Posts Tagged ‘Information Security’

« Older Entries
Newer Entries »

One Word Makes A World Of Difference…To Auditors and To Practitioners

Monday, April 7th, 2008

I want to continue the discussion I started yesterday.
Is there a difference between “log management” and a “log management system”?

(more…)

Tags:, , , , , , , , , , , , ,
Posted in Information Security, Privacy and Compliance | No Comments »

Misquotes and Misinformation on PCI DSS Log Management

Sunday, April 6th, 2008

I always invite feedback and comments about my articles and books. I like to know what people have found useful as well as hear how I can improve upon my writing and see if there is any more information I could have added or expanded upon.
So, I was interested to see that Dr. Anton Chuvakin read one of my recent PCI DSS logging compliance papers and posted to his blog about it.
However, he made a significant misquote and provided misinformation, which provide good topics for discussion…

(more…)

Tags:, , , , , , , , , , , , ,
Posted in Privacy and Compliance | 2 Comments »

Going Topless…I Like It!

Thursday, April 3rd, 2008

A few weeks ago I was at a meeting for a professional organization I belong to, giving a talk about privacy breach response, and the audience was great; around 40 in attendance, all visibly listening and interested and participating. I love to look and see everyone’s faces as I am talking; seeing if they are confused, in agreement, or otherwise are reacting to the ideas and recommendations I am talking about.
I was around 20 minutes into my talk when someone’s cell phone started ringing…playing a John Phillip Sousa march. LOUDLY. I kept talking, and everyone was still listening…trying to listen…but the darn phone kept playing! People then started looking around…and finally I stopped and said, “Does someone need to get that?” One of the folks then reached down and answered it; and then left the room. Quite an unnecessary interruption.

(more…)

Tags:, , , , , , , , , , , , , , ,
Posted in Training & awareness | 2 Comments »

Risks & Compliance: Giving Personnel Access to Their Own, And Coworkers’, Records is Generally a Bad Idea

Wednesday, April 2nd, 2008

I get several questions from folks about various information security, privacy and compliance issues. I answer all I can. Most of them are great, thought-provoking questions that help to spawn a nice discussion!
I recently got a very good and interesting question from a healthcare provider that all organizations really need to put some thought into. With this in mind, the following is the de-identified message I recieved, along with my slightly edited reply…

(more…)

Tags:, , , , , , , , ,
Posted in Privacy and Compliance | No Comments »

Using PCI DSS-Compliant Log Management to Identify Insider Access Abuse

Tuesday, April 1st, 2008

Today I just finished writing the last of a three paper series, “The Essentials Series: PCI Compliance,” in which I discuss and demonstrate three ways in which meeting the PCI DSS requirements for logging also benefits businesses by putting into place log management practices that:

(more…)

Tags:, , , , , , , , ,
Posted in Information Security, Privacy and Compliance | No Comments »

This Is Business Continuity Awareness Week!

Sunday, March 30th, 2008

Business Continuity Awareness Week (BCAW) is March 31st – April 4; at least it is in the UK and throughout Europe.
Business Continuity Awareness Week in Australia is the week from Monday, April 28th – Friday, May 2nd.

(more…)

Tags:, , , , , , , , ,
Posted in Information Security | 1 Comment »

Employee Fined $13,096 for Drunken Hacking

Friday, March 28th, 2008

Dan Swanson sent me this news story (thanks Dan!), which gave me a chuckle…
Employee Fined $13,000 for Drunken Hacking
A rather interesting part of his judgment:

(more…)

Tags:, , , , , , , ,
Posted in Information Security, Miscellaneous | No Comments »

Who Had The Brilliant Idea To Outsource U.S. Passports?

Thursday, March 27th, 2008

Okay, after the recent passport files snooping debacle I found today’s news story, “Outsourcing passports ‘profound liability’” very ironic and concerning.
Not only for the reported huge waste of taxpayers’ dollars, but also for the security risks…

(more…)

Tags:, , , , , , , , , ,
Posted in government, Information Security | 2 Comments »

The Benefits of a Privacy Ombudsman

Wednesday, March 26th, 2008

The folks from Cutter just notified me that an excerpt from a recent article I wrote, “Learning from a Privacy Ombudsman: A Case Study to Establish a Healthcare Services Ombudsman,” will soon be featured in the “Quote of the Day” section of the Cutter Web site.
Here’s the excerpt…

(more…)

Tags:, , , , , , , , ,
Posted in Miscellaneous, Privacy and Compliance | No Comments »

Yet Another Stolen Laptop With Clear Text Patient PII

Tuesday, March 25th, 2008

Yet another in a long procession of laptop thefs, “Stolen laptop contains personal info of 2,500 patients“.
Here are the first few paragraphs…

(more…)

Tags:, , , , , , , , , , , , ,
Posted in Lost & Stolen Laptops, Privacy Incidents | 1 Comment »

« Older Entries
Newer Entries »