Archive for the ‘Information Security’ Category

The World is Miffed About Spam & Phishing

Thursday, October 18th, 2007

Several weeks ago I got spam from an information security company about a seminar they are putting on. I did not respond; I wasn’t interested. Since that time I have received many messages, all with the same content, from various people from that organization, the tone of which really ticked me off. The following is an excerpt.

(more…)

Data Will Always Be Less Safe In The Future…I Don’t Want To Get Gussied Up To Talk On The Phone

Wednesday, October 17th, 2007

I have a blog problem…there are way too many things I want to blog about and not enough hours in the day to do it! Throughout each day I note news items from the TV, or website news articles, or research, or reports, or just observations while at businesses or in public, and I only have a chance to blog about a small fraction of them. Today I think I’ll just briefly mention five of the topics I’ve planned to blog about, along with a brief note about each, and then maybe I’ll be able to revisit them sometime in the near future and discuss them at greater length.

(more…)

Finding a Five Leaf Clover!

Tuesday, October 16th, 2007

Something very cool…my son Noah found a five-leaf clover today while waiting to be picked up at school. We are going to laminate it, then I’ll take a photo and post it on my site.

(more…)

Trending Towards More Business Applied Employee Sanctions For Security Incidents

Monday, October 15th, 2007

I’ve been noticing lately more and more organizations sanctioning their employees for not following information security policies. I first blogged about it recently on September 24 about a hospital actively enforcing sanctions for HIPAA violations, then again on October 10 about another hospital sanctioning employees for noncompliance, then again on October 11, and then again just yesterday.

(more…)

Sanctions For Ohio Breach: Lost Vacation Time, Terminations, and a “Resignation”

Sunday, October 14th, 2007

The Ohio Department of Administrative Services (DAS) has determined that the appropriate sanction for inadequate security practices by the Ohio Department of Administrative Services’ Administrative Knowledge System (OAKS) ERP project system team leader, that resulted in the theft of an un-encrypted backup tape containing the personally identifiable information (PII) of 1.3 million individuals, is the loss of 40 hours of vacation time.

(more…)

HIPAA, The Insider Threat & Prison Time

Thursday, October 11th, 2007

It seems there are more and more stories related to patient privacy and HIPAA popping up lately. Today another story caught my eye related to them.

(more…)

Iowa Universities Provide Examples of Good and Bad Information Security and Privacy

Wednesday, October 10th, 2007

In the past week the two largest universities in Iowa provided examples of both great and poor security practices. Let’s see…how about the bad example first?

(more…)

New Nevada Law Explicitly Requires Organizations to Encrypt PII Sent Through Networks

Tuesday, October 9th, 2007

To date there have been several laws that direct organizations in certain industries to consider using encryption as one way to protect data based upon the organization’s considered risks, and laws that make encryption a factor in decisions regarding breach notifications, but until now no laws that I’m aware of explicitly required personally identifiable information (PII) to be encrypted. The state of Nevada has now changed that!

(more…)

Increase Business Productivity AND Reduce Carbon Dioxide Emissions

Monday, October 8th, 2007

While participating in a discussion in the Security Catalyst community I posted a message about how much more productive time I have now that I work from my home office as opposed to commuting in to an office building each day. After I finished posting I started thinking about how much more productive most businesses could be if they would establish significant portions of their workforce to work from home.

(more…)

Something You Should Know: FTC Is Aggressively Going After Companies With Poor Security

Sunday, October 7th, 2007

Of all the U.S. government regulatory oversight agencies, the Federal Trade Commission (FTC) is the most active and aggressive in looking for and applying penalties to organizations that not only are in noncompliance with laws and regulations, but also those who are not in compliance with their own information security and privacy promises; in other words, those that are practicing “unfair and deceptive trade practices.”

(more…)