Okay, lots and LOTS has already been written about the DoJ press release yesterday, “Retail Hacking Ring Charged for Stealing and Distributing Credit and Debit Card Numbers from Major U.S. Retailers: More Than 40 Million Credit and Debit Card Numbers Stolen.”
But, I still want to put a few thoughts out about this…
Posts Tagged ‘IT training’
40+ Million Credit Cards Stolen Using Wardriving…This Is Nothing New, Folks!
Wednesday, August 6th, 200840+ Million Credit Cards Stolen Using Wardriving…This Is Nothing New, Folks!
Wednesday, August 6th, 2008Okay, lots and LOTS has already been written about the DoJ press release yesterday, “Retail Hacking Ring Charged for Stealing and Distributing Credit and Debit Card Numbers from Major U.S. Retailers: More Than 40 Million Credit and Debit Card Numbers Stolen.”
But, I still want to put a few thoughts out about this…
Whose PII Is Covered Under the EU Data Protection Directive?
Tuesday, August 5th, 2008I got a great question from a business friend of mine, and I wanted to provide my answer here, too, because it is something all multi-national organizations need to think about. Eric Nelson, who heads Secure Privacy Solutions asked, “If a company collects and manages PII from another country, e.g., India or the U.S., and transfers that PII to the E.U. for some type of processing or storage or even just transit, does the E.U. Data Directive apply once that PII leaves a country within the E.U.?”
Privacy Concerns Of Google Walking Directions
Monday, August 4th, 2008Last Friday afternoon I got a message from a Popular Science reporter, John Brandon, asking me if I thought that the Google walking directions feature created any privacy concerns. I was finishing a client deliverable at the time, but indicated I would answer him later in the day…which I did take the time to do late in the evening instead of doing other, more recreational, things. I heard no ackowledgment or response with him about the information I provided, but he did write an article about Google walking directions that was published today, “Google Walking Directions: a Privacy Concern?”
John did just confirm to me that he had received my message but too late to include in the article.
Here is the information I provided…
Privacy Concerns Of Google Walking Directions
Monday, August 4th, 2008Last Friday afternoon I got a message from a Popular Science reporter, John Brandon, asking me if I thought that the Google walking directions feature created any privacy concerns. I was finishing a client deliverable at the time, but indicated I would answer him later in the day…which I did take the time to do late in the evening instead of doing other, more recreational, things. I heard no ackowledgment or response with him about the information I provided, but he did write an article about Google walking directions that was published today, “Google Walking Directions: a Privacy Concern?”
John did just confirm to me that he had received my message but too late to include in the article.
Here is the information I provided…
New Website Seal For Companies Participating In The EU Safe Harbor Program
Sunday, August 3rd, 2008Something I’ve been spending a lot of work on this summer is creating management tools to help information security and privacy practitioners do their jobs more effectively and efficiently. In the past three months I’ve had over a dozen CISOs and CPOs call me and ask if I had specific types of tools to help them with their information security, privacy and compliance efforts and iniatives. One of the tools will help them with managing their programs and processes for, along with the many complex issues involved with, transferring personally identifiable information (PII) with any of the 27 European Union (EU) contries to the U.S. and other countries. One of the areas involved with tackling this issue is whether or not to participate in the Safe Harbor program.
So, I was very interested to read that the U.S. Commerce Department announced a new certification mark/seal for organizations to put on their websites to show that they have self-certified compliance with the Safe Harbor Framework requirements.
Free Info Sec & Privacy Training Hosted By The FTC and COPP
Thursday, July 31st, 2008If you’re in the Los Angeles area on August 13, here’s what looks to be a good, FREE, day of getting information security and privacy training hosted by the U.S. Federal Trade Commission (FTC) and the California Office of Privacy Protection (COPP).
If you are a company with no dedicated information security or privacy position, like most small and medium sized businesses (SMBs), then go to this event to hear WHY you need to make efforts to safeguard your customers’ and employees’ personally identifiable information (PII). Hey, if you’re in the area, it’ll only cost your time!
Here’s the full announcement…
Do You Do Data Mining?
Wednesday, July 30th, 2008Many folks like to argue and pick apart what is meant by “data mining.” Marketers I’ve spoken with claim they are not doing data mining with their customers’ information, but just “repurposing” it.
Whatever you call it, you need to know how your organization is using personally identifiable information (PII) in ways other than the purposes for which it was collected. Many times these other purposes are achieved through data mining.
Last week the U.S. Department of Homeland Security held a workshop, “Implementing Privacy Protections in Government Data Mining” that provided some good information about data mining privacy issues that all organizations should consider. The comments the DHS received prior to the event were very interesting.
17 Info Security & Privacy Topics Call Center Staff Must Understand
Tuesday, July 29th, 2008Okay…back to my continuing lecture on the need to provide targeted training on specific information security and privacy topics to the various responsibility groups throughout your enterprise.
Consider this; what if you took a driver’s education class and all they told you to do, by showing you on a PowerPoint slide, is how to put the key in the ignition, turn the engine over, how to press the accelerator to move forward, and how to press the brakes to stop. Then they told you to go out there and drive…have it it! Would you be well prepared to get onto the road and deal with all the other things you need to know about driving? Most likely not. If you feel you would be well prepared, please tell me you will not be driving on the central Iowa roads… 🙂
People Need Periodic, Effective, Training And Ongoing Awareness To Truly Safeguard Information
Friday, July 25th, 2008Imagine this; what if you were given training just one time, in a 1-hour session with no hands-on practice, for how to do first aid and give CPR and then were never given more training or reminders about how to do first aid and CPR…two years later would you be able to competently perform first aid when someone needed it? Probably not. Probably not even 1 year later, or even 6 months later.
People need to have regularly scheduled training and ongoing awareness in how to do activities competently. You cannot expect to give a 1-hour, often poorly-constructed, training course about information security or privacy and the have the people taking the training know what to do weeks or months or even yeas later. However, this is the situation that occurs in a very large portion of organizations.
It is no wonder that the majority of security incidents and privacy breaches occur as a result of lack of knowledge and mistakes.
Here is the third part of the third article, “Providing Call Centers with Information Security and Privacy Education,” in my July issue of IT Compliance in Realtime, that speaks to this issue…