On September 17 the COSO “Guidance on Monitoring Internal Control Systems” discussion document was released, with public comment on the paper being accepted until October 31.
Use COSO for SOX and Other Compliance Activities
September 23rd, 2007A Military Grade Encrypting Self-Destructing USB Drive Makes A Great Gift!
September 22nd, 2007This morning I was doing some of my Christmas gift shopping…yes, I like to get mine done early! 🙂 Any way, I’m thinking about getting an Ironkey encrypted USB drive for some of my relatives who are in dire need of protecting their information better.
ISO/IEC 17799:2005 By Another Name Is Still The Same
September 21st, 2007I’ve been doing some compliance gap analysis work comparing the policies of one of my clients with ISO/IEC 17799:2005. It was renamed in July of this year to ISO/IEC 27002:2005. So, along with the name change, did the content also change? Having the 2005 tacked on the end of the new name would seem to possibly indicate not. Hmm…
Trends In Allowing MP3 Downloads to Corporate Networks
September 20th, 2007I love my iPod and my iTunes. I have always liked to pick and choose the tunes I wanted to hear and not have to listen to the entire album/CD if there were some songs that I didn’t care for. Plus, I like to listen to a variety of singers, all mixed together. I’ve created dozens of playlists for various events and activites I do. I have an eclectic taste in music which I am broadening all the time while listening to what I think is one of the top radio stations in the entire country, located right here in the Des Moines, Iowa area. Add to this the many great podcasts that continue to be churned out, and you can imagine how many weeks of total play time are stored on my computer within my MP3s.
Deloitte Survey Shows the Need for Effective Training
September 19th, 2007Deloitte Touche Tohmatsu just released their “2007 Global Security Survey” report.
New FTC Report Provides Organizations Good Guidance For Protecting PII
September 18th, 2007Today the U.S. Federal Trade Commission (FTC) released a report, “Combating Identity Theft: Implementing a Coordinated Plan.”
Would You Be More Inclined To Work For A Company That Gave You Identity Theft Insurance As A Benefit?
September 17th, 2007Last year I had a couple of different identity theft insurance vendors contact me wanting me to endorse their products as they were trying to sell the packages to employers to offer to their employees as part of their total benefits packages.
PII for 60,000 Lost In Yet Another Incident: Know How To Address The Risks Involved With Entrusting PII To Business Partners
September 13th, 2007Yesterday yet another incident occurred where a business partner / vendor lost the personally identifiable information (PII) for which they had been entrusted. Americhoice sent a CD containing the PII of 67,000 individuals to TennCare via overnight UPS delivery.
The First Ever HIPAA Audit: Where’s The Report? Does It Have Beef?
September 12th, 2007Gosh, I just had a flashback to the “Where’s the Beef” commercial from years ago… 🙂
The U.S. Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule went into effect in April, 2001, and gave covered entities (CEs) two years to get into compliance. The HIPAA Security Rule went into effect in April 2003 and CEs had until April 2005 to get into compliance.
