Today Monsters and Critics reported, “Indianapolis Public Schools exposes thousands to risk of identity theft.”
Apparently the Indianapolis Public Schools (IPS) website “that allows teachers to post reviews, student-writing samples, grades, and other confidential material to the IPS network” was implemented and configured without much attention to security.
Posts Tagged ‘IT compliance’
The Need to Build Security In: Poor Implementation of Indianapolis Public Schools Website Allows Viewing of PII For 7000+ Students and Teachers
Friday, May 18th, 2007Does Using “Certified” Software Products Improve Compliance?
Thursday, May 17th, 2007It seems the term “certified” is being used more and more…for professionals, hardware, software, you name it.
You see software vendors touting that their products have been certified and that they will help companies meet “compliance,” but I have found very little research into what this really means, or if it means anything at all.
Know What You’re Buying…for Computer Service Contracts as Well as Security and Privacy Products
Wednesday, May 16th, 2007This morning I was watching Good Morning America (GMA) with my sons before they left for school. Noah said, “Hey, they’re talking about my computer!”
Information Security and Privacy Professionals Must Partner on Over 15…no wait…Over 20 Different Enterprise Issues
Wednesday, May 16th, 2007Not too long ago I blogged about the need for information security and privacy professionals to work together to address safeguarding sensitive and personally identifiable information (PII). Within it I talked about how a workshop Chris Grillo and I created and give, “Handling Complex and Difficult Privacy and Information Security Issues,” discusses over 15 common issues that these professionals need to partner on.
Great New Site for Data Loss Statistics
Tuesday, May 15th, 2007There is a great new site, etiolated.org, that takes the privacy breach data accumulated by attrition.org and parses it into some very interesting statistics, trends charts, provides areas for commentary, and lots of other interesting and useful information.
High School Cyber-Defense Competition: Mentoring Information Security Leaders of the Future
Tuesday, May 15th, 2007There is great opportunity to ensure future computer systems and applications are more securely engineered than they are now by teaching our children from a young age the importance of information security and privacy, and showing them what needs to be done. I often have fantastic conversations with my sons about information security and privacy issues; they always bring wonderful perspectives I never thought about.
Insider Threat Example: Engineer Leaks U.S. Military Secrets
Friday, May 11th, 2007There has been a lot of talk and blogging recently about whether or not there is a need for an information security industry/profession. Um sure, and there is no need for the physical security industry/profession either, is there?
As long as humans touch information in any way, electronically or physically, information security will be needed to provide them with policies, procedures, standards, guidance, training, ongoing awareness, and responding to and fixing the security messes and privacy breaches they cause.
Two U.S. Federal Data Protection Bills Approved: One May Actually Make It Through
Wednesday, May 9th, 2007It looks like we make actually get a federal data protection law, that includes breach notice requirements, this year. Such a law is long overdue; not only to protect personally identifiable information (PII), but also to help businesses to resolve their growing headaches involved with trying to comply with at least 36 state breach notice laws as well as dozens of other state level data protection and credit freeze laws, and multiple industry-specific data protection laws.
