MUST Collaborate
Tuesday, July 1st, 2008The comparatively new awareness of the need for information security and privacy convergence and collaboration has actually existed for many years. I first experienced this firsthand in the first half of the 1990’s when I was responsible for information security in a multinational financial and insurance company. The company launched one of the very first online banks, and I was establishing the security requirements when I saw the need to address the privacy aspects. This was before the passage of GLBA or HIPAA, but I knew that a few bills addressing privacy had been being considered, not only in the U.S. but also worldwide, and that the OECD privacy principles were the basis for many of the privacy requirements.
