Yesterday the British North American Committee (BNAC) and the Atlantic Council of the United States (a U.S. sponsor of the Committee) announced the release of a new study, “Cyber Attack: A Risk Management Primer for CEOs and Directors.”
It is important for business leaders to understand information security and privacy risks better. It is important for information security and privacy professionals to put forth effort to raise CEO understanding of information security and privacy issues. Understanding and acting upon the risks are important for the health of the business, and CEOs must understand HOW information security and privacy relate to business.
Archive for the ‘Training & awareness’ Category
New Report Provides Great Information Security Information To Give To CEOs
Thursday, December 13th, 2007And The Award For Best Email Security Awareness Film of 2007 Goes To…
Friday, December 7th, 2007I’ve been seeing a ton of articles and blog postings for the “Best Security <Whatever> of 2007,” “Worst Security Exploits of 2007,” “Security Projections for 2008” and so on in the past few weeks.
Well, I’ve got my own “Best of” award to give for 2007!
None of the best of or worst of postings or articles that I have seen have covered information security and privacy awareness, even though most information security incidents and privacy breaches occur as a result of humans…human error, lack of knowledge or malicious intent.
And The Award For Best Email Security Awareness Film of 2007 Goes To…
Friday, December 7th, 2007I’ve been seeing a ton of articles and blog postings for the “Best Security <Whatever> of 2007,” “Worst Security Exploits of 2007,” “Security Projections for 2008” and so on in the past few weeks.
Well, I’ve got my own “Best of” award to give for 2007!
None of the best of or worst of postings or articles that I have seen have covered information security and privacy awareness, even though most information security incidents and privacy breaches occur as a result of humans…human error, lack of knowledge or malicious intent.
Information Security and Privacy Leaders, Get Your Elevator Speeches Ready For Your CxOs!
Monday, November 26th, 2007My father was the superintendent of the public school district where I grew up in Missouri. He was a very hands-on type of leader; when he was not filling out forms, writing reports, making plans, or in meetings he was out in the hallways seeing what was up with the students and teachers and making sure that all was well. And then the evenings were busy with basketball games, concerts or other school events. Those school employees, parents and students that were able to talk with him during opportune times in the hallway or in the bleachers during time-outs, and get their concerns or points stated succinctly and clearly, made a positive impression with my dad. He appreciated that they communicated their ideas and concerns clearly, and got right to the point.
If you had an opportunity to speak for a few minutes with your CEO, CFO, or other CxO, would you be prepared to communicate succinctly and clearly your concerns and state your points regarding the importance of your information security and privacy initiatives?
3 Creative Ways to Fund Information Security and Privacy Awareness
Thursday, November 8th, 2007Several years ago I helped the information protection program at a large organization with getting supplies and prizes for the awareness program on an extremely limited budget. Having some type of prizes and/or recognition for awareness activities and contests is a very good motivator to get your folks involved, and to raise their awareness of important information security, privacy and compliance issues in the process!
FTC Now Requires Organizations to Have an Identity Theft Prevention Program
Thursday, November 1st, 2007Did you know that if you are a U.S. financial organization, *AND/OR* if you have information about your U.S. customers with which identity theft could occur, you are now legally required to have a documented Identity Theft Prevention Program to help prevent identity theft in connection with new and existing accounts?
5-Point Checklist for Info Sec and Privacy Pros to Use for Data Protection and Privacy Law Compliance
Sunday, October 28th, 2007One of the basic privacy principles is to limit the collection of personally identifiable information (PII) to only that which is necessary for the business purpose for which it is being collected. These privacy principles, built largely around the OECD privacy principles, are the basis for most data protection and privacy laws throughout the world.
Training Info Sec and Privacy For Incident Response; Many Issues Overlap
Tuesday, October 23rd, 2007It has been great talking in-depth about privacy issues over the past two days here at the IAPP Privacy Academy.
We had a great turnout for the pre-conference seminar; the room was filled to the 60-person capacity. It was good to hear the concerns and common practices of the diverse organizations for how they are providing privacy training and awareness.
