Posts Tagged ‘NIST’
Tuesday, October 1st, 2013
“Sometimes I feel like…somebody’s watching me! And I have no privacy!”
(The Rockwell hit from…quite appropriately…1984.)
Each day, we are tracked by the ‘smart’ systems, mobile apps, personal communication devices and other surveillance platforms that have become commonplace in our daily lives. In an effort to educate more people, and businesses, about the data trails they are leaving behind (and the companies, data bureaus and marketers who are sniffing out that trail), I created this new infographic (more…)
Tags:awareness, big data, breach, compliance, data protection, encrypt, encryption, IBM, Information Security, information technology, infosec, Internet of Things, IT security, midmarket, monitoring, NIST, non-compliance, NSA, personal information identifier, personal information item, PHI, PII, policies, privacy, privacy breach, privacy laws, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, security, social network, surveillance, systems security, training
Posted in Miscellaneous, privacy | No Comments »
Thursday, September 26th, 2013
I’ve received numerous questions from various news outlets, clients and colleagues since the published revelation that the NSA was getting the assistance of encryption vendors to decrypt messages throughout a very wide range of activities. A lot of folks are now throwing their hands in the air, claiming that encryption is now no longer effective, and planning to use something completely different. Hmm…wait! Don’t throw out the encryption baby with the unsafe practices bathwater yet. Encryption is still an effective, and necessary, information security control to use. The following are (more…)
Tags:awareness, BA, BAA, breach, business associate, CE, compliance, covered entity, data protection, encrypt, encryption, HIPAA, HITECH, IBM, Information Security, information technology, infosec, IT security, midmarket, monitoring, NIST, non-compliance, NSA, Omnibus, personal information identifier, personal information item, PHI, PII, policies, privacy, privacy breach, privacy laws, privacy professor, privacyprof, Rebecca Herold, risk assessment, risk management, RSA, security, social network, surveillance, systems security, training
Posted in government, Information Security | No Comments »
Saturday, November 28th, 2009
Sorry to be so tardy in getting a blog post out. As many of you know I’ve been working with the NIST Smart Grid Privacy Subgroup since late June. The work done for this group is through time volunteered by all involved.
As a quick recap, I led the privacy impact assessment (PIA) for the consumer-to-utility portion of the planned smart grid during the late June to late August/early September time frame. On Friday, 11/20, I provided an update on our NIST groups activities during the Gridwise Alliance phone conference; perhaps some of you were on that call?
Here are some links showing information about our NIST Smart Grid privacy group’s work:
(more…)
Tags:awareness and training, Information Security, IT compliance, IT training, NIST, personally identifiable information, PIA, PII, policies and procedures, privacy impact assessment, privacy law, privacy training, security training, Smart Grid, Smart Meter, SmartGrid
Posted in Information Security, Laws & Regulations, Privacy and Compliance | 1 Comment »
Monday, November 9th, 2009
I’ve had about half a dozen folks ask me how things are going with the work I’m doing with the NIST Smart Grid privacy group, and if I could provide an update since my last couple of posts on the topic here and here.
The time is going by much too quickly, and I am getting a bit nervous as we get closer to when we need to have the next draft of the NISTIR ready, tentatively set for December 31; there is so much more to do in this VOLUNTEER group effort…
(more…)
Tags:awareness and training, Information Security, IT compliance, IT training, NIST, personally identifiable information, PIA, PII, policies and procedures, privacy impact assessment, privacy law, privacy training, security training, Smart Grid, Smart Meter, SmartGrid
Posted in Privacy and Compliance | 3 Comments »
Wednesday, October 21st, 2009
I was recently asked several questions about my work with the NIST Smart Grid privacy group and associated issues. Here are a couple of those questions, and my answers to them…
(more…)
Tags:awareness and training, Information Security, IT compliance, IT training, NIST, NISTIR 7628, personally identifiable information, PIA, PII, policies and procedures, privacy impact assessment, privacy law, privacy training, security training, Smart Grid
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »
Friday, September 25th, 2009
I have had the great opportunity to participate in the NIST Smart Grid privacy standards group since July…
(more…)
Tags:awareness and training, Christophe Veltsos, Gal Shpantzer, IAPP, Information Security, IT compliance, IT training, NIST, NISTIR 7628, personally identifiable information, PIA, PII, policies and procedures, privacy impact assessment, privacy training, security training, Smart Grid, SmartGrid
Posted in Information Security, Privacy and Compliance | 2 Comments »
Monday, September 21st, 2009
Last week I was very fortunate to be able to speak at the IAPP Privacy Academy in Boston…
(more…)
Tags:awareness and training, CSI, Information Security, IT compliance, IT training, NIST, NISTIR, personally identifiable information, PIA, PII, policies and procedures, privacy impact assessment, privacy training, security training, Smart Grid, SmartGrid
Posted in Information Security, Privacy and Compliance | No Comments »
Tuesday, January 20th, 2009
Happy U.S. presidential inauguration day! 🙂 Did you take off a few minutes of work to watch the inauguration? I wasn’t going to, was planning to just catch videos on the news sites or YouTube later, but then I did, and I’m glad; it was so historical and memorable!
To celebrate, how about I tell you that NIST just made a great new document available…
(more…)
Tags:awareness and training, Information Security, IT compliance, IT training, NIST, OECD privacy principles, personally identifiable information, PII, policies and procedures, privacy training, risk management, security training, SP 800-122
Posted in government, Privacy and Compliance | No Comments »
Tuesday, April 10th, 2007
Improved algorithms used in facial recognition software programs have improved the success of such technology by up to ten times since 2002, the National Institute of Standards and Technology (NIST) said in a report,”Face Recognition Vendor Test (FRVT) 2006 and the Iris Challenge Evaluation (ICE) 2006 Large-Scale Results” issued March 29.
(more…)
Tags:awareness and training, biometrics, corporate governance, Information Security, IT compliance, NIST, privacy
Posted in Information Security | No Comments »
Wednesday, March 28th, 2007
The Office of the National Director of National Intelligence (ONDI) and the Department of Defense (DoD) announced they are going to standardize their information security policies.
The work on the standardization started 8 months ago.
(more…)
Tags:awareness and training, corporate governance, DoD, government, Information Security, IT compliance, NIST, ODNI, privacy
Posted in government, Information Security, Privacy and Compliance | No Comments »
