Posts Tagged ‘ISACA’

Never Judge an Information Security Professional Solely by their Security Certifications

Thursday, July 30th, 2015

Recently I attended a gathering where a litigation lawyer was giving a presentation and made the statement, “The defendant’s information security officer did not have any type of security certification, such as a CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager), which demonstrated lack of qualification for her position, and negligence on the part of the hospital system that had hired her to fill that position.” (more…)

Audit’s Role in Privacy Breach Response

Monday, January 5th, 2009

Next week, on Wednesday, January 14, I will be in Minneapolis, MN speaking at the Minneapolis Gateway Hotel for the ISACA Winter Quarterly Meeting/Social.
My topic will be, “Internal Audit’s Role in Responding to Privacy Breaches.”
Here’s a synopsis…

(more…)

Use Case Studies To Make Learning More Effective

Friday, October 31st, 2008

I’m in the process of updating the case studies for the 2-day class I’m giving…TWICE…in the next few weeks, “Information Security and Privacy Convergence and Collaboration.”
First in Grand Rapids, Michigan, hosted by the Michigan InfraGard and the West Michigan Chapter of ISACA on November 12 and 13.
Second immediately following the CSI Annual conference in National Harbor, MD (just south of D.C.) on November 20 and 21…

(more…)

Use Case Studies To Make Learning More Effective

Friday, October 31st, 2008

I’m in the process of updating the case studies for the 2-day class I’m giving…TWICE…in the next few weeks, “Information Security and Privacy Convergence and Collaboration.”
First in Grand Rapids, Michigan, hosted by the Michigan InfraGard and the West Michigan Chapter of ISACA on November 12 and 13.
Second immediately following the CSI Annual conference in National Harbor, MD (just south of D.C.) on November 20 and 21…

(more…)

Use Case Studies To Make Learning More Effective

Friday, October 31st, 2008

I’m in the process of updating the case studies for the 2-day class I’m giving…TWICE…in the next few weeks, “Information Security and Privacy Convergence and Collaboration.”
First in Grand Rapids, Michigan, hosted by the Michigan InfraGard and the West Michigan Chapter of ISACA on November 12 and 13.
Second immediately following the CSI Annual conference in National Harbor, MD (just south of D.C.) on November 20 and 21…

(more…)

Information Security and Privacy Convergence Is Nothing New…Both Areas MUST Collaborate

Tuesday, July 1st, 2008

The comparatively new awareness of the need for information security and privacy convergence and collaboration has actually existed for many years. I first experienced this firsthand in the first half of the 1990’s when I was responsible for information security in a multinational financial and insurance company. The company launched one of the very first online banks, and I was establishing the security requirements when I saw the need to address the privacy aspects. This was before the passage of GLBA or HIPAA, but I knew that a few bills addressing privacy had been being considered, not only in the U.S. but also worldwide, and that the OECD privacy principles were the basis for many of the privacy requirements.

(more…)