Over the weekend I read yet another news article about social networking sites and the related risks. This time it was about how schools are implementing rules to address cyber bullying on the Internet; “Students To Be Punished For MySpace Postings.”
Archive for the ‘Information Security’ Category
ISMS/ISO27001 Certification Poll…Ending Sunday
Friday, August 17th, 2007If you have not yet clicked a button on my poll regarding ISMS/ISO27001 certification (see right side of page and scroll down a little) please do so! I’m finding it interesting that a large portion (36%) of those who have clicked for the poll so far are not aware of the certification. This perhaps calls to question the folks at BSI who forecast that 80% of U.S. companies will be pursuing certification in the next couple of years.
See my original post for more information about it.
SMB PCI DSS Issues at the State Fair
Thursday, August 16th, 2007Yesterday I was at the Iowa State Fair literally all day; from 8am to around 8:30pm. Despite the 95 degree extremely humid weather it was such a fun day! The cloudy skies and nice breezes helped a lot. We didn’t get to probably half of the exhibits and activities. And I was *VERY* disappointed I didn’t see any of the at least 4 presidential hopefuls who were on the grounds; the place is so big I guess we were always in the wrong place at the right time.
Are the U.S. Numbers Planning For ISMS (ISO 27001) Certification Really At 80%?
Monday, August 13th, 2007Over the weekend I was reading the latest issue of SC Magazine, and some of the statements within the article “U.S. lags in ISO 27001 compliance” made me go, “Huh?”
Bad Advice from the Uninformed and Inexperienced Hurt Information Security & Privacy Efforts
Sunday, August 12th, 2007The results of the poll for this past week show that 91% believe information security and privacy training and awareness is important, but 9% believe it is not necessary to effectively safeguard data.
Well, I’ve had some very interesting conversations in the past few years, usually while at conferences and when chatting with vendors, who were emphatic about how awareness and training is “a waste of time and money.” As the results of my very unscientific poll show, while this opinion may be a very small percentage, it still could significantly impact information security program efforts based upon the folks who are putting down the awareness and training…the influence they have on non-infosec corporate decision makers could be very damaging to overall efforts…
You Will Be Judged By The Company You Keep: 4 Good Reasons (And More) To Ensure Your Business Partners Have Good Information Security Programs
Thursday, August 9th, 2007Over the past few years I have done well over a hundred business partner security program reviews for organizations who wanted to ensure that the organizations to whom they were entrusting their sensitive data, or other business processing, had appropriate security and privacy policies, practices, training and were generally trustworthy.
Boiling Down PCI DSS Compliance; It’s Really Just Common Sense Information Security
Wednesday, August 8th, 2007I subscribe to many (sometimes I think too many) assorted email newsletters that cover a wide range of compliance issues. One came through today from the IT Compliance Institute with the subject line, “PCI fails, Fidelity breach, death by upgrade, more‚Ķ”
PCI fails? Sounded interesting so I went to their story about it.
(Title corrected on 8/9; thanks Grit!)
The Many Languages of Security and Privacy
Friday, August 3rd, 2007I’ve done a lot of information security and privacy awareness and training work since 1990. I continue to do a lot; not only because of the *REAL* importance it has to the success of security and privacy efforts, but also because it is something I love doing.
Insider Threat: Contractor Sabotages Space Shuttle Endeavour
Wednesday, August 1st, 2007It feels like I’ve been writing a lot about the insider threat lately, but then again, it seems I read about a new incident caused by insiders almost daily. So much time, effort and money is spent on keeping the outsiders from getting to systems and data, but a comparatively little amount is spent on addressing, and trying to prevent, insiders from doing bad things. Folks who are trusted and have authorized access can do so much harm. The technologies focusing on the outsiders are not going to do much to protect your information from insiders.
