At the end of July, Twitter suspended the account of Guy Adams, a reporter for the UK’s Independent, after he posted the corporate email address of Jim Bell, Producer of NBC Olympics, and said less than flattering things about his expectations for how NBC would do in their Olympics coverage. Adams reportedly claimed that he felt the email account was open to public use since it showed up in Google search results. However, privacy concerns were widely expressed over his decision to share the executive’s contact details, and thus his account was suspended. Apparently NBC complained, Twitter listened, and Guy’s account was shut down. After a bit of hullabaloo, Twitter then changed heart and re-activated his Twitter account. I received several great questions related to this, collectively boiling down to the following five: (more…)
Posts Tagged ‘CSO Online’
Not Providing Education Is *THE* Dumbest Idea for Information Security and Privacy Efforts
Monday, August 6th, 2012Every year or so, an otherwise smart information security professional publishes some really bad information security advice about how awareness and training is a waste of time and money. The latest proclamation at CSO Online has generated a small bit of a firestorm since it was published.
As time goes on, and more and more information security incidents and privacy breaches occur, and more information is put into the hands, and care, of more and more end-users who have no background in information security or privacy, such statements are simply bad, bad, bad advice. Making such statements also makes it harder for information security and privacy pros to do their job as effectively as possible when business leaders believe such hogwash and then wind up cut funding for information security and privacy education as a result. I’ve been in the information security and privacy compliance profession for a very long time, have built such programs and assisted many organizations in building theirs, and I could fill a book with examples of how training and awareness activities have improved their information security and privacy efforts and outcomes. Others in this profession with hands one responsibilities for the full lifecycle of information protection could also write their own books with such examples.
I wrote a blog post about this topic in 2009, and now is a good time to write another and point out that there is greater need than ever before for organizations, of all sizes, to make the comparatively small investment in information security and privacy education for their workers.
5 flawed arguments against information security and privacy education (more…)