Archive for the ‘Information Security’ Category
Saturday, September 8th, 2007
This week Larry Craig, the U.S. Senator embroiled in a sex scandal, left a long, detailed voice mail message for his lawyer. Problem was, he misdialed and left the message on another person’s voice mail!
(more…)
Tags:awareness and training, Information Security, IT compliance, Larry Craig, policies and procedures, privacy, risk management, voice mail
Posted in Information Security, Privacy Incidents | No Comments »
Monday, September 3rd, 2007
Last week I participated in an interesting discussion on the Security Catalyst site about using web bugs within an organization. I pointed Cutaway to a paper I wrote a couple of years ago, “Quit Bugging Me!”
(more…)
Tags:awareness and training, Cutaway, Information Security, IT compliance, policies and procedures, privacy, risk management, Security Catalyst, web bugs
Posted in Information Security, Privacy and Compliance | No Comments »
Friday, August 31st, 2007
I’ve talked several times about some of the risks of using the social networking sites, such as here and here.
Here is an example of how others can post information about you on these sites that will continue to haunt you for years to come.
(more…)
Tags:awareness and training, Information Security, IT compliance, MySpace, policies and procedures, privacy, privacy breach, risk management, social networks
Posted in Information Security, Laws & Regulations, Privacy and Compliance | 2 Comments »
Thursday, August 30th, 2007
And another very interesting USA Today article, “Japan will research Net replacement.”
(more…)
Tags:awareness and training, Europe, Information Security, Internet use, IT compliance, Japan, policies and procedures, privacy, risk management, surveillance, U.S.
Posted in government, Information Security | 2 Comments »
Wednesday, August 29th, 2007
I like to run. I try to run almost every day from 3.5 – 6 miles. It stimulates my thinking, refreshes my mind and body, and I truly have the best ideas and thoughts while I’m running. I could not have written my books, chapters and articles if it were not for running.
(more…)
Tags:awareness and training, Information Security, IT compliance, policies and procedures, privacy, risk management, running
Posted in Information Security, Privacy and Compliance, Training & awareness | No Comments »
Tuesday, August 28th, 2007
Well, if you look at the results of my very unscientific poll from last week, it appears there is a very wide range of opinions about the use of social networking sites at work.
(more…)
Tags:awareness and training, facebook, Information Security, IT compliance, MySpace, personally identifiable information, PII, policies and procedures, privacy, risk management, social networking, YouTube
Posted in Information Security, Privacy and Compliance | 2 Comments »
Friday, August 24th, 2007
on 8/22/2007 a very interesting and useful report was released by the European Network and Information Security Agency (ENISA), “Information security awareness initiatives: Current practice and the measurement of success.”
(more…)
Tags:awareness and training, data protection law, ENISA, EU Data Protection Directive, European Union, Information Security, IT compliance, personally identifiable information, PII, policies and procedures, PricewaterhouseCoopers, privacy, privacy law, risk management
Posted in Information Security, Privacy and Compliance, Training & awareness | 3 Comments »
Friday, August 24th, 2007
I’m surprised by how different the opinions are for this week’s poll about using social networking sites at work!
If you haven’t clicked a poll button for it yet (see right side of screen and scroll down a little), please do so. It will be interesting to see if the opinions stay so widely scattered by the end of Sunday.
Tags:awareness and training, facebook, Information Security, IT compliance, MySpace, policies and procedures, privacy, risk management, social networking
Posted in Information Security | No Comments »
Friday, August 24th, 2007
We had some horrendous storms here in Iowa this week. Last night was a doozy! The lightning unrelenting, the winds horrific, and tornado spottings were peppered across the southern half of Iowa.
(more…)
Tags:awareness and training, backup, business recovery, dial-up access, disaster plan, Information Security, IT compliance, policies and procedures, privacy, risk management
Posted in Information Security | No Comments »
Tuesday, August 21st, 2007
Last week my blog poll was, “Is your organization planning to pursue ISO 27001 certification in 2007 or 2008?”
I asked this after reading an SC Magazine article that I recently blogged about, “Are the U.S. Numbers Planning For ISMS (ISO 27001) Certification Really At 80%?”
As I had indicated, based upon my many discussions with a very wide range of CISOs, I thought this number was way too high.
And now for the results of my *ADMITTEDLY UNSCIENTIFIC WEBPOLL*…drum roll, please; Thhuudddrrrrrrrrrrrrr…
(more…)
Tags:awareness and training, Information Security, ISMS, ISO 27001, ISO 27001 certification, ISO27002, IT compliance, OECD, PII, policies and procedures, privacy, risk management
Posted in Information Security | 2 Comments »
