Archive for the ‘Privacy and Compliance’ Category

The Path Less Traveled…I’ve Been “Tagged” to Blog About How I Got Into This Business and To This Point in my Career

Friday, April 6th, 2007

I had been planning to post about a legal argument made regarding employer’s email systems and employee rights, but I’ll save that until the weekend…this sounds more fun right now any way!

(more…)

Insider Threat Example: Former Wal-Mart Employee Spied Because His Managers Told Him To

Wednesday, April 4th, 2007

I have seen organizations where management and staff members were so fixated on protecting the company, to the disregard of observing laws and complying with policies, that they ended up doing completely inappropriate actions that involved infringing on privacy and breaking laws.

(more…)

Privacy Act: FTC Proposes Allowing Disclosure of PII Records to Third Parties To Assist Data Breach Response Within Gov’t Agencies

Tuesday, April 3rd, 2007

On March 29 the FTC published a proposed new routine use, (72 Fed. Reg. 14814, 3/29/07), that would allow FTC records governed by the Privacy Act to be disclosed to “appropriate” persons and entities when reasonably necessary to respond and prevent, minimize, or remedy harm resulting from a U.S. government agency data breach or compromise.

(more…)

How Long Has It Been Since You’ve Done An Awareness Activity? Privacy and Security Week Starts April 8

Monday, April 2nd, 2007

Awareness activities are an important and necessary component of an effective, layered, information assurance program. Too little time is spent on communicating information security and privacy requirements, threats, vulnerabilities, and other related issues within most organizations. Providing regular traning and ongoing awareness activities to all personnel, along with customized training to targeted groups with unique information security responsibilities, such as call centers, sales and marketing folks, and applications and systems developers, as is also very important.

(more…)

Royal Academy of Engineering Releases Privacy Study Report: Emphasizes Importance of Engineering Security and Privacy Into Technology

Friday, March 30th, 2007

The Royal Academy of Engineering, located in London, recently released a report, “Dilemmas of Privacy and Surveillance: Challenges of Technological Change.”
I just ran across it and haven’t had a chance to review it in depth yet, but a quick scan and reading the executive summary shows some interesting thoughts.

(more…)

Study Reports The Companies Trusted Most For Privacy

Thursday, March 29th, 2007

The Ponemon Institute puts out an annual survey asking anyone who wants to participate in their online survey who the companies are that they believe respect their customers most and do the best job of protecting their privacy.

(more…)

U.S. ONDI and DOD Standardizing Security Policies

Wednesday, March 28th, 2007

The Office of the National Director of National Intelligence (ONDI) and the Department of Defense (DoD) announced they are going to standardize their information security policies.
The work on the standardization started 8 months ago.

(more…)

Government Compliance: FBI Director Says USA PATRIOT Act Doesn’t Need Changes; That FBI Is To Blame for Associated Problems

Tuesday, March 27th, 2007

Today U.S. FBI Director Robert Mueller appeared before the Senate Judiciary Committee and testified that there are no problems with the USA PATRIOT Act, but that the FBI did not implement the Act appropriately.

(more…)

Don’t Be A Security Slacker

Sunday, March 25th, 2007

Today I woke up to a beautiful, gorgeous spring morning…sunny, low 60’s (abnormally high for March), gentle breeze, the grass seemed to have gotten green over night, the birds are singing, the geese and ducks have come back after being gone for the winter and are swimming on our pond, a cute little chipmunk is eating from the birdseed and nuts I scattered on the patio outside my office door, what a great day! And then, after a nice walk outside, I come back inside, first to do some chores along with my family; my sons doing their assigned cleaning.

(more…)

Raise Awareness by Sharing Your Knowledge And Experience

Saturday, March 24th, 2007

You help to improve information assurance efforts and assist other information assurance practitioners by sharing your expertise, experiences, and suggestions. Consider writing an article for publication not only to help others, but also to help you hone your writing skills, validate your expertise to your business leaders by showing them your published work, and provide an avenue for meeting other professionals who reach out to ask you questions about your article.

(more…)