Yesterday the British North American Committee (BNAC) and the Atlantic Council of the United States (a U.S. sponsor of the Committee) announced the release of a new study, “Cyber Attack: A Risk Management Primer for CEOs and Directors.”
It is important for business leaders to understand information security and privacy risks better. It is important for information security and privacy professionals to put forth effort to raise CEO understanding of information security and privacy issues. Understanding and acting upon the risks are important for the health of the business, and CEOs must understand HOW information security and privacy relate to business.
Posts Tagged ‘awareness and training’
New Report Provides Great Information Security Information To Give To CEOs
Thursday, December 13th, 2007Domain Name Issues And Related Business Risks
Wednesday, December 12th, 2007I have learned a lot about domain name maintenance and management issues over the past week! As a follow-up to my blog post yesterday, I have since discovered that as a result of a divestiture *two* registrars claim control of my domain (that I created and have owned and used since 2002); one in Australia has primary control, and the one I have always communicated with in Washington state has secondary control…I never knew this before.
Domain Name Maintenance and Customer Service Lessons
Tuesday, December 11th, 2007Over the past several days I feel as though I’ve been part of a Lemony Snicket book.
I’ve had domain registration problems for rebeccaherold.com that are still in the process of being resolved (<<those of you who sent emails to my rebeccaherold@rebeccaherold.com address, it may be another day or two before it works, but yes, I’m still here!)…my notebook computer mouse key went haywire…and today I lost my Internet connection (a wireless tower and wireless dish antennas don’t work well under a 2″ layer of ice and another few inches of snow on top of that) and I’m using my 24k dial-up. Hopefully the electricity is not next to go…
FDIC Releases Updated IT Officer’s Risk Management Program Questionnaire
Monday, December 10th, 2007Last week the U.S. Federal Deposit Insurance Corporation (FDIC) released an updated version of their IT officer’s risk management program questionnaire for banks and financial organizations to use to prepare for regulator audits.
Information security, privacy and IT pros in all types of organizations can benefit by looking through the questionnaire, even if they are not in a regulated industry. Auditors of all types often take such questionnaires and modify them for their use, so if internal or external auditors are looking at your IT risk management program, chances are they will be looking for similar types of information.
FTC Settlement For Marketing Via Pop-up Ads: Lessons For All Marketers Regarding Consent & Consumer Complaints
Sunday, December 9th, 2007I like to keep my eye on the FTC site; they are very active in catching businesses violating the U.S. FTC Act by practicing unfair and deceptive business practices, particularly via the Internet. They really demonstrate the need for privacy and information security professionals to stay on top of what their business units and marketing areas are doing with regard to contacting consumers, forcing ads upon them, and gathering information from them.
And The Award For Best Email Security Awareness Film of 2007 Goes To…
Friday, December 7th, 2007I’ve been seeing a ton of articles and blog postings for the “Best Security <Whatever> of 2007,” “Worst Security Exploits of 2007,” “Security Projections for 2008” and so on in the past few weeks.
Well, I’ve got my own “Best of” award to give for 2007!
None of the best of or worst of postings or articles that I have seen have covered information security and privacy awareness, even though most information security incidents and privacy breaches occur as a result of humans…human error, lack of knowledge or malicious intent.
And The Award For Best Email Security Awareness Film of 2007 Goes To…
Friday, December 7th, 2007I’ve been seeing a ton of articles and blog postings for the “Best Security <Whatever> of 2007,” “Worst Security Exploits of 2007,” “Security Projections for 2008” and so on in the past few weeks.
Well, I’ve got my own “Best of” award to give for 2007!
None of the best of or worst of postings or articles that I have seen have covered information security and privacy awareness, even though most information security incidents and privacy breaches occur as a result of humans…human error, lack of knowledge or malicious intent.
Be Aware: Court Ruling Allows Circumstantial Evidence In Court Case Against Company That Experienced Privacy Breach
Thursday, December 6th, 2007So many times…actually almost every time…a privacy breach occurs the company that experienced the breach makes a public statement similar to, “We have no evidence that the personal information has been used fraudulently” or “We do not believe the information stolen will be used for identity theft.”
Why do companies so often make this statement? Because their lawyers know that it will be hard, if fraud and crime occurs using the compromised personally identifiable information (PII), to directly tie the breach to such fraud crimes.
Be Aware: Court Ruling Allows Circumstantial Evidence In Court Case Against Company That Experienced Privacy Breach
Thursday, December 6th, 2007So many times…actually almost every time…a privacy breach occurs the company that experienced the breach makes a public statement similar to, “We have no evidence that the personal information has been used fraudulently” or “We do not believe the information stolen will be used for identity theft.”
Why do companies so often make this statement? Because their lawyers know that it will be hard, if fraud and crime occurs using the compromised personally identifiable information (PII), to directly tie the breach to such fraud crimes.
California Privacy Breach Law Changes Go Into Effect January 1, 2008: Redefines & Broadens “Personal Information” Definition
Wednesday, December 5th, 2007California’s privacy breach notification law SB1386 started the ball rolling with regard to what is now at least 40 U.S. states, including the District of Columbia, that have breach notice laws. Most of the subsequent state laws largely based theirs upon SB1386, including how the law defines “personal information.”
Effective January 1, 2008, the definition of “personal information” changes when AB1298 goes into effect in California.
