FTC Publishes Report On SSNs and Identity Theft

December 17th, 2008

Today the U.S. Federal Trade Commission (FTC) released a new report about social security numbers (SSNs), identity theft, and recommended 5 ways to help prevend having SSNs being used for identity theft…

Read the rest of this entry »

Blackberry Disposal Lessons From McCain & Palin

December 16th, 2008

Another real-life example to show the importance of having effective policies and procedures in place for not only information disposal, but also for the disposal of computers and storage media…

Read the rest of this entry »

Example Of Why Business Leaders MUST Ensure Third Party Security

December 15th, 2008

Below is a good example of why organizations need to do third party (vendor, outsourcers, business partners, etc.) information security and privacy program reviews. A very important sentence to show your business leaders who don’t think they need to ensure third party security is, “The lender made the data vulnerable, the complaint alleges, by allowing a third-party home seller to access the data without taking reasonable steps to protect it.”

Read the rest of this entry »

Insider Threat & More Examples Related To Putting Info on the Internet

December 13th, 2008

Here are some more examples of the dumb things that folks (often times folks within your organization) put on the Internet that had some bad repercussions…remember, once you put something on the Internet, even for a short period of time, you might as well accept that it will be out there forever…

Read the rest of this entry »

ED and HHS Gives Guidance for HIPAA and FERPA Relationship

December 12th, 2008

I saw some interesting news from the OS OCR Privacy List listserve. If you are with an education institution or a healthcare covered entity, take some time to read the new guidance about the relationship between FERPA and HIPAA

Read the rest of this entry »

New Family Educational Rights and Privacy Act (FERPA) Regulations

December 11th, 2008

New FERPA Regulations were issued yesterday…

Read the rest of this entry »

New Family Educational Rights and Privacy Act (FERPA) Regulations

December 11th, 2008

New FERPA Regulations were issued yesterday…

Read the rest of this entry »

Domain Name Hell…Deja Vu All Over Again!

December 10th, 2008

Last night I thought it odd that I did not receive any email messages after around 8pm. And this morning, it was V E R Y odd that I did not have the usual bunch of overnight spam in my inbox…
What’s up with this?

Read the rest of this entry »

Insider Threats Even More Significant During Down Economy

December 9th, 2008

I’ve written a lot about the insider threat, and the many different motivations for insiders to do malicious things (in addition to the other two types of insider threats of mistakes and lack of awareness).
Here are a couple of recently published research reports that shows how this horrible economy is impacting information security and making organizations even more vulnerable to privacy breaches…

Read the rest of this entry »

Recommendations To President Elect Obama For How To Improve Cybersecurity

December 8th, 2008

Today the Center for Strategic and International Studies (CSIS) Commission on Cybersecurity for the 44th Presidency released a report, “Securing Cyberspace for the 44th President,” that includes recommendations for a comprehensive strategy to improve cybersecurity in federal systems and in critical infrastructure.

Read the rest of this entry »