Posts Tagged ‘DHS’
Wednesday, October 22nd, 2008
Tags:awareness and training, DHS, Information Security, IT compliance, IT training, Michael Chertoff, policies and procedures, privacy training, risk management, security training
Posted in Information Security | No Comments »
Friday, January 11th, 2008
I just read this and found the implication that folks over 50 years of age are not terrorist threats rather odd.
Today the U.S. Department of Homeland Security released some new rules related to READ ID.
(more…)
Tags:awareness and training, DHS, Information Security, IT compliance, personal privacy, personally identifiable information, PII, policies and procedures, privacy, REAL ID, risk management, security awareness, terrorist
Posted in government | 1 Comment »
Sunday, November 18th, 2007
Early this year I did a data flow analysis for I-9 compliance, and I blogged a few months ago about I-9 related issues in “New Tennessee Law Prohibits Using Federal Individual Taxpayer ID as Proof of Immigration Status.”
I-9 compliance issues impact many areas of an organization. However, within most organizations many areas, such as IT and information security, are not aware of the I-9 compliance issues and unknowingly put the company at noncompliance jeopardy. Compliance with any law or regulation that involves personally identifiable information (PII) usually require the involvement of legal, IT and information security areas.
(more…)
Tags:awareness and training, DHS, employment issues, I-9 forms, Illegal Immigration Reform and Immigrant Responsibility Act of 1996, Information Security, IT compliance, policies and procedures, privacy, risk management, security risk, security training, social security numbers, SSN, U.S. Citizenship and Immigration Services
Posted in Laws & Regulations | 3 Comments »
Sunday, November 18th, 2007
Early this year I did a data flow analysis for I-9 compliance, and I blogged a few months ago about I-9 related issues in “New Tennessee Law Prohibits Using Federal Individual Taxpayer ID as Proof of Immigration Status.”
I-9 compliance issues impact many areas of an organization. However, within most organizations many areas, such as IT and information security, are not aware of the I-9 compliance issues and unknowingly put the company at noncompliance jeopardy. Compliance with any law or regulation that involves personally identifiable information (PII) usually require the involvement of legal, IT and information security areas.
(more…)
Tags:awareness and training, DHS, employment issues, I-9 forms, Illegal Immigration Reform and Immigrant Responsibility Act of 1996, Information Security, IT compliance, policies and procedures, privacy, risk management, security risk, security training, social security numbers, SSN, U.S. Citizenship and Immigration Services
Posted in Laws & Regulations | 1 Comment »
Thursday, September 27th, 2007
Scanning the news this morning, this CNN headline caught my eye, “Mouse click could plunge city into darkness, experts say”
The first sentence is compelling:
(more…)
Tags:Aurora, awareness and training, Department of Energy, DHS, Information Security, IT compliance, policies and procedures, risk management, SDLC, security testing
Posted in government, Information Security | No Comments »
Monday, August 20th, 2007
The new U.S. Social Security number (SSN) No Match Rule was published August 15 in the Federal Register. You can also see it here.
This new regulation provides directives for the letters the U.S. Social Security Administration (SSA) issues to employers when the SSA discovers that an SSN does not match the information provided by the employer.
(more…)
Tags:awareness and training, Department of Homeland Security, DHS, Information Security, IT compliance, no match letter, no match rule, PII, policies and procedures, privacy, risk management, social security administration, social security number, SSA, SSN
Posted in Laws & Regulations, Privacy and Compliance | 1 Comment »
Wednesday, August 15th, 2007
I am a huge proponent of privacy impact assessments (PIAs); basically risk assessments for privacy. PIAs can reveal gaps in privacy practices, along with the information security practices used to protect privacy. They are important and effective exercises for all organizations that handle personally identifiable information (PII).
(more…)
Tags:awareness and training, Department of Homeland Security, DHS, Information Security, IT compliance, personally identifiable information, PIA, PII, policies and procedures, privacy, privacy impact assessment, risk management
Posted in Privacy and Compliance | 1 Comment »
Sunday, June 3rd, 2007
I recently did a very interesting project doing a data flow analysis and risk assessment of I-9 documents processing for a large multi-national company.
(more…)
Tags:awareness and training, DHS, employee law, government, HR, I-9 documents, Information Security, IT compliance, Phil Bredesen, policies and procedures, privacy, risk management, social security number, state law, taxpayer identification number, Tennessee
Posted in government, Laws & Regulations | No Comments »
Saturday, June 2nd, 2007
This week there has been much talk in the U.S. news about how Andrew Speaker, the now notorious TB patient (more specifically extensively drug-resistant tuberculosis, or XDR-TB), apparently very easily circumvented security controls to come back into the U.S. via Canada.
My heading is a paraphrase of a longer quote I really like from Charles Schumer that he made about this incident, but that also applies very nicely to all information security practices.
(more…)
Tags:awareness and training, corporate governance, DHS, Information Security, IT compliance, policies and procedures, privacy, risk management, Schumer, Speaker
Posted in government, Information Security, Privacy and Compliance, Training & awareness | 1 Comment »
Tuesday, May 8th, 2007
Tags:awareness and training, data protection, DHS, government, Information Security, IT compliance, policies and procedures, privacy, REAL ID
Posted in government, Laws & Regulations, Privacy and Compliance | 1 Comment »
