It really bothers me when so-called information security and privacy “experts” make statements that awareness activities have no impact. They base their opinions on measurements that could very well be, and likely are, unrelated to each other. Last year a study was presented in Europe claiming awareness activities has no impact on security.
Hogwash!
Archive for the ‘Training & awareness’ Category
Insider Threat Example: Engineer Leaks U.S. Military Secrets
Friday, May 11th, 2007There has been a lot of talk and blogging recently about whether or not there is a need for an information security industry/profession. Um sure, and there is no need for the physical security industry/profession either, is there?
As long as humans touch information in any way, electronically or physically, information security will be needed to provide them with policies, procedures, standards, guidance, training, ongoing awareness, and responding to and fixing the security messes and privacy breaches they cause.
Information Security and Privacy Professionals Must Partner on Over 15 Different Enterprise Issues
Wednesday, April 25th, 2007Recently I read a print article written by a prominant privacy officer at a well-known company who has been writing a lot of articles about privacy over the past couple of years. She is successful and usually has some good advice, but what worried me about the latest article I read, and some of her other articles, is that she specifies that certain issues are handled by IT and/or the information security officer, so privacy officers do not need to worry about them or even know much, if anything at all, about them. The topics she’s mentioned have been encryption, outsourcing IT functions, and information security policies, just to name a few.
Free Information Security Training Workshops from FISSEA
Tuesday, April 17th, 2007The information security and privacy incidents tally continues to grow every day, the threats and vulnerabilities continue to appear every day, and information security and privacy professionals have a hard time keeping up with them all, not to mention keeping their own personnel aware of the many issues they face in their every day business work. And then to get the resources and time necessary to create an effective program! I know many folks often seem overwhelmed.
How Long Has It Been Since You’ve Done An Awareness Activity? Privacy and Security Week Starts April 8
Monday, April 2nd, 2007Awareness activities are an important and necessary component of an effective, layered, information assurance program. Too little time is spent on communicating information security and privacy requirements, threats, vulnerabilities, and other related issues within most organizations. Providing regular traning and ongoing awareness activities to all personnel, along with customized training to targeted groups with unique information security responsibilities, such as call centers, sales and marketing folks, and applications and systems developers, as is also very important.
Raise Awareness by Sharing Your Knowledge And Experience
Saturday, March 24th, 2007You help to improve information assurance efforts and assist other information assurance practitioners by sharing your expertise, experiences, and suggestions. Consider writing an article for publication not only to help others, but also to help you hone your writing skills, validate your expertise to your business leaders by showing them your published work, and provide an avenue for meeting other professionals who reach out to ask you questions about your article.
Norwich University Fifth Annual Information Assurance Student Symposium: March 27
Friday, March 23rd, 2007I am very honored to be an adjunct professor for the Norwich Master of Science in Information Assurance (MSIA) program.
In this role I’m also fortunate to be able to work with Dr. Mich Kabay, who is the MSIA Program Director.
Phishing for Taxpayers’ Personal Information
Saturday, March 17th, 2007I just finished my 2006 income taxes this morning…something I absolutely HATE doing! I just hate all the forms and paperwork, all the time involved, and always keeping track of that important receipt for business software or hardware that somehow got lost or wedged in some deep dark corner of a drawer.
I’m not against taxes, per se; they are an important part of maintaining public services. But I hate how the tax laws change every year, all the odd new taxes for business owners each year, and how many strange new exemptions seem to always pop up every year, but primarily for the big organizations. I am a company of one for my information security, privacy and compliance business, and I am a company of two for my farm. Between the two there are what seems to be around a hundred different forms to fill out, and always different in little ways each year. So, I hate the time it takes to do taxes, but at the same time I am very thankful to be able to have businesses that otherwise allow me to do work I love.
“Protecting Personal Information: A Guide for Business”: Free from the FTC
Thursday, March 8th, 2007Today the U.S. Federal Trade Commission (FTC) released a 24-page guide, “Protecting Personal Information: A Guide for Business”
Within the guide the FTC advises businesses to protect personally identifiable information (PII) through the following actions:
