Oh, boy, reading this Wall Street Journal story, “Ten Things Your IT Department Won’t Tell You” brought back some memories of personnel who went to great lengths to get around security requirements!
Archive for the ‘Information Security’ Category
Insider Threat and Cowboys: The Wall Street Journal Tells Your Personnel How To Get Around Your Security
Tuesday, July 31st, 2007Retail Locations Have Unique Challenges With PCI DSS Compliance
Friday, July 27th, 2007I’ve been intrigued lately with PCI DSS compliance. It has all retailers on edge, has multiple vendors drooling, and has spawned new laws and bills, such as in Minnesota and Texas. I’ve had interesting discussions about it with those who process credit card payments, and I’ve been doing some research into the various issues.
Confusing Folks: PHR, PHI, PII, NPPI, and Dozens of Other Acronyms…It’s Still All Personal Information
Wednesday, July 25th, 2007I really enjoy reading survey results. I can’t help myself. Whether the surveys are well-done, sloppy, long, short, statistically accurate or obviously statistically invalid, I still find them interesting. Especially when they cover what the general public and non-IT/non-infosec person thinks or knows about information security and privacy, or some industry-specific issue.
PCI DSS and Identity Theft
Monday, July 23rd, 2007Over the past month or so I’ve been discussing the Payment Card Industry (PCI) Data Security Standards (DSS) with some of my information assurance practitioner friends and colleagues and what they’ve been doing to meet the requirements and accompanying challenges. I was thinking about some of the issues over the weekend.
Insider Threat Example: Payroll Employee Threatens To Illegally Use Other Employees’ PII If Not Given a Good Review
Sunday, July 22nd, 2007Here’s another example of the insider threat similar to situations that I’ve heard of happening many times throughout the years through conversations with folks at conferences and other professional meetings.
Norman Borlaug: A Great Role Model for the Power of One
Thursday, July 19th, 2007I have heard many information assurance (IA) professionals, when they are feeling frustrated, angry, or whatever other negative feelings we all have at one time or another, say what they are doing is not making a difference, or say they feel they are looked down upon by others in their organization as a “necessary evil.” They often feel that one person cannot make a difference.
UK Annual Privacy Report: Businesses Need To Give Individuals Access to Their PII, and More Awareness and Training Is Needed
Wednesday, July 18th, 2007Carnegie Mellon’s Data Privacy Head Urges Development of New Privacy Technologies
Wednesday, July 11th, 2007I enjoy reading Scientific American Magazine. And I especially am interested in reading their articles that touch upon, or directly address, information security, privacy or compliance. It is always nice to see the views of practitioners, educators, researchers and others who are not on the typical information security circuit of publications.
Privacy Not Only Requires Securing PII, It Also Requires Keeping the Trust of Your Customers
Tuesday, July 10th, 2007Recently I was speaking with a client about a new Internet e-commerce application they were testing, and I asked them to give a demonstration. One of the questions I asked while watching was whether there were any ways in which someone could get information about customers’ orders. After doing some various tests, a screen popped up showing a database of names, item descriptions, and other information related to the orders. The billing information, such as credit card number, was *NOT* within this database, but the names and mailing addresses were; these were used for the indexing links to the database.
