Below is a good example of why organizations need to do third party (vendor, outsourcers, business partners, etc.) information security and privacy program reviews. A very important sentence to show your business leaders who don’t think they need to ensure third party security is, “The lender made the data vulnerable, the complaint alleges, by allowing a third-party home seller to access the data without taking reasonable steps to protect it.”
Posts Tagged ‘IT compliance’
Example Of Why Business Leaders MUST Ensure Third Party Security
Monday, December 15th, 2008ED and HHS Gives Guidance for HIPAA and FERPA Relationship
Friday, December 12th, 2008New Family Educational Rights and Privacy Act (FERPA) Regulations
Thursday, December 11th, 2008New FERPA Regulations were issued yesterday…
New Family Educational Rights and Privacy Act (FERPA) Regulations
Thursday, December 11th, 2008New FERPA Regulations were issued yesterday…
Domain Name Hell…Deja Vu All Over Again!
Wednesday, December 10th, 2008Last night I thought it odd that I did not receive any email messages after around 8pm. And this morning, it was V E R Y odd that I did not have the usual bunch of overnight spam in my inbox…
What’s up with this?
Insider Threats Even More Significant During Down Economy
Tuesday, December 9th, 2008I’ve written a lot about the insider threat, and the many different motivations for insiders to do malicious things (in addition to the other two types of insider threats of mistakes and lack of awareness).
Here are a couple of recently published research reports that shows how this horrible economy is impacting information security and making organizations even more vulnerable to privacy breaches…
Recommendations To President Elect Obama For How To Improve Cybersecurity
Monday, December 8th, 2008Today the Center for Strategic and International Studies (CSIS) Commission on Cybersecurity for the 44th Presidency released a report, “Securing Cyberspace for the 44th President,” that includes recommendations for a comprehensive strategy to improve cybersecurity in federal systems and in critical infrastructure.
2008 Best Privacy Advisers Survey
Sunday, December 7th, 2008Last night when I got the following news, it really made my day! 🙂
Study Highlights Too-Common Problem: Boards And Executives Do Not Understand Info Sec & Privacy Risk
Friday, December 5th, 2008My long-time friend, Richard Power, recently published an article in CSO magazine about a recent study he and Jody Westby did at Carnegie-Mellon in his Cylab center…
HIPAA Violation: Healthcare Worker Writes About Patients On MySpace
Thursday, December 4th, 2008What was this worker for a healthcare provider thinking…didn’t/doesn’t the provider provide any kind of information security or privacy training or awareness communications…?