Much is written about the many different ways in which sensitive data is leaked…and yes, there certainly are MANY ways!
Something I noticed once more today while I was doing some online research was the incredibly large amount of personally identifiable information (PII) I found within the PDFs I discovered during my searches.
Archive for the ‘Privacy and Compliance’ Category
Surveillance and Managing Information With So Many Ways To Capture It
Wednesday, June 27th, 2007Over the weekend a news story appeared in Australia that I’m sure is occurring in MANY other organizations, far beyond just schools; “Teachers being secretly filmed by students”
First Person Convicted Under CAN-SPAM Is Sentenced to 70 Months in Federal Prison and Must Pay Over $1 Million
Tuesday, June 26th, 2007On June 11, Jeffrey B. Goodin was ordered to pay $1,002,885.58 to the victims of his phishing scheme.
Laws, Standards, Mapping, and HIPAA
Friday, June 22nd, 2007Today is the last day of Norwich University’s Masters programs residency week; this afternoon is graduation.
It has been a great week…I have loved chatting with the students and faculty, and I’ve compiled a page full of topics I want to research and blog about!
Norwich University Residency Week & Thoughts On the Court Ruling on Email Searches
Thursday, June 21st, 2007I’m a professor for the Norwich University MSIA program, and since Sunday I’ve been here in Vermont for their residency week, culminating in graduation on Friday. It has been a great week! It kicked off with a wonderfully thought-provoking discussion led by Karen Worstell, former CISO for Microsoft, as well as former CEO at AtomicTangerine, and many other high-profile positions.
On The Internet, If It Looks, Quacks and Walks Like a Duck, Is It *REALLY* a Duck?
Wednesday, June 20th, 2007I am a great believer of performing due diligence to ensure potential new hires have no deceptive or malicious skeletons in their past that may be reincarnated after they have been hired and entrusted with access to sensitive information and supporting resources. There are appropriate times organizations should do criminal background checks, education checks, and other checks as appropriate and legal for the position being filled and the location of the facility.
Greetings from Arizona!
Tuesday, June 12th, 2007Is it Tuesday already? I’ve lost track of the days…I’ve been here at the CSI NetSec conference since Friday, giving Chris Grillo’s and my “Handling Complex and Difficult Information Security and Privacy Issues” pre-conference seminar on Saturday and Sunday.
We had 16 outstanding participants from a wide range of industries, including government, technology, and retail, just to name a few. I love having this variety; it leads to very good discussions and increased understanding of what information assurance practitioners are dealing with. Thanks again to those of you who attended; your interaction was fantastic!
Could I Have a Side of Fries With That Security Please?
Thursday, June 7th, 2007There’s a pretty good McDonald’s commercial that started running recently. It shows two guys looking down at the office area on the floor below saying something like, “Janet’s so lame. She only buys McDonald’s for everyone so they’ll do her work for her.” Then the other guy says something like, “Yeah, it’s disgusting.” Then they both take a bite of a McDonald’s sausage McBiscuit, and then one says something like, “Well, we’d better get busy doing Janet’s invoices.”
If People Aren’t Trained The Best Security Will Go For Naught
Saturday, June 2nd, 2007This week there has been much talk in the U.S. news about how Andrew Speaker, the now notorious TB patient (more specifically extensively drug-resistant tuberculosis, or XDR-TB), apparently very easily circumvented security controls to come back into the U.S. via Canada.
My heading is a paraphrase of a longer quote I really like from Charles Schumer that he made about this incident, but that also applies very nicely to all information security practices.
It’s Hard to Keep Secrets When You Entrust Them To Others
Friday, June 1st, 2007When you entrust sensitive information to a contracted company or individual, you are also accepting risk. If you do not perform due diligence to ensure your contractor has effective safeguards in place, and understands that your information is sensitive, and if you do not have specific security requirements within your contract, you are opening yourself up to a major embarassment, major incident, or both.
The U.S. State Department entrusts many of their secrets to many different contractors. They have found themselves with yet some more bad press as a result of one of their contractors.