Today I just finished writing the last of a three paper series, “The Essentials Series: PCI Compliance,” in which I discuss and demonstrate three ways in which meeting the PCI DSS requirements for logging also benefits businesses by putting into place log management practices that:
Archive for the ‘Privacy and Compliance’ Category
Using PCI DSS-Compliant Log Management to Identify Insider Access Abuse
Tuesday, April 1st, 2008The Benefits of a Privacy Ombudsman
Wednesday, March 26th, 2008The folks from Cutter just notified me that an excerpt from a recent article I wrote, “Learning from a Privacy Ombudsman: A Case Study to Establish a Healthcare Services Ombudsman,” will soon be featured in the “Quote of the Day” section of the Cutter Web site.
Here’s the excerpt…
The Emperors’ New Clothes Lack Privacy
Friday, March 21st, 2008Over the past few weeks I’ve talked to several privacy officers and information security officers about how things are going with their initiatives, funding, and so on. Many from the financial industry, but otherwise a wide range of businesses from small to large. There has been a common theme during these discussions…
HIPAA *HAS* Impacted Healthcare Providers…Despite Lack Of Enforcement
Monday, March 17th, 2008I have written many times about how the U.S Department of Health and Human Services (HHS) has severely weakened the planned privacy and security goals of the Health Insurance Portability and Accountability Act (HIPAA) to require healthcare covered entities (CEs) to implement strong safeguards for the protected health information (PHI) with which they’ve been entrusted. And I still believe that.
However, after reading a another report today I realized something…
What Business Leaders Need to Know About Privacy Breach Notifications
Thursday, March 13th, 2008The third article in my March e-journal issue of “IT Compliance in Realtime” is “What Business Leaders Need to Know About Privacy Breach Notifications.”
Here it is, unformatted:
The “Reasonable Belief” of a Privacy Breach
Wednesday, March 12th, 2008The second article in my March e-journal issue of “IT Compliance in Realtime” is “The “Reasonable Belief” of a Privacy Breach.”
Here it is, unformatted:
The “Reasonable Belief” of a Privacy Breach
Wednesday, March 12th, 2008The second article in my March e-journal issue of “IT Compliance in Realtime” is “The “Reasonable Belief” of a Privacy Breach.”
Here it is, unformatted:
My New E-Journal For March Now Available!
Thursday, March 6th, 2008Remember when I mentioned in January that I would be devoting more time in 2008 to writing papers to post to this site instead of spending as much time writing long blog postings?
Well, the papers I wrote in February are now available for you to download, FREE, in the form of what will be a monthly E-Journal!
For this month I wrote about the following issues that I see as immediately significant to businesses of all kinds:
Another Messaging Risk To Keep In Mind
Wednesday, March 5th, 2008Many of the business folks I’ve talked to in the past year or two are increasingly using text messaging more while doing their business. And they are using their business cell phones more for sending personal text messages.
A few weeks ago I wrote about how sending text messages got the mayor of Detroit in big trouble.
Here’s one more compelling reason to think twice about the text messages you send; whether from your business phone or personal phone:
