Posts Tagged ‘Information Security’

New HIPAA Security Information on the CMS website

Tuesday, February 26th, 2008

I just got a notice from the U.S. Department of Health and Human Services (HHS)…
New HIPAA Security Information on the CMS website

(more…)

Great Information Security and Awareness Event Coming In April

Tuesday, February 26th, 2008

There’s a great information security and privacy awareness event coming up, Internet Safety Night on April 23, 2008, 6:30-8:30 p.m.

(more…)

Have You Reviewed the FTC’s Proposed Privacy Principles Yet?

Monday, February 25th, 2008

If you are responsible for information security or privacy at your organization, and your organization does marketing, here is something you need to know about and discuss with your marketing folks. I blogged about this in December.

(more…)

Example privacy breach response plan

Sunday, February 24th, 2008

Too few organizations are prepared to respond to a privacy breach when it happens. Too many naively believe a privacy breach will not happen to them.
It is helpful to look at existing privacy breach notice plans when creating your own. The U.S. government agencies actually provide some good plans you can use as examples.

(more…)

Educational Security Incidents Year in Review 2007

Thursday, February 21st, 2008

Since I’m talking about “The Anatomy of a Privacy Breach” at Berkeley today, I thought it would be timely to point out a great resource that details the very many privacy breaches that occur within colleges and universities.

(more…)

The Anatomy of a Privacy Breach

Wednesday, February 20th, 2008

Today I’m flying from the very frigid sub-zero temps of Iowa out to the University of California at Berkeley. I was invited to give a lecture, and considering the ongoing increase in privacy breaches, I chose to talk about “The Anatomy of a Privacy Breach.”

(more…)

Insider Threat: Ex-Employee Takes Files To New Employer

Tuesday, February 19th, 2008

Here’s a good article for your files, and to point out to your legal counsel to point out the very real insider threat to information security and privacy…
A Massachusetts trial court recently ruled that the unauthorized transfer of electronic files is actionable as a conversion under Massachusetts’ common law.

(more…)

Have You Looked In Your Trash Bins Lately?

Monday, February 18th, 2008

It shouldn’t still amaze me, but it does, how often so many organizations just dump huge amounts of printed paper containing tons of personally identifiable information (PII) right into their dumpster sitting behind their building, in the alley, or some other easily reachable public location.
Here’s yet another example of a business throwing away people’s privacy in their trash dumpster…

(more…)

Identity Theft #1 Consumer Fraud Complaint To FTC in 2007

Friday, February 15th, 2008

This week the FTC released the list of the top 20 consumer fraud complaints they received in 2007.
Not surprisingly, identity theft topped their list, accounting for 32% of all the complaints.

(more…)

New Best Practices Guide For Building Secure Software

Thursday, February 14th, 2008

Many information security incidents and privacy breaches occur as a result of exploiting vulnerabilities in poorly engineered applications and systems.
It is good to see more articles and information about how to build security into applications from the very inception of a project, and continue it through the entire applications and systems lifecycle.

(more…)