I had the great privilege and pleasure to work with Dorian Cougias, an award-winning author and information security practitioner, Marcelo Halpern, an internationally acclaimed lawyer, and Karsten Koop, also an award winning author and highly experienced IT auditor, to co-author our newly released book, “Say What You Do.”
Archive for the ‘Information Security’ Category
“Say What You Do”: My New Book Now Available!
Thursday, February 1st, 2007“Say What You Do”: My New Book Now Available!
Thursday, February 1st, 2007I had the great privilege and pleasure to work with Dorian Cougias, an award-winning author and information security practitioner, Marcelo Halpern, an internationally acclaimed lawyer, and Karsten Koop, also an award winning author and highly experienced IT auditor, to co-author our newly released book, “Say What You Do.”
Routine Personal Information Posting in the U.S. State Government Agencies
Monday, January 29th, 2007NBC news ran a story about how many state government agencies post sensitive personally identifiable information (PII) on their websites. In this case an Ohio county court “routinely posted traffic tickets and other public records on its Web site.”
Risks, Threats & Vulnerabilities: Snowball Lessons
Sunday, January 28th, 2007I have some of the greatest and most illuminating information security and privacy discussions with my 7- and 9-year old sons. Their inquisitiveness and curiosity is unlimited. Their minds are open and ready to soak up everything around them, and to openly question those things that they do not understand, or challenge concepts with which they do not agree. It is too bad that most adults have lost these traits. It is too bad that too many parents and adults with responsibilities for children have squashed these innate qualities in young children instead of helping them to use those traits to blossom and develop into thoughtful, critical-thinking adults.
Privacy Incident: Ohio Board of Nursing Exposes Personal Information of 3,031 Individuals
Thursday, January 25th, 2007The Columbus Dispatch reported today, “OHIO BOARD OF NURSING Error puts nurses‚Äô personal data online.”
Reportedly over the past two months the “names and Social Security numbers of 3,031 newly licensed nurses were posted online twice.”
Court Ruling: ISPs in New Jersey Must Keep Personal Information Private
Tuesday, January 23rd, 2007An article from yesterday caught my eye, “Court finds NJ users can expect privacy from Internet providers”
A few excerpts:
Privacy Pitfalls
Monday, January 22nd, 2007I had the opportunity to be the guest editor for the October Cutter IT Journal for an issue I called “Avoiding Privacy Pitfalls;” Cutter recently published notice of it.
It was great to put this together through the fantastic and greatly insightful as well as useful contributions of Dr. Andrew Jones, D.J. Vogel, Mark Fischer, David Lineman, Khaled El Emam, Roger CLarke and Timothy Virtue. They discussed privacy issues that organizations often overlook, ignore, or are completely oblivious about. For example, Dr. Andrew Jones describes his very interesting research into all the personally identifiable infromation (PII) on discarded equipment, and Roger Clarke discusses how to use privacy as a strategic factor within an organization.
Info Sec and Privacy Pros Need Ongoing Training
Saturday, January 20th, 2007I write a lot about the need for a comprehensive and ongoing information security and privacy education program within organizations. Many people do. More is needed. However, something that I don’t see written about much is the need for information security and privacy practitioners and leaders to also receive ongoing training covering the issues for which they are responsible. We see a lot of seminars and conferences offered, but it is often hard to get the budget approved to attend these, let alone be able to take 2, 3, 4 or even 5 days away from the office.
Outsourcing: Dubai Strengthens Data Protection Law
Thursday, January 11th, 2007On Monday (1/8) the Dubai International Financial Centre (DIFC) implemented a stronger Data Protection Law and appointed a Data Protection Commission to oversee the DIFC.
“The Data Protection Law, which has been amended following a period of public consultation, ensures the protection of all personal information, including any sensitive personal data, and is compliant with the provisions of the laws and directives of the European Union and the guidelines of the Organisation for Economic Co-operation and Development (OECD), including the transfer of data.”
