Archive for the ‘Miscellaneous’ Category
Wednesday, November 26th, 2008
Recently I was pleasantly surprised to receive the following message…
(more…)
Tags:awareness and training, Information Security, IT compliance, IT training, Kelly Sonora, policies and procedures, privacy training, risk management, security training, Top 50 Security Blogs
Posted in Information Security, Miscellaneous | No Comments »
Wednesday, November 26th, 2008
Recently I was pleasantly surprised to receive the following message…
(more…)
Tags:awareness and training, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in Information Security, Miscellaneous | No Comments »
Thursday, September 11th, 2008
Today is day 4 of Global Security Week (GSW). It is in memory of this sad and tragic day in 2001 that the spirit and concept of GSW was created.
This is why GSW is held during the week leading up to 9/11 each year; to reflect, remember, learn, and work to raise awareness of all security issues and help to prevent bad things, of all types, from occurring, and to ensure such a tragedy does not happen again.
Sadly too many other terrorists attacks HAVE occurred, and continue to occur, since throughout the world…
(more…)
Tags:9/11, cybercrime, Global Security Week
Posted in Miscellaneous | No Comments »
Saturday, August 23rd, 2008
Tags:awareness and training, google, Information Security, Iowa, IT compliance, IT training, Microsoft, policies and procedures, privacy training, risk management, security training, West Des Moines
Posted in Miscellaneous | 2 Comments »
Thursday, August 7th, 2008
Okay, now here’s an example of how people will take information you’ve given them, under false pretenses, just because they can, and post it for the world to see, with no regrets about how it hurts other people.
(more…)
Tags:Andrew Aguecheek, awareness and training, Craigslist, Information Security, IT compliance, IT training, Jason Fortuny, policies and procedures, privacy training, risk management, security training, social engineering
Posted in Miscellaneous, Privacy Incidents | 3 Comments »
Monday, July 28th, 2008
I encountered something rather remarkable in just the past two months; a couple of CISOs told me that they have had high-level business leaders, each of whom had a significant amount of computing equipment and information at their homes, die suddenly as a result of different circumstances.
As I discussed this with them, I wondered, how many organizations are ready to deal with something like this?
(more…)
Tags:awareness and training, information reclamation, Information Security, IT compliance, policies and procedures, privacy training, risk management, security training
Posted in Information Security, Miscellaneous | No Comments »
Friday, July 11th, 2008
Over this past week I had some interesting (to me any way) experiences related to customer service and some of the general business risks of outsourcing…
(more…)
Tags:automated voice response systems, awareness and training, customer service training, Information Security, IT compliance, outsourcing risks, policies and procedures, privacy training, risk management, security training, T-Mobile, Zappos
Posted in Miscellaneous | 1 Comment »
Saturday, July 5th, 2008
Yesterday it was widely reported that 15 hostages held by Colombia’s Marxist guerrillas for as long as 6 years were freed after some very brave and daring commandos posed as being part of the guerrilla group.
The news reports described it as a stunning rescue, and it definitely was that; quite stunning!
As we watched the numerous news reports about it, I spoke with my boys about the tactics they used to get the hostages freed.
Recently I’ve been creating social engineering training content along with a social engineering awareness assessment tool, and something I found remarkable about the rescue was how it used social engineering to its full affect to rescue the hostages.
Some of the tactics in this situation included:
(more…)
Tags:awareness and training, FARC, Information Security, IT compliance, policies and procedures, privacy training, risk management, security training, social engineering
Posted in Miscellaneous | No Comments »
Wednesday, June 25th, 2008
I participate in the LinkedIn community, and I occasionally put out short “status” messages when I’m working on products, projects or going to provide training. My current “status update” statement is, “Rebecca is creating tools to support information security, privacy and compliance management and leadership.” (I’m really excited about these tools…I know they work!)
I received a message regarding this status update from one of my LinkedIn contacts. Here’s an excerpt…
(more…)
Tags:awareness and training, Information Security, IT compliance, LinkedIn, policies and procedures, privacy tools, security tools
Posted in Miscellaneous | 2 Comments »
Tuesday, June 17th, 2008
Sometimes you just need to let a business know if their service or product is subpar. You should always let a business know if their product or service is downright rotten. You definitely need to let your vendors and business partners know if they are not meeting your expectations or contracted requirements. This certainly goes for not only our business partners at work, such as our software and hardware vendors, service providers, and outsourced entities, but also in our everyday lives.
Today I was motivated to write a pointed letter to a restaurant that I usually enjoy visiting. Here is what I wrote…
(more…)
Tags:awareness and training, Information Security, IT compliance, policies and procedures, privacy training, risk management, security training, service level agreements, vendor management
Posted in Miscellaneous | No Comments »
