Organizations have faced legal and regulatory requirements for literally decades. However, IT compliance is relatively young.
U.S. healthcare organizations reacted with alarm over the passage of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The U.S. financial organizations soon followed suit with their reaction to the passage of the Gramm Leach Bliley Act (GLBA), also known as the Financial Modernization Act, of 1999. But probably the biggest whammy felt by the largest numbers of organizations was the passage of the Sarbanes Oxley (SOX) Act of 2002.
Supporting Compliance With ITIL
December 18th, 200718 IT Compliance, Info Sec & Privacy Links to Fortune’s 101 Dumbest Business Moments in 2007
December 17th, 2007Tis the season for lists upon lists upon lists. However, Fortune’s “101 Dumbest Moments in Business” for 2007 caught my eye for being rather unique-sounding. There were *MANY* dumb information security and privacy business moments in 2007; I wondered, did Fortune recognize any of them?
I took the time to flip through them quickly…ah, yes! Quite a fun exercise! And here at least 18 IT compliance, info sec and/or privacy links to the Fortune 101 list:
18 IT Compliance, Info Sec & Privacy Links to Fortune’s 101 Dumbest Business Moments in 2007
December 17th, 2007Tis the season for lists upon lists upon lists. However, Fortune’s “101 Dumbest Moments in Business” for 2007 caught my eye for being rather unique-sounding. There were *MANY* dumb information security and privacy business moments in 2007; I wondered, did Fortune recognize any of them?
I took the time to flip through them quickly…ah, yes! Quite a fun exercise! And here at least 18 IT compliance, info sec and/or privacy links to the Fortune 101 list:
2 Years Following Major Privacy Breach, Bahamas Puts Up Data Protection Web Site
December 16th, 2007A couple of years ago I finally took my family on a vacation to the Bahamas after not going on any type of vacation for several years. Five months later I learned…from my friends and not from the hotel…that a major breach occurred at the hotel; the credit card files for tens of thousands of their customers had been compromised.
I never did get a notification of the breach from the hotel. However, I did confirm through the Bahamas government, and subsequent widely published reports, that the breach did indeed occur.
“Awards” Given For E-Commerce Site Privacy Policies…The Best And The Worst
December 14th, 2007I ran across some interesting e-commerce site “awards” recently published by CyberStreetSmart.org. They identified the recipients of their “screen door” (the award retailers DON’T want) and “steel door” (retailers want this) awards based upon the privacy protections the sites had in place for customer personally identifiable information (PII).
New Report Provides Great Information Security Information To Give To CEOs
December 13th, 2007Yesterday the British North American Committee (BNAC) and the Atlantic Council of the United States (a U.S. sponsor of the Committee) announced the release of a new study, “Cyber Attack: A Risk Management Primer for CEOs and Directors.”
It is important for business leaders to understand information security and privacy risks better. It is important for information security and privacy professionals to put forth effort to raise CEO understanding of information security and privacy issues. Understanding and acting upon the risks are important for the health of the business, and CEOs must understand HOW information security and privacy relate to business.
Domain Name Issues And Related Business Risks
December 12th, 2007I have learned a lot about domain name maintenance and management issues over the past week! As a follow-up to my blog post yesterday, I have since discovered that as a result of a divestiture *two* registrars claim control of my domain (that I created and have owned and used since 2002); one in Australia has primary control, and the one I have always communicated with in Washington state has secondary control…I never knew this before.
Domain Name Maintenance and Customer Service Lessons
December 11th, 2007Over the past several days I feel as though I’ve been part of a Lemony Snicket book.
I’ve had domain registration problems for rebeccaherold.com that are still in the process of being resolved (<<those of you who sent emails to my rebeccaherold@rebeccaherold.com address, it may be another day or two before it works, but yes, I’m still here!)…my notebook computer mouse key went haywire…and today I lost my Internet connection (a wireless tower and wireless dish antennas don’t work well under a 2″ layer of ice and another few inches of snow on top of that) and I’m using my 24k dial-up. Hopefully the electricity is not next to go…
FDIC Releases Updated IT Officer’s Risk Management Program Questionnaire
December 10th, 2007Last week the U.S. Federal Deposit Insurance Corporation (FDIC) released an updated version of their IT officer’s risk management program questionnaire for banks and financial organizations to use to prepare for regulator audits.
Information security, privacy and IT pros in all types of organizations can benefit by looking through the questionnaire, even if they are not in a regulated industry. Auditors of all types often take such questionnaires and modify them for their use, so if internal or external auditors are looking at your IT risk management program, chances are they will be looking for similar types of information.
FTC Settlement For Marketing Via Pop-up Ads: Lessons For All Marketers Regarding Consent & Consumer Complaints
December 9th, 2007I like to keep my eye on the FTC site; they are very active in catching businesses violating the U.S. FTC Act by practicing unfair and deceptive business practices, particularly via the Internet. They really demonstrate the need for privacy and information security professionals to stay on top of what their business units and marketing areas are doing with regard to contacting consumers, forcing ads upon them, and gathering information from them.
