Posts Tagged ‘insider threat’
Tuesday, September 1st, 2015
I started my career as a systems engineer at a large multinational financial and healthcare corporation. I was responsible for creating and maintaining the applications change management system. The purpose of the system was to ensure that after the programmer finished coding, the code could be moved, with the approval of the manager, to a different area to test. After testing was complete it would be moved back to the development area if changes were needed, or a different manager would approve it to be moved to the live/production area for widespread use.
By requiring different individuals/roles other than the programmer (who did her own testing while creating the program) to test the program, it accomplished two primary goals: (more…)
Tags:Dell, fraud, hot lotto, Information Security, insider threat, IT compliance, policies and procedures, power more, privacy, privacy professor, privacyprof, risk management, root kit, security awareness, security training Rebecca Herold, toprank
Posted in Information Security | No Comments »
Tuesday, May 12th, 2015
The expanding use of smart gadgets in the Internet of Things (IoT) is creating many more privacy risks than ever before encountered. Many businesses are also (finally!) starting to address privacy. And interest in how to establish privacy programs and how to perform privacy impact assessments (PIAs) to identify privacy risks are increasing. The privacy risks to the business that can occur include such things as: (more…)
Tags:Dell, employee, future ready, high tech, Information Security, insider threat, Internet of Things, IoT, mobile working, PIA, policies, powermore, privacy, privacy harm, privacy impact assessment, privacy professor, privacy risk, privacyprof, procedures, Rebecca Herold, risk management, toprank
Posted in PIA, privacy | No Comments »
Friday, May 8th, 2015
What does the past teach us about how to #befutureready in BYOD?
During the last half of the 1990s there was concern for the growing use of employees’ own home desktop computers to dial-in to the corporate network from home. Thousands of articles and hundreds of conference sessions discussed the associated risks, and then how to mitigate them through documented policies and the use of new tools. Soon after 2000 passed the concerns expanded to employees using their personally owned laptops, not only outside of the office, but even bringing them into the facilities to use instead of the corporate-issued computers. Thousands more articles, and hundreds more conference sessions discussed how to address the risks. (more…)
Tags:befutureready, cybersecurity, Dell, employee, future ready, high tech, Information Security, insider threat, Internet of Things, mobile working, policies, privacy, privacy professor, privacyprof, procedures, Rebecca Herold, risk management, toprank
Posted in Information Security, Miscellaneous | No Comments »
Friday, May 31st, 2013
Last week one of my Compliance Helper clients that is a health insurance company asked me the following question (slightly modified to protect their identity):
For the past two years, we have tried to get business associate (BA) Agreements from some of our BAs. They will not (more…)
Tags:audit, awareness, BA, BA Agreement, BA contract, breach, business associate, compliance, customer service, data protection, e-mail, electronic mail, email, employees, employment, exception management, facebook, FINRA, HIPAA, hiring, HITECH, HR, human resources, IBM, Information Security, information technology, infosec, insider threat, insider trading, IT security, job applicants, messaging, midmarket, monitoring, non-compliance, personal information, personally identifiable information, personnel, PHI, PII, policies, policy exception, policy management, privacy, privacy breach, privacy laws, privacy professor, privacyprof, Rebecca Herold, Red Flags, risk, risk assessment, risk management, security, sensitive personal information, social media, social network, SPI, surveillance, systems security, training, twitter, walk through
Posted in BA, BA and Vendor Management | No Comments »
Wednesday, May 1st, 2013
A new data breach research report is out, and it is a good read. This is the annual Experian/Ponemon Institute “Is Your Company Ready for a Big Data Breach?” report. I want to focus on one of the findings in that report; that most organizations are not willing to assist those affected by a breach of their personal information. (more…)
Tags:audit, awareness, breach, breach notice, breach study, compliance, customer service, data protection, e-mail, electronic mail, email, employees, employment, Experian, facebook, FINRA, HIPAA, hiring, HITECH, HR, human resources, IBM, Information Security, information technology, infosec, insider threat, insider trading, IT security, job applicants, messaging, midmarket, monitoring, non-compliance, personal information, personally identifiable information, personnel, PHI, PII, policies, policy management, ponemon, privacy, privacy breach, privacy laws, privacy practice, privacy professor, privacyprof, Rebecca Herold, Red Flags, risk, risk assessment, risk management, security, sensitive personal information, social media, social network, SPI, surveillance, systems security, training, twitter, walk through
Posted in Privacy and Compliance, Privacy Incidents | No Comments »
Monday, April 29th, 2013
Allowing Wall Street privacy law exemption is crazy! Why, you ask? Why, I’m happy to explain. In March, 2012, I wrote “6 Good Reasons NOT To Ask for Facebook Passwords“. Since that time legislation prohibiting employers from requiring access to their employees’ protected areas of their social media accounts has been introduced or is pending in at least 35 states. Three states–Arkansas, New Mexico and (more…)
Tags:audit, awareness, breach, compliance, data protection, e-mail, electronic mail, email, employees, employment, exception management, facebook, FINRA, hiring, HR, human resources, IBM, Information Security, information technology, infosec, insider threat, insider trading, IT security, job applicants, messaging, midmarket, monitoring, non-compliance, personal information, personally identifiable information, personnel, PHI, PII, policies, policy exception, policy management, privacy, privacy breach, privacy laws, privacy professor, privacyprof, Rebecca Herold, Red Flags, risk, risk assessment, risk management, security, sensitive personal information, social media, social network, SPI, surveillance, systems security, training, twitter, walk through
Posted in Laws & Regulations, privacy | No Comments »
Wednesday, February 2nd, 2011
I’ve been getting a lot more questions about HIPAA and HITECH lately from folks I’ve never met, but who have concerns about the security and privacy of their health information (“protected health information” or “PHI” as referenced within HIPAA/HITECH), businesses that are trying to understand how to protect PHI according to the regulatory requirements, and a growing number who express frustration with the unsecure ways in which clients, customers, patients and business partners are sharing information with them. There just are not enough hours in the day to answer them all, but I decided I’d start sharing some of the questions, and my corresponding answers, that seem to be topics that a wide range of readers may be interested in.
I was recently contacted by someone who had a question about a recent HIPAA complaint against Rowan Regional Medical Center (more…)
Tags:awareness, healthcare, HHS, HIPAA, HITECH, hospital, Information Security, insider threat, OCR, PHI, privacy, Rebecca Herold, Rowan Regional Medical Center, training
Posted in healthcare, HIPAA, HITECH, Information Security, Laws & Regulations, privacy, Privacy and Compliance, Privacy Incidents, Training & awareness | 2 Comments »
Thursday, June 18th, 2009
I read a story about a city government agency actually asking job applicants to provide their IDs and passwords for any online social networking type of site they participate in…
(more…)
Tags:awareness and training, Bozeman, Information Security, insider threat, IT compliance, IT training, personal privacy, policies and procedures, privacy training, risk management, security training
Posted in government, Information Security, Privacy and Compliance | 2 Comments »
Wednesday, June 10th, 2009
Today a report discussed how a healthcare worker obtained medical information about a patient with HIV that was then posted on the Internet…
(more…)
Tags:awareness and training, HIPAA, Information Security, insider threat, IT compliance, IT training, patient privacy, policies and procedures, privacy training, risk management, security training
Posted in Information Security, Privacy and Compliance, Privacy Incidents | No Comments »
Wednesday, May 27th, 2009
I got the June 1 issue of Newsweek today, and something that’s bothered me ever since I first heard about it was on page 4…
(more…)
Tags:awareness and training, Catsouras, Information Security, insider threat, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in Privacy Incidents, Training & awareness | No Comments »
