Archive for the ‘Privacy and Compliance’ Category
Thursday, December 11th, 2008
New FERPA Regulations were issued yesterday…
(more…)
Tags:awareness and training, FERPA, Information Security, IT compliance, IT training, personal information, personally identifiable information, PII, policies and procedures, privacy training, risk management, security training
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
Thursday, December 11th, 2008
New FERPA Regulations were issued yesterday…
(more…)
Tags:awareness and training, FERPA, Information Security, IT compliance, IT training, personal information, personally identifiable information, PII, policies and procedures, privacy training, risk management, security training
Posted in Laws & Regulations, Privacy and Compliance | 1 Comment »
Monday, December 8th, 2008
Today the Center for Strategic and International Studies (CSIS) Commission on Cybersecurity for the 44th Presidency released a report, “Securing Cyberspace for the 44th President,” that includes recommendations for a comprehensive strategy to improve cybersecurity in federal systems and in critical infrastructure.
(more…)
Tags:awareness and training, Center for Strategic and International Studies, CSIS, cybersecurity, Information Security, IT compliance, IT training, Obama, policies and procedures, privacy training, risk management, security training
Posted in government, Information Security, Privacy and Compliance | No Comments »
Sunday, December 7th, 2008
Last night when I got the following news, it really made my day! 🙂
(more…)
Tags:awareness and training, best privacy advisers, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in Information Security, Privacy and Compliance | No Comments »
Friday, December 5th, 2008
My long-time friend, Richard Power, recently published an article in CSO magazine about a recent study he and Jody Westby did at Carnegie-Mellon in his Cylab center…
(more…)
Tags:awareness and training, Carnegie Mellon, CyLab, Information Security, IT compliance, IT training, jody westby, policies and procedures, privacy training, Richard Power, risk management, security training
Posted in Information Security, Privacy and Compliance | No Comments »
Thursday, December 4th, 2008
What was this worker for a healthcare provider thinking…didn’t/doesn’t the provider provide any kind of information security or privacy training or awareness communications…?
(more…)
Tags:awareness and training, HIPAA, Information Security, IT compliance, IT training, patient privacy, policies and procedures, privacy training, risk management, security training
Posted in Laws & Regulations, Privacy and Compliance, Privacy Incidents | No Comments »
Monday, December 1st, 2008
A couple of weeks ago, while I was at the CSI Annual conference doing sessions and giving my 2-day class there, I took some time to do an interview with Mike Brennan at Michigan Tech News radio about the keynote I did the week before in Kalamazoo, MI; the podcast of it was just posted today…
(more…)
Tags:awareness and training, Information Security, IT compliance, IT training, Mike Brennan, mobile computing, mobile security, policies and procedures, privacy training, risk management, security training
Posted in Information Security, Privacy and Compliance | No Comments »
Tuesday, November 25th, 2008
I speak with many folks about the importance of published website privacy policies, along with the issues of obtaining consent…not implied but explicit/express…to change the terms of privacy policies.
I also participate in LinkedIn, and I have found it to be a great and valuable tool to network and communicate with other information security and privacy practicitioners.
So, today when I logged in I was quite interested to see the following banner posted on the home page…
(more…)
Tags:awareness and training, express consent, FTC, implied consent, Information Security, IT compliance, IT training, LinkedIn, policies and procedures, privacy policy change, privacy training, risk management, security training
Posted in Privacy and Compliance | 2 Comments »
Monday, November 24th, 2008
While doing some research on cloud computing and considering the privacy and information security implications, I ran across a recent (11/18/2008) report from the Constitution Project, “Liberty and Security: Recommendations for the Next Administration and Congress“.
The following is an excerpt from page 184…
(more…)
Tags:awareness and training, Constitution Project, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in government, Privacy and Compliance | No Comments »
Monday, November 24th, 2008
While doing some research on cloud computing and considering the privacy and information security implications, I ran across a recent (11/18/2008) report from the Constitution Project, “Liberty and Security: Recommendations for the Next Administration and Congress“.
The following is an excerpt from page 184…
(more…)
Tags:awareness and training, cloud computing, Constitution Project, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in government, Privacy and Compliance | 1 Comment »
