Posts Tagged ‘policies and procedures’

You aren’t in Kansas anymore, ToTo…you’re in virtual Kansas!

Thursday, April 9th, 2009

Oh; and, by the way, what the heck are virtual worlds? Aren’t they something that only kids use?

(more…)

Measuring The Effectiveness of Information Security & Privacy Awareness & Training

Wednesday, April 8th, 2009

I’m a longtime advocate of creating a wide range of metrics to determine the effectiveness of the various components of information security, privacy and compliance programs.

(more…)

Privacy Breach Lesson: Encrypt Mobile Digital PII!

Monday, April 6th, 2009

Once more, here is an example of how carelessness and/or a mistake leads to a privacy breach…

(more…)

What Corporate Business Leaders Need To Know About Data Protection

Friday, April 3rd, 2009

The first chapter of my new ebook, “Understanding Data Protection from Four Critical Perspectives” has been published!
The first chapter is “What Corporate Business Leaders Need To Know About Data Protection” and is written to an audience of CEOs and other executive business leaders who may not have an IT or information security background. I wrote this chapter for information security and privacy practitioners and officers to be able to give to their executive business leaders to help them understand data protection and compliance better, in addition to helping to get them to sponsor data protection efforts.
Here’s the introduction to the chapter, which also provides an overview of the book:

(more…)

Pros & Cons Of Surveillance Cameras For Compliance

Thursday, April 2nd, 2009

We had a very interesting discussion on Twitter this morning about the practice of automatically photographing license plates to use for parking, tickets, etc…

(more…)

Ongoing Awareness Communications and Regular Training Are Necessary For Effective Information Security & Privacy Programs

Wednesday, April 1st, 2009

Scott Wright over at Streetwise Security Zone graciously invited me to do a podcast interview with him to discuss information security, privacy and compliance training and awareness issues. In the last half of February I had the pleasure of taking him up on his invitation!
You can hear the full podcast here.
Here are the notes Scott compiled about our discussion topics:

(more…)

HIPAA Sanctions and Convictions Will Increase with HITECH Act & New Administration

Tuesday, March 31st, 2009

Upon reading and researching HIPAA and the impact of the HITECH Act upon it, basically broadening its applicability as well as adding new requirements for privacy breach notifications, I recently was compelled to write an article about what I foresee as likelihood that, after a very frustratingly slow start (by several years!) of HIPAA enforcement, increasingly more HIPAA sanctions will be made in the coming months and years.
SearchCompliance printed my article in three parts in their Compliance Tips section…

(more…)

Don’t let differing authority levels damage info sec, privacy & compliance collaboration

Thursday, March 26th, 2009

I first realized the need for information security and legal compliance areas to closely collaborate on converging issues in the mid-1990’s while establishing the information security and privacy requirements for one of the first online banks. Over the past 5+ years I’ve been actively evangelizing through my 2-day classes, conference and meeting speeches, and many articles and other publications about the need for information security, privacy and legal compliance areas to collaborate, and pointing out the areas where these responsibilities converge.

(more…)

Carnegie Mellon’s CyLab Is A Great Resource

Wednesday, March 25th, 2009

I was very happy to be invited to Carnegie Mellon University (CMU) to speak about information security and privacy convergence last month at their CyLab research and education center. It was a great experience!

(more…)

Many Motivators For Identity Theft

Tuesday, March 24th, 2009

I’ve heard far too many business leaders in lesser-regulated industries, of organizations of all sizes, say something to the effect of, “Oh, we don’t have any information that hackers would find of any value.”

(more…)