Posts Tagged ‘policies and procedures’

Use Case Studies To Make Learning More Effective

Friday, October 31st, 2008

I’m in the process of updating the case studies for the 2-day class I’m giving…TWICE…in the next few weeks, “Information Security and Privacy Convergence and Collaboration.”
First in Grand Rapids, Michigan, hosted by the Michigan InfraGard and the West Michigan Chapter of ISACA on November 12 and 13.
Second immediately following the CSI Annual conference in National Harbor, MD (just south of D.C.) on November 20 and 21…

(more…)

Audit Shows That After 5 Years CMS *STILL* Has No Documented Procedures For Ensuring HIPAA compliance

Thursday, October 30th, 2008

This week the Department of Health and Human Services (HHS) Office of Inspector General (OIG) released a very interesting assessment of how well, and how effectively, the Centers for Medicare & Medicaid Services (CMS) was performing their Health Insurance Portability and Accountability Act (HIPAA) oversight responsibilities.

(more…)

Audit Shows That After 5 Years CMS *STILL* Has No Documented Procedures For Ensuring HIPAA compliance

Thursday, October 30th, 2008

This week the Department of Health and Human Services (HHS) Office of Inspector General (OIG) released a very interesting assessment of how well, and how effectively, the Centers for Medicare & Medicaid Services (CMS) was performing their Health Insurance Portability and Accountability Act (HIPAA) oversight responsibilities.

(more…)

Create A Clear Education Strategy BEFORE Asking Executives for Training and Awareness Support

Wednesday, October 29th, 2008

Information security, privacy, and compliance practitioners must obtain the support of executive management to be successful. So how do you do this?
I talk about this in the first section of the first article of my October issue of “IT Compliance in Realtime Journal.”
Here is the unformatted version of the first section of the first article; download the PDF to see a much nicer-looking version…

(more…)

The Insider Threat For Identity Theft: Watchout For Dead-Beat Parents

Tuesday, October 28th, 2008

Here’s a story that points to how vulnerable people are to identity theft and other types of crimes and frauds from slimy family…and ex-family…members…

(more…)

Obama’s and McCain’s Data Protection Plans

Monday, October 27th, 2008

Something that I want to know about the U.S. presidential candidates, along with all their views and plans for the economy, education, healthcare, defense and so on, is what their plans are for information security and privacy protections. The past 8 years certainly has been a mixed bag of impacts for privacy and information safeguards.

(more…)

Hackers Are “Rattlesnakes Without the Rattles”

Saturday, October 25th, 2008

Research into the psychology of hackers has been going on ever since Cap’n Crunch cereal whistles were used to make free phone calls to anywhere in the world.
I saw the ABC News article…

(more…)

Web 2.0 Security, Privacy & Policies

Friday, October 24th, 2008

Since 2000 I’ve been writing a monthly column for the Computer Security Institute (CSI) Alert publication…

(more…)

FTC Postpones Active Red Flags Rule Enforcement To May 1, 2009

Thursday, October 23rd, 2008

I was surprised to read this yesterday…

(more…)

DHS Secretary Chertoff Calls For Better Computer Security

Wednesday, October 22nd, 2008

It is good to start seeing more urgency place upon information security by the various government agencies.
As an example, last week U.S. Homeland Security Secretary Michael Chertoff spoke at the U.S. Chamber of Commerce emphasized the need for increased cooperation between industry and government to secure the nation’s computer systems.
Here’s an excerpt from one of the news reports about the speech…

(more…)