Posts Tagged ‘electronic mail’

Newer Entries »

Not Providing Education Is *THE* Dumbest Idea for Information Security and Privacy Efforts

Monday, August 6th, 2012

Every year or so, an otherwise smart information security professional publishes some really bad information security advice about how awareness and training is a waste of time and money. The latest proclamation at CSO Online has generated a small bit of a firestorm since it was published. 

As time goes on, and more and more information security incidents and privacy breaches occur, and more information is put into the hands, and care, of more and more end-users who have no background in information security or privacy, such statements are simply bad, bad, bad advice. Making such statements also makes it harder for information security and privacy pros to do their job as effectively as possible when business leaders believe such hogwash and then wind up cut funding for information security and privacy education as a result.  I’ve been in the information security and privacy compliance profession for a very long time, have built such programs and assisted many organizations in building theirs, and I could fill a book with examples of how training and awareness activities have improved their information security and privacy efforts and outcomes.  Others in this profession with hands one responsibilities for the full lifecycle of information protection could also write their own books with such examples.

I wrote a blog post about this topic in 2009, and now is a good time to write another and point out that there is greater need than ever before for organizations, of all sizes, to make the comparatively small investment in information security and privacy education for their workers.

5 flawed arguments against information security and privacy education (more…)

Tags:, , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Laws & Regulations, Training & awareness | 4 Comments »

Messaging Mishaps Have Collateral Damage

Thursday, August 2nd, 2012

A few weeks ago I wrote about recent situation in which the Des Moines public school system superintendent’s career was brought to a standstill (it is yet to see whether it is temporary or permanent) by using the public school email system to exchange 115 personal messages, and including at least 40 cases sexually explicit messages, with her lover, married with children highly decorated Army Captain Hintz.  Since that time he has been fired from his position as head of Army Recruiting Command, a Des Moines-based recruiting company.  So not only was one person’s misuse of her employer’s email system the cause of her own career downward detour, it also has had ripple effects and derailed the career of the man who was corresponding with her, and likely also further ripples out to damage his family.

More privacy and security lessons

In addition to the lessons from my earlier post, this provides additional lessons: (more…)

Tags:, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in privacy, Training & awareness | No Comments »

Messaging Misjudgment Kills Careers

Monday, June 18th, 2012

June 22 update to this topic: Today the judge refused to block the release of the emails as Sebring and her lover requested. See http://www.desmoinesregister.com/article/20120622/NEWS/120622012/Judge-announces-decision-on-Sebring-email-release

In the past few weeks the use of emails at work has been in the news a lot in central Iowa, and the news quickly spread around the globe because of the sex and intrigue involved.  Basically, approximately four months before the end of school, the Des Moines Superintendent of Schools at the time, Dr. Sebring, started sending what would end up being over 40 very personal and sexually explicit messages to

(more…)

Tags:, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in Information Security, Training & awareness | 4 Comments »

Newer Entries »