Posts Tagged ‘policies and procedures’

« Older Entries
Newer Entries »

Insider Threat: Worker Deletes 7 Years of Files; Lesson? Make Backups!!

Friday, January 25th, 2008

Here is another example of what a worker, entrusted with access to business files, can do…and also provides a lesson about business continuity…
I just watched a CNN clip, “Cyber Sabotage” that provides a very good example of how costly the insider threat can be.

(more…)

Tags:, , , , , , , , , , , , , , , ,
Posted in Information Security | 2 Comments »

Insider Threat: Worker Deletes 7 Years of Files; Lesson? Make Backups!!

Friday, January 25th, 2008

Here is another example of what a worker, entrusted with access to business files, can do…and also provides a lesson about business continuity…
I just watched a CNN clip, “Cyber Sabotage” that provides a very good example of how costly the insider threat can be.

(more…)

Tags:, , , , , , , , , , , , , , , ,
Posted in Information Security | 2 Comments »

January 28 is International Data Privacy Day

Thursday, January 24th, 2008

Did you know that International Data Privacy Day is fast approaching? On Monday, January 28 the United States joins 27 European countries to celebrate Data Privacy Day 2008. “The day will feature several efforts to promote the importance of data protection, including a meeting at Duke University among European and U.S. privacy experts.

(more…)

Tags:, , , , , , , , , , ,
Posted in Privacy and Compliance, Training & awareness | 3 Comments »

Improve Information Security And Privacy By Engaging Your Personnel And Their Children…Our Future Information Security and Privacy Leaders

Wednesday, January 23rd, 2008

Personnel will understand information security and privacy issues better if they can relate to the issues within their own lives. If they can see how the issues impact their family members and friends, that helps to raise awareness even more. If they can see their children’s perspectives of the issues, and see how their family members may be unknowingly putting their information at risk, it helps them to see even more the importance of the issues, and also helps them to guard against the associated threats even better.

(more…)

Tags:, , , , , , , , , , , ,
Posted in Training & awareness | No Comments »

Social Engineering Schemes Increase: Great Case Study From An Actual Event

Tuesday, January 22nd, 2008

Last month I finished the second issue of my Protecting Information publication and the topic couldn’t be more timely: social engineering.
Just today I have already read in my daily news items 5 articles about social engineering! One in particular, “CUNA Mutual Warns on Costly HELOC Scam,” provides not only a great example of a current social engineering scam, but it would also make a great case study for social engineering training and within your awareness communications and activities. Here’s a quick overview…

(more…)

Tags:, , , , , , , , , , , ,
Posted in Information Security, Privacy and Compliance, Privacy Incidents | No Comments »

CMS Announces Plans To Actively Audit Hospitals For HIPAA Compliance

Monday, January 21st, 2008

The U.S. Centers for Medicare and Medicaid Services (CMS) announced last week that they plan to audit 10 – 20 hospitals for HIPAA compliance in the next 9 months according to a Government Health IT article.

(more…)

Tags:, , , , , , , , , , , , , , , , ,
Posted in Privacy and Compliance | No Comments »

Insider Threat Example: Former Cox Employee Sent To Jail (And More) For Hacking System

Sunday, January 20th, 2008

It is not only important, but absolutely necessary, to let personnel know what your information security and privacy policies are, along with your organization’s sanctions, and then consistently enforce your policies. If personnel know that policies are not enforced, and that there is no negative consequence for not properly safeguarding information and systems, it becomes easy for personnel to not follow policies when it is inconvenient or time-consuming to do so. It is also easier for personnel to do bad things as vendettas when they get upset.

(more…)

Tags:, , , , , , , , , , , ,
Posted in Non-compliance Sanctions Examples | No Comments »

FTC Hands Down Another FTC Act Noncompliance Penalty For Bad Online Application Security

Friday, January 18th, 2008

Yesterday the U.S. Federal Trade Commission (FTC) handed down yet another penalty against an online retailer, Life is good, Inc., for not properly safeguarding their online ecommerce applications.
The FTC charged they were in violation of the FTC Act because they promised in their online privacy statement that they would safeguard their customer data, but yet a hacker “was able to use SQL injection attacks on Life is good’s Web site to access the credit card numbers, expiration dates, and security codes of thousands of consumers.”

(more…)

Tags:, , , , , , , , , , , , ,
Posted in Non-compliance Sanctions Examples | No Comments »

A Roadmap For Successful ITIL Implementation

Thursday, January 17th, 2008

The final chapter of my ebook, “The Shortcut Guide to Improving IT Service Support through ITIL” was just released!

(more…)

Tags:, , , , , , , ,
Posted in Miscellaneous | No Comments »

Clearly Justify Your Information Security and Privacy Policies

Wednesday, January 16th, 2008

I’m helping one of my clients with updating their information security and privacy policies, aligning them with ISO 27002, and creating new policies to fill gaps as necessary based upon the organization’s risks. I was speaking with the CISO this week and he made a statement that I’ve heard many times over the years that really is a blockade to advancing information security within most organizations.
“I wish when the CEO rejects a policy he would tell me why. I know he’s short on time, but it would help me do my job so much better if he’d just explain why.”

(more…)

Tags:, , , , , , , ,
Posted in Information Security, Privacy and Compliance, Training & awareness | 2 Comments »

« Older Entries
Newer Entries »