Posts Tagged ‘CSI’

Legal Requirements for Information Security and Privacy Awareness and Training

Wednesday, March 30th, 2011

Earlier today following my online seminar, “Effective Training and Awareness: The Key to Information Security Success”  (http://gocsi.com/Training2011/OD/Awareness), I received the following question: 

 Where might I locate a summary breakdown of training regulations by industry? i.e. Pharma 

(more…)

How To Do Privacy Impact Assessments

Monday, September 21st, 2009

Last week I was very fortunate to be able to speak at the IAPP Privacy Academy in Boston…

(more…)

Web 2.0 Security, Privacy & Policies

Friday, October 24th, 2008

Since 2000 I’ve been writing a monthly column for the Computer Security Institute (CSI) Alert publication…

(more…)

Information Security and Privacy Convergence and Collaboration

Monday, October 6th, 2008

Effectively addressing and coordinating privacy and information security initiatives has moved to the top of the list for companies maintaining customer and employee information. However, there are often gaps in communication and collaboration between Privacy and Information Security activities.
These gaps create more complexity and bigger challenges for companies to handle, as well as putting the organization at greater risk for incidents, along with contractual and regulatory noncompliance.

(more…)

Information Security and Privacy Areas MUST Collaborate For Their Initiatives To Be Effective

Friday, March 14th, 2008

For the past several years I have written often, and given much training, to demonstrate and emphasize the need for information security and privacy areas to collaborate in their efforts. There are just too many topic overlaps between the two areas to NOT work together cooperatively.
Effectively addressing and coordinating Privacy and Information Security initiatives has moved to the top of the list for companies maintaining customer and employee information. However, there are often gaps in communication and collaboration between Privacy and Information Security activities.

(more…)

On The Internet, If It Looks, Quacks and Walks Like a Duck, Is It *REALLY* a Duck?

Wednesday, June 20th, 2007

I am a great believer of performing due diligence to ensure potential new hires have no deceptive or malicious skeletons in their past that may be reincarnated after they have been hired and entrusted with access to sensitive information and supporting resources. There are appropriate times organizations should do criminal background checks, education checks, and other checks as appropriate and legal for the position being filled and the location of the facility.

(more…)

Greetings from Arizona!

Tuesday, June 12th, 2007

Is it Tuesday already? I’ve lost track of the days…I’ve been here at the CSI NetSec conference since Friday, giving Chris Grillo’s and my “Handling Complex and Difficult Information Security and Privacy Issues” pre-conference seminar on Saturday and Sunday.
We had 16 outstanding participants from a wide range of industries, including government, technology, and retail, just to name a few. I love having this variety; it leads to very good discussions and increased understanding of what information assurance practitioners are dealing with. Thanks again to those of you who attended; your interaction was fantastic!

(more…)

Avoid Some Common Email Pitfalls

Friday, June 8th, 2007

There are increasing reports of email misuse, malicious use, mistaken use, and just plain bad implementations of email systems that allow the many outside threats and desperado insiders to exploit vulnerabilities.
It is most common for information assurance pros to be fairly diligent in trying to keep malware out of the enterprise network through scanning and filtering emails, and it is good to see that it is also becoming a growing trend to try and prevent sensitive data from leaving the enterprise, “leaking” is the current buzzword of choice, by using scanning and encryption. However, there are many other email mishaps and business damage that can occur through the use, or misuse, of email that can have negative business impact and legal implications.

(more…)

Handling Complex and Difficult Privacy and Information Security Issues

Wednesday, May 30th, 2007

Only 10 more days until my 2-day seminar, “Handling Complex and Difficult Privacy and Information Security Issues” in Scottsdale, Arizona on June 9th and 10th (Saturday and Sunday)!

(more…)

Information Security and Privacy Professionals Must Partner on Over 15…no wait…Over 20 Different Enterprise Issues

Wednesday, May 16th, 2007

Not too long ago I blogged about the need for information security and privacy professionals to work together to address safeguarding sensitive and personally identifiable information (PII). Within it I talked about how a workshop Chris Grillo and I created and give, “Handling Complex and Difficult Privacy and Information Security Issues,” discusses over 15 common issues that these professionals need to partner on.

(more…)