It seems like my to-do list never gets shorter each day; only longer. This was even more true when I was responsible for the information security and privacy program within a large multi-national financial and insurance organization. It seemed the squeakiest wheel to-do items often got done, while other to-do’s that were very important, and often not that time-consuming, got put by the way-side, always put off until another week.
3 Creative Ways to Fund Information Security and Privacy Awareness
November 8th, 2007Several years ago I helped the information protection program at a large organization with getting supplies and prizes for the awareness program on an extremely limited budget. Having some type of prizes and/or recognition for awareness activities and contests is a very good motivator to get your folks involved, and to raise their awareness of important information security, privacy and compliance issues in the process!
New PCI Standard Draft Released Today; the Payment Application Data Security Standard (PA-DSS)
November 7th, 2007The PCI Security Standards Council announced today the release of draft for a new standard for payment application software; the Payment Application Data Security Standard (PA-DSS).
Judge Rules University Policy & FERPA Allow Student PII To Be Released
November 6th, 2007Here’s a case I found interesting…the U.S. District Court for the Eastern District of Tennessee ruled on October 24th that providing a group of record company plaintiffs with student personally identifiable information (PII) does not violate the U.S. Family Educational Rights and Privacy Act (FERPA).
Judge Rules University Policy & FERPA Allow Student PII To Be Released
November 6th, 2007Here’s a case I found interesting…the U.S. District Court for the Eastern District of Tennessee ruled on October 24th that providing a group of record company plaintiffs with student personally identifiable information (PII) does not violate the U.S. Family Educational Rights and Privacy Act (FERPA).
Insider Threat Lessons: Posting Threats And Personnel PII On The Internet Establishes Federal Jurisdiction
November 5th, 2007Here’s another insider threat example to know and to discuss with your legal counsel and HR folks. It highlights the need for information security and privacy policies, shows how information security and privacy must work with multiple areas on an ongoing basis, and demonstrates the sanctions that can be brought against those who break them.
Insider Threat Lessons: Posting Threats And Personnel PII On The Internet Establishes Federal Jurisdiction
November 5th, 2007Here’s another insider threat example to know and to discuss with your legal counsel and HR folks. It highlights the need for information security and privacy policies, shows how information security and privacy must work with multiple areas on an ongoing basis, and demonstrates the sanctions that can be brought against those who break them.
Do Something To Change Information Security, Privacy and Compliance…Contact Congress!
November 4th, 2007I, along with a very large number of other bloggers, writers and instructors, often pick apart data protection and privacy laws and regulations, and point out how certain portions of them are infeasible for most organizations to implement, and talk about the types of laws that should be inacted to protect personally identifiable information (PII) and privacy. But how many of us actually do something about it and contact our lawmakers to communicate this information?
Do Something To Change Information Security, Privacy and Compliance…Contact Congress!
November 4th, 2007I, along with a very large number of other bloggers, writers and instructors, often pick apart data protection and privacy laws and regulations, and point out how certain portions of them are infeasible for most organizations to implement, and talk about the types of laws that should be inacted to protect personally identifiable information (PII) and privacy. But how many of us actually do something about it and contact our lawmakers to communicate this information?
