Posts Tagged ‘IT compliance’
Thursday, February 28th, 2008
I participate in the LinkedIn community, and I was intrigued this morning to find a question posted by Bill Gates (yes Microsoft Bill)!
“How can we do more to encourage young people to pursue careers in science and technology?”
(more…)
Tags:awareness and training, Bill Gates, children, education, Information Security, IT compliance, LinkedIn, malware, Microsoft, policies and procedures, protecting information, risk management, science, security awareness, security training, technology
Posted in Training & awareness | No Comments »
Wednesday, February 27th, 2008
I was very intrigued to get an email yesterday from a security software vendor announcing a contest daring information security practitioners to find a malware-free network and they’ll give you $10,000.
Here’s the text of the message:
(more…)
Tags:awareness and training, Information Security, IT compliance, malware, Panda Security, policies and procedures, risk management, Ryan Sherstobitoff, security awareness, security training
Posted in Information Security | 2 Comments »
Tuesday, February 26th, 2008
I just got a notice from the U.S. Department of Health and Human Services (HHS)…
New HIPAA Security Information on the CMS website
(more…)
Tags:awareness and training, CMS, HHS, HIPAA, Information Security, IT compliance, OESS, policies and procedures, risk management, security awareness, security rule, security training
Posted in Information Security, Privacy and Compliance | No Comments »
Tuesday, February 26th, 2008
There’s a great information security and privacy awareness event coming up, Internet Safety Night on April 23, 2008, 6:30-8:30 p.m.
(more…)
Tags:awareness and training, BeSafe, Information Security, Internet Safety Night, IT compliance, MOREnet, personally identifiable information, PII, policies and procedures, risk management, security awareness, security training
Posted in Training & awareness | No Comments »
Monday, February 25th, 2008
If you are responsible for information security or privacy at your organization, and your organization does marketing, here is something you need to know about and discuss with your marketing folks. I blogged about this in December.
(more…)
Tags:awareness and training, behavioral advertising, FTC, Information Security, IT compliance, personally identifiable information, PII, policies and procedures, privacy breach, privacy principles, risk management, security awareness, security training
Posted in Privacy and Compliance | No Comments »
Sunday, February 24th, 2008
Too few organizations are prepared to respond to a privacy breach when it happens. Too many naively believe a privacy breach will not happen to them.
It is helpful to look at existing privacy breach notice plans when creating your own. The U.S. government agencies actually provide some good plans you can use as examples.
(more…)
Tags:awareness and training, Department of Commerce, Department of Homeland Security, Information Security, IT compliance, policies and procedures, privacy breach, privacy breach response plan, risk management, security awareness, security training, US-CERT
Posted in Privacy and Compliance, Privacy Incidents | No Comments »
Thursday, February 21st, 2008
Since I’m talking about “The Anatomy of a Privacy Breach” at Berkeley today, I thought it would be timely to point out a great resource that details the very many privacy breaches that occur within colleges and universities.
(more…)
Tags:adam dodge, anatomy of a privacy breach, awareness and training, Information Security, IT compliance, policies and procedures, privacy breach, risk management, security awareness, security training, UC Berkeley
Posted in Information Security | No Comments »
Wednesday, February 20th, 2008
Today I’m flying from the very frigid sub-zero temps of Iowa out to the University of California at Berkeley. I was invited to give a lecture, and considering the ongoing increase in privacy breaches, I chose to talk about “The Anatomy of a Privacy Breach.”
(more…)
Tags:anatomy of a privacy breach, awareness and training, Information Security, IT compliance, policies and procedures, privacy breach, risk management, security awareness, security training, UC Berkeley
Posted in Privacy and Compliance | No Comments »
Tuesday, February 19th, 2008
Here’s a good article for your files, and to point out to your legal counsel to point out the very real insider threat to information security and privacy…
A Massachusetts trial court recently ruled that the unauthorized transfer of electronic files is actionable as a conversion under Massachusetts’ common law.
(more…)
Tags:awareness and training, Information Security, insider threat, IT compliance, Michael Mimitruk, Network Systems Architects, policies and procedures, risk management, security awareness, security controls, security training
Posted in Information Security | No Comments »
Monday, February 18th, 2008
It shouldn’t still amaze me, but it does, how often so many organizations just dump huge amounts of printed paper containing tons of personally identifiable information (PII) right into their dumpster sitting behind their building, in the alley, or some other easily reachable public location.
Here’s yet another example of a business throwing away people’s privacy in their trash dumpster…
(more…)
Tags:awareness and training, consumer fraud, data disposal, disposal rule, dumpster diving, FTC, identity theft, Information Security, IT compliance, personal information breach, policies and procedures, privacy breach, risk management, security awareness, security training
Posted in identity theft, Information Security, Privacy and Compliance, Privacy Incidents | No Comments »