Posts Tagged ‘DHS’

DHS Secretary Chertoff Calls For Better Computer Security

Wednesday, October 22nd, 2008

It is good to start seeing more urgency place upon information security by the various government agencies.
As an example, last week U.S. Homeland Security Secretary Michael Chertoff spoke at the U.S. Chamber of Commerce emphasized the need for increased cooperation between industry and government to secure the nation’s computer systems.
Here’s an excerpt from one of the news reports about the speech…

(more…)

Terrorists Over 50 Don’t Fly According To The DHS

Friday, January 11th, 2008

I just read this and found the implication that folks over 50 years of age are not terrorist threats rather odd.
Today the U.S. Department of Homeland Security released some new rules related to READ ID.

(more…)

Personnel Privacy, New I-9 Forms, Removal of SSN Requirements and IT Involvement

Sunday, November 18th, 2007

Early this year I did a data flow analysis for I-9 compliance, and I blogged a few months ago about I-9 related issues in “New Tennessee Law Prohibits Using Federal Individual Taxpayer ID as Proof of Immigration Status.”
I-9 compliance issues impact many areas of an organization. However, within most organizations many areas, such as IT and information security, are not aware of the I-9 compliance issues and unknowingly put the company at noncompliance jeopardy. Compliance with any law or regulation that involves personally identifiable information (PII) usually require the involvement of legal, IT and information security areas.

(more…)

Personnel Privacy, New I-9 Forms, Removal of SSN Requirements and IT Involvement

Sunday, November 18th, 2007

Early this year I did a data flow analysis for I-9 compliance, and I blogged a few months ago about I-9 related issues in “New Tennessee Law Prohibits Using Federal Individual Taxpayer ID as Proof of Immigration Status.”
I-9 compliance issues impact many areas of an organization. However, within most organizations many areas, such as IT and information security, are not aware of the I-9 compliance issues and unknowingly put the company at noncompliance jeopardy. Compliance with any law or regulation that involves personally identifiable information (PII) usually require the involvement of legal, IT and information security areas.

(more…)

DHS Exploding Generator Shows Dire Need For Better Computer Security

Thursday, September 27th, 2007

Scanning the news this morning, this CNN headline caught my eye, “Mouse click could plunge city into darkness, experts say
The first sentence is compelling:

(more…)

Social Security Number No Match Rule: Employers Will Need to Prove Compliance

Monday, August 20th, 2007

The new U.S. Social Security number (SSN) No Match Rule was published August 15 in the Federal Register. You can also see it here.
This new regulation provides directives for the letters the U.S. Social Security Administration (SSA) issues to employers when the SSA discovers that an SSN does not match the information provided by the employer.

(more…)

U.S. Dept. of Homeland Security Makes 14 Privacy Impact Assessments Available

Wednesday, August 15th, 2007

I am a huge proponent of privacy impact assessments (PIAs); basically risk assessments for privacy. PIAs can reveal gaps in privacy practices, along with the information security practices used to protect privacy. They are important and effective exercises for all organizations that handle personally identifiable information (PII).

(more…)

New Tennessee Law Prohibits Using Federal Individual Taxpayer ID as Proof of Immigration Status

Sunday, June 3rd, 2007

I recently did a very interesting project doing a data flow analysis and risk assessment of I-9 documents processing for a large multi-national company.

(more…)

If People Aren’t Trained The Best Security Will Go For Naught

Saturday, June 2nd, 2007

This week there has been much talk in the U.S. news about how Andrew Speaker, the now notorious TB patient (more specifically extensively drug-resistant tuberculosis, or XDR-TB), apparently very easily circumvented security controls to come back into the U.S. via Canada.
My heading is a paraphrase of a longer quote I really like from Charles Schumer that he made about this incident, but that also applies very nicely to all information security practices.

(more…)

Deadline is Today for Submitting Comments to the DHS About Draft REAL ID Rules

Tuesday, May 8th, 2007

The Department of Homeland Security (DHS) published draft rules regarding REAL ID. Comments are due by 5:00 PM Eastern Time *TODAY*.

(more…)