August 24th, 2007
on 8/22/2007 a very interesting and useful report was released by the European Network and Information Security Agency (ENISA), “Information security awareness initiatives: Current practice and the measurement of success.”
Read the rest of this entry »
Tags: awareness and training, data protection law, ENISA, EU Data Protection Directive, European Union, Information Security, IT compliance, personally identifiable information, PII, policies and procedures, PricewaterhouseCoopers, privacy, privacy law, risk management
Posted in Information Security, Privacy and Compliance, Training & awareness | 3 Comments »
August 24th, 2007
I’m surprised by how different the opinions are for this week’s poll about using social networking sites at work!
If you haven’t clicked a poll button for it yet (see right side of screen and scroll down a little), please do so. It will be interesting to see if the opinions stay so widely scattered by the end of Sunday.
Tags: awareness and training, facebook, Information Security, IT compliance, MySpace, policies and procedures, privacy, risk management, social networking
Posted in Information Security | No Comments »
August 24th, 2007
We had some horrendous storms here in Iowa this week. Last night was a doozy! The lightning unrelenting, the winds horrific, and tornado spottings were peppered across the southern half of Iowa.
Read the rest of this entry »
Tags: awareness and training, backup, business recovery, dial-up access, disaster plan, Information Security, IT compliance, policies and procedures, privacy, risk management
Posted in Information Security | No Comments »
August 23rd, 2007
As a follow-up to my blog posting yesterday, I wanted to point out that the European Union (EU) Data Protection Authorities (DPAs) have been very active in pursuing data protection law compliance.
Read the rest of this entry »
Tags: Article 29 Working Party, awareness and training, data protection law, EU Data Protection Directive, European Union, Information Security, IT compliance, policies and procedures, privacy, privacy law, risk management
Posted in Privacy and Compliance | No Comments »
August 22nd, 2007
Multi-national organizations doing business in Europe must know and understand not only their obligations to protect personally identifiable information (PII) under the European Union (EU) Data Protection Directive 95/45/EC, but they must also know and understand the data protection laws within each of the EU member countries.
Read the rest of this entry »
Tags: awareness and training, data protection law, EU Data Protection Directive, European Union, Information Security, IT compliance, policies and procedures, privacy, privacy law, risk management
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
August 21st, 2007
Last week my blog poll was, “Is your organization planning to pursue ISO 27001 certification in 2007 or 2008?”
I asked this after reading an SC Magazine article that I recently blogged about, “Are the U.S. Numbers Planning For ISMS (ISO 27001) Certification Really At 80%?”
As I had indicated, based upon my many discussions with a very wide range of CISOs, I thought this number was way too high.
And now for the results of my *ADMITTEDLY UNSCIENTIFIC WEBPOLL*…drum roll, please; Thhuudddrrrrrrrrrrrrr…
Read the rest of this entry »
Tags: awareness and training, Information Security, ISMS, ISO 27001, ISO 27001 certification, ISO27002, IT compliance, OECD, PII, policies and procedures, privacy, risk management
Posted in Information Security | 2 Comments »
August 20th, 2007
Over the weekend I read yet another news article about social networking sites and the related risks. This time it was about how schools are implementing rules to address cyber bullying on the Internet; “Students To Be Punished For MySpace Postings.”
Read the rest of this entry »
Tags: awareness and training, facebook, Information Security, IT compliance, MySpace, personally identifiable information, PII, policies and procedures, privacy, risk management, social networking
Posted in Information Security, Privacy and Compliance | 2 Comments »
August 20th, 2007
The new U.S. Social Security number (SSN) No Match Rule was published August 15 in the Federal Register. You can also see it here.
This new regulation provides directives for the letters the U.S. Social Security Administration (SSA) issues to employers when the SSA discovers that an SSN does not match the information provided by the employer.
Read the rest of this entry »
Tags: awareness and training, Department of Homeland Security, DHS, Information Security, IT compliance, no match letter, no match rule, PII, policies and procedures, privacy, risk management, social security administration, social security number, SSA, SSN
Posted in Laws & Regulations, Privacy and Compliance | 1 Comment »
August 17th, 2007
Just because a social networking site says it is secure, and even if it has “TRUSTe,” “Hacker Safe” or other security and privacy assurance stamps on the site, it does not mean that bad things cannot happen. Take Facebook as a case in point.
Read the rest of this entry »
Tags: andyitguy, awareness and training, facebook, hacker safe, Information Security, infosecblog, IT compliance, policies and procedures, privacy, risk management, social network, truste
Posted in Information Security, Privacy and Compliance, Privacy Incidents | 2 Comments »
August 17th, 2007
If you have not yet clicked a button on my poll regarding ISMS/ISO27001 certification (see right side of page and scroll down a little) please do so! I’m finding it interesting that a large portion (36%) of those who have clicked for the poll so far are not aware of the certification. This perhaps calls to question the folks at BSI who forecast that 80% of U.S. companies will be pursuing certification in the next couple of years.
See my original post for more information about it.
Tags: awareness and training, BSI Management Systems, Information Security, ISMS, ISO 27001, ISO 27001 certification, IT compliance, John DiMaria, policies and procedures, privacy, risk management
Posted in Information Security | No Comments »