The day before Thanksgiving here in the U.S. I had the great pleasure of speaking with a couple of consumate information security experts from across the pond in England and Norway, Kai Roer and Mo Amin, on an episode of their Security Culture TV! We chatted about how to get folks to be more aware of privacy risks, and how to change their mindset to a more privacy proactive stance. You can see this episode here.
When you look at recent breaches, it is clear that awareness of information security and privacy risks, and how to mitigate them, is not getting the attention necessary by leaders of organizations. Why else would Sony have kept thousands of systems account IDs and passwords in numerous data file folders with names including “Passwords”? Why would a large hospital have put sensitive hard copy patient records out in the street to be blown around?
Performing privacy impact assessments would have identified these risks, and such breaches could very well have been avoided. One of the information security and privacy risk management activities that all organizations need to put on their to-do list is a privacy impact assessment (PIA). Don’t know what is involved with such an activity? SeeĀ my PIA toolkit.
Doing a PIA will also show those with the attitude of “I have nothing to hide” why they still need to be concerned with, and address privacy risks.
Tags: awareness, compliance training, cyber security awareness, cybersecurity, cybersecurity awareness, financial security training, FISMA, GLBA, healthcare security training, HIPAA, HIPAA security training, Information Security, information security awareness, information security training, Kai Roer, Mo Amin, PIA, privacy, privacy awareness, privacy impact assessment, privacy professor, Rebecca Herold, training