Here it is May, and I’m just now getting all of my April IT Compliance in Realtime Journal articles blogged about! Being in Las Vegas for a week at CSI SX / Interop really put a monkey wrench in my blogging activity last week.
While at the conference I spoke with many information security and IT leaders about privacy. Most have customer privacy on their minds, but a significant portion have not thought about employee privacy issues.
So, this article, “What Business Leaders Need To Know About Employee Privacy,” which is the third in my April IT Compliance in Realtime Journal issue, is pretty timely.
Download the April issue to get a much prettier, formatted version. Here is the unformatted article…
Posts Tagged ‘awareness and training’
What Business Leaders Need To Know About Employee Privacy
Sunday, May 4th, 2008Using DNA Of Family Members To Catch Criminals
Thursday, May 1st, 2008I just read an interesting article, “Using kin’s DNA to track suspects.”
Corporate Communications Officers Tying The Hands Of Information Security and Privacy Pros
Tuesday, April 29th, 2008I’ve been here at the CSI SX conference for the past few days, and I’ve had the great opportunity and pleasure of speaking with a large number of folks while here. I was finally able to meet Ron Woerner in person (nice to meet you Ron!) after communicating with him in the Security Catalyst Community over the past 1+ year.
I love coming to these conferences and just talking with the participants. There is always at least one topic for which I receive enlightenment that I had not considered before. During the past few days I’ve spoken with 4 to 5 people who are responsible for information security, all from highly regulated industries, who all say despite their adequate to even generous information security and privacy budgets, some of their most important information security and privacy efforts are being quashed by their corporate communications offices; those responsible for the messages that are sent to personnel throughout the enterprise.
P2P Security Study Released
Monday, April 28th, 2008Do We REALLY Need Doctors To Do Consultations Via Email?
Friday, April 25th, 2008A few months ago I had some lively back-and-forth blog postings with a doctor who used email and instant messaging (IM) a lot in his practice; here, here and here.
Today my good friend Alec forwarded me another interesting news article (thanks Alec!) about the use of email by doctors; “It’s no LOL: Few US doctors answer e-mails from patients.”
Smart Business Leaders Support Effective Log Management Practices and Necessary Resources
Thursday, April 24th, 2008The second article in this month’s IT Compliance in Realtime Journal is, “Smart Business Leaders Support Log Management.”
I wrote this with an audience of information security and privacy personnel, along with IT managers, in mind.
Download the formatted PDF version to get the full content, not to mention a nicer looking document.
Here is the unformatted version…
My Information Security and Privacy Convergence Webcast Now Available
Wednesday, April 23rd, 2008Yesterday the ISSA posted on their website a free webcast I did, “Information Security and Privacy Convergence”
Here is the synopsis…
Improve Program Change Controls To Reduce Incidents
Monday, April 21st, 2008Recently in my Norwich MSIA class we were discussing the importance of program change controls, and I wanted to continue the discussion here because as important as it is, it typically does not get the attention it deserves in most organizations.
Improve Program Change Controls To Reduce Incidents
Monday, April 21st, 2008Recently in my Norwich MSIA class we were discussing the importance of program change controls, and I wanted to continue the discussion here because as important as it is, it typically does not get the attention it deserves in most organizations.
Revisiting Online Medical Information Storage Houses Points To Consistent Need For *1* Federal Privacy Law
Thursday, April 17th, 2008Last fall I blogged about Microsoft’s HealthVault, “Why Would You Trust Microsoft To Store Your Sensitive Health Information?”
It didn’t take long before Google got in on the game.
Today an interesting story ran in the New York Times, “Warning on Storage of Health Records” that also points out the concerns with having huge amounts of health information stored in some mega-multi-services-products types of monolith company. The issues are the same for any organization storing such information, though; but putting health information in the same corporate systems that contain the records of billions of people really open up quite a Pandora’s box of privacy breach possibilities.
Here are some excerpts from the news story that make some good points…
