January 11th, 2008
I just read this and found the implication that folks over 50 years of age are not terrorist threats rather odd.
Today the U.S. Department of Homeland Security released some new rules related to READ ID.
Read the rest of this entry »
Tags: awareness and training, DHS, Information Security, IT compliance, personal privacy, personally identifiable information, PII, policies and procedures, privacy, REAL ID, risk management, security awareness, terrorist
Posted in government | 1 Comment »
January 11th, 2008
I’ve blogged several times, such as here, here and here, about how information posted to the Internet, such as on Facebook and other social networking sites, cannot be considered as being private or secure, have been used to make hiring and firing decisions, and how it has impacted lives in other ways.
Well, now information posted to social networking sites are being used by schools.
Read the rest of this entry »
Tags: awareness and training, Eden Prairie, facebook, Information Security, IT compliance, personal privacy, personally identifiable information, PII, policies and procedures, privacy, protecting information, risk management, security awareness, security training, social networking
Posted in Privacy and Compliance | No Comments »
January 9th, 2008
On December 28 the U.S. Federal Trade Commission (FTC) made a new report available to the public, “Spam Summit: The Next Generation of Threats and Solutions.”
The report describes the findings from a July 2007 workshop the FTC hosted, and proposes follow-up action steps to mitigate the damages caused by malicious spam and phishing.
Read the rest of this entry »
Tags: awareness and training, FTC, government, Information Security, IT compliance, phishing, policies and procedures, risk management, security awareness, security training, spam
Posted in Information Security | No Comments »
January 8th, 2008
Tags: awareness and training, Information Security, IT compliance, personal privacy, personally identifiable information, PII, policies and procedures, privacy, risk management, security awareness, security training, Shirk
Posted in Privacy Incidents | No Comments »
January 7th, 2008
I’m still catching up on December news…and I ran across a significant e-discovery ruling. The U.S. District Court for the Central District of California ruled December 13, 2007, that Justin Bunnell/www.TorrentSpy.com was guilty of “willful spoliation of evidence” violating the E-Discovery Rule in the suit Columbia Pictures, Inc. brought against them for copyright infringement.
Reading through the court records, it is really amazing how blatantly the defendent violated what seemed to be almost every e-discovery rule possible in this situation. They…
Read the rest of this entry »
Tags: awareness and training, Bunnell, Columbia Pictures, data retention, democrats, e-discovery, electronic discovery, Information Security, Iowa caucus, IT compliance, policies and procedures, privacy, regulatory compliance, republicans, risk management, security awareness, security training, Torrentspy
Posted in Non-compliance Sanctions Examples | No Comments »
January 6th, 2008
While doing some encryption research I ran across this Vermont ruling made on November 29, 2007.
It provides some good lessons about computer forensics and investigation and password management.
Read the rest of this entry »
Tags: 5th Amendment, awareness and training, Boucher, computer forensics, democrats, encryption, Information Security, Iowa caucus, IT compliance, Niedermeier, password security, PGP, policies and procedures, privacy, republicans, risk management, security awareness, security training, Vermont
Posted in Laws & Regulations, Privacy and Compliance | 2 Comments »
January 4th, 2008
Well, after over a year of fervent campaigning by many presidential hopefuls, the Iowa caucuses are over! As I mentioned a couple of days ago I have never declared a party before, but this year I wanted to be part of the caucus experience. I wanted to participate and see first-hand what it was like and not just have some political pundits from the east or west coasts giving their inaccurate opinions of what really goes on.
Read the rest of this entry »
Tags: awareness and training, Barack Obama, Bill Richardson, democrats, Hillary Clinton, Information Security, Iowa caucus, IT compliance, John Edwards, policies and procedures, privacy, republicans, risk management, security awareness, security training, wired, YouTube
Posted in Miscellaneous | 1 Comment »
January 3rd, 2008
I recently blogged about “6 “Scary Stuff” Privacy Terms IT, Info Sec and Privacy Folks Should Know.”
I was very pleasantly surprised to hear from Dr. Michael G. Michael and his wife Dr. Katina Michael a couple of days ago about the post! (Thank you Michael and Katina!) They provided some additional very interesting information about the term “√úberveillance.” With their permission, here is a large portion of the message they sent to me:
Read the rest of this entry »
Tags: ambient technology, awareness and training, Dr. Katina Michael, Dr. Michael G. Michael, employee privacy, employee tracking, GPS tracking, Information Security, IT compliance, policies and procedures, privacy, privacy law, RFID, risk management, security awareness, security training, social security number, SSN, uberveillance
Posted in Privacy and Compliance | No Comments »
January 2nd, 2008
I am happy to live in Iowa. I’ve enjoyed getting to see the presidential hopefuls in the state for the past 1+ years. I always vote during presidential elections, but I’ve never yet declared a party; I really don’t want to be listed in who knows how many places under such a label. However, this year I would really like to participate in the Iowa caucus.
Read the rest of this entry »
Tags: awareness and training, CNN, democrats, Howard Dean, Information Security, Iowa caucus, IT compliance, policies and procedures, privacy, republicans, risk management, security awareness, security training, YouTube
Posted in government | No Comments »
December 30th, 2007
Tags: Authorities Principles of Business, awareness and training, FSA, identity verification, Information Security, IT compliance, Norwich Union Life, personally identifiable information, PII, policies and procedures, pretexting, risk management, security awareness, security training
Posted in Non-compliance Sanctions Examples | No Comments »
