Posts Tagged ‘policies and procedures’
Thursday, December 4th, 2008
What was this worker for a healthcare provider thinking…didn’t/doesn’t the provider provide any kind of information security or privacy training or awareness communications…?
(more…)
Tags:awareness and training, HIPAA, Information Security, IT compliance, IT training, patient privacy, policies and procedures, privacy training, risk management, security training
Posted in Laws & Regulations, Privacy and Compliance, Privacy Incidents | No Comments »
Wednesday, December 3rd, 2008
A couple of days ago Asylum reported…
(more…)
Tags:awareness and training, Information Security, Internet security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in Information Security | No Comments »
Tuesday, December 2nd, 2008
{Wow…love a chance to use 3 initializations in a row… 🙂 }
Over the past week I have been getting my holiday shopping done, almost entirely all online. I love to find unique stores, often small and medium sized businesses (SMBs) with interesting items, and I found one small store in Florida that makes some great, creative photo items at a reasonable price. Their online site was a little hard to navigate, though, so I spent a little time doing a bit of research about the store. They have been around since the 1980’s, and I could find no complaints about them. Their order form encrypted the input, but it was hard to figure out how to fill it in; I couldn’t get more than one photo uploaded to order more than one ornament, coffee mug, etc., at one time…
(more…)
Tags:awareness and training, credit card security, ecommerce security, email security, Information Security, IT compliance, IT training, PCI DSS, policies and procedures, privacy training, risk management, security training
Posted in Information Security, Laws & Regulations | 1 Comment »
Monday, December 1st, 2008
A couple of weeks ago, while I was at the CSI Annual conference doing sessions and giving my 2-day class there, I took some time to do an interview with Mike Brennan at Michigan Tech News radio about the keynote I did the week before in Kalamazoo, MI; the podcast of it was just posted today…
(more…)
Tags:awareness and training, Information Security, IT compliance, IT training, Mike Brennan, mobile computing, mobile security, policies and procedures, privacy training, risk management, security training
Posted in Information Security, Privacy and Compliance | No Comments »
Sunday, November 30th, 2008
On November 18 President Bush signed Executive Order 13478; see how/if it impacts your organization and how you use social security numbers (SSNs), and how it will impact how you require SSNs. And now you personall should NOT need to provide SSNs as often…
(more…)
Tags:awareness and training, Executive Order 13478, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training, social security numbers, SSN
Posted in government, Laws & Regulations | No Comments »
Saturday, November 29th, 2008
The bulk of data protection laws and regulations require that security and privacy controls be established based upon the organization’s existing and unique risks. Many organizations struggle to find a way to effectivevly determine the risks that exist for their businesses. Often what results is similar to taking a shot in the dark to determine risks.
(more…)
Tags:awareness and training, Information Security, ISO/IEC 27005:2008, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in Information Security | No Comments »
Friday, November 28th, 2008
Whoa…here’s what should be a good cybercrime deterrent…
(more…)
Tags:awareness and training, cybercrime, Information Security, IT compliance, IT training, Pakistan, policies and procedures, privacy training, risk management, security training
Posted in Laws & Regulations | No Comments »
Wednesday, November 26th, 2008
Recently I was pleasantly surprised to receive the following message…
(more…)
Tags:awareness and training, Information Security, IT compliance, IT training, Kelly Sonora, policies and procedures, privacy training, risk management, security training, Top 50 Security Blogs
Posted in Information Security, Miscellaneous | No Comments »
Wednesday, November 26th, 2008
Recently I was pleasantly surprised to receive the following message…
(more…)
Tags:awareness and training, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in Information Security, Miscellaneous | No Comments »
Tuesday, November 25th, 2008
I speak with many folks about the importance of published website privacy policies, along with the issues of obtaining consent…not implied but explicit/express…to change the terms of privacy policies.
I also participate in LinkedIn, and I have found it to be a great and valuable tool to network and communicate with other information security and privacy practicitioners.
So, today when I logged in I was quite interested to see the following banner posted on the home page…
(more…)
Tags:awareness and training, express consent, FTC, implied consent, Information Security, IT compliance, IT training, LinkedIn, policies and procedures, privacy policy change, privacy training, risk management, security training
Posted in Privacy and Compliance | 2 Comments »
