Posts Tagged ‘policies and procedures’
Tuesday, October 21st, 2008
My friend Alec (thanks Alec!) pointed me this interesting story…
(more…)
Tags:Aleecia McDonald, awareness and training, Carnegie Mellon University, Information Security, IT compliance, IT training, Lorrie Faith Cranor, policies and procedures, privacy policies, privacy training, risk management, security training
Posted in Privacy and Compliance | No Comments »
Sunday, October 19th, 2008
Here’s something interesting I just ran across…
(more…)
Tags:awareness and training, bartok, Information Security, iowa anti-spam law, iowa anti-spoof law, IT compliance, IT training, kramer, perez, policies and procedures, privacy training, risk management, security training, spam law
Posted in Laws & Regulations, Non-compliance Sanctions Examples | No Comments »
Friday, October 17th, 2008
If you must comply with the Red Flags Rule, which is a rule that falls under the umbrella of the Fair and Accurate Credit Transactions Act (FACTA), which most organizations in the U.S. who process payments from their customers must comply with, for which compliance is required by November 1 of this year, then you should review the recently released guidance documents that will be used by the government oversight examiners…
(more…)
Tags:awareness and training, FDIC, federal reserve, identity theft, Information Security, IT compliance, IT training, policies and procedures, privacy law, privacy training, Red Flags rule, risk management, security training
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
Thursday, October 16th, 2008
A friend (thanks Terry!) just pointed me to a couple of really great sites that Nymity provides without needing to register, and they have no ads or marketing…
(more…)
Tags:awareness and training, Information Security, IT compliance, IT training, Nymity, policies and procedures, privacy breaches, privacy studies, privacy training, risk management, security training
Posted in Privacy and Compliance, Privacy Incidents | No Comments »
Wednesday, October 15th, 2008
No matter how much technology you throw at trying to prevent security incidents, the weakest link in the organization, your personnel (who could be your strongest link with effective training and ongoing awareness) can defeat that security technology.
On purpose, because of lack of knowledge, or by making a plain ol’ mistake.
And EVERYONE makes mistakes. Fewer if they are more diligently aware though.
(more…)
Tags:awareness and training, Barack Obama, email mistakes, Information Security, insider threat, IT compliance, IT training, policies and procedures, politics, privacy training, risk management, security training
Posted in Information Security, Training & awareness | No Comments »
Tuesday, October 14th, 2008
Remember all the talk in the 1990’s that surrounded the legalities, and largely restrictions, surrounding how encryption could be used for data sent outside the U.S.? Or how encryption tools and algorithms could be exported? It’s been a significantly more silent issue during this new century.
(more…)
Tags:awareness and training, encryption, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in Information Security, Laws & Regulations | No Comments »
Sunday, October 12th, 2008
I just read about a new law signed at the end of September, 2008, by U.S. President Bush, H.R. 5983; the “Identity Theft Enforcement and Restitution Act of 2008” which is under Title II.
(more…)
Tags:awareness and training, cybercrime, identity theft, Information Security, IT compliance, IT training, law, policies and procedures, privacy training, risk management, security training
Posted in Laws & Regulations | 2 Comments »
Friday, October 10th, 2008
I just realized that I have not yet posted about providing our “Information Security and Privacy Convergence and Collaboration” 2-day training class that I’ll be co-teaching with Chris Grillo in Grand Rapids, MI on Wednesday, November 12, 2008 AND Thursday, November 13, 2008 See more about it here.
(more…)
Tags:awareness and training, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security and privacy convergence, security training
Posted in Training & awareness | No Comments »
Thursday, October 9th, 2008
There is no doubt that this economy is impacting all companies and most individuals. I’ve read about and heard from many organizations that, as a result, their information security and privacy budgets are being drastically reduced, or even cut completely, in an attempt to save money during these uncertain times.
Throwing out the baby with the bath water in this way is a very bad idea!
(more…)
Tags:awareness and training, Information Security, IT compliance, IT training, policies and procedures, privacy training, risk management, security training
Posted in Information Security | No Comments »
Wednesday, October 8th, 2008
Around September 10 a widely-reported story broke about how Sarah Palin’s Yahoo! email account was broken into.
Contents of some of her email messages were then widely posted to various Internet websites.
(more…)
Tags:awareness and training, email privacy, email security, hacker, Information Security, IT compliance, IT training, kernell, policies and procedures, privacy training, risk management, Sarah Palin, security training
Posted in Information Security, Laws & Regulations, Privacy and Compliance | 2 Comments »