Posts Tagged ‘policies and procedures’

Information Security Survey for Financials

Thursday, December 20th, 2007

I just learned about a new survey that’s going on, “The State of Information Security Survey 2008.”
Bankinfosecurity is using it to try to get the best picture of how financial institutions are doing when it comes to information security at their institutions.

(more…)

Responding To Customers Asking About Your Company’s Use of SSNs

Wednesday, December 19th, 2007

For the past 10 years I have been driving the same, reliable, non-troublesome car. It still looks good enough (I don’t really worry about driving an “it” kind of car). However, it is getting a bit rattly, and my friends have been increasingly giving me a hard time about continuing to drive it past the 200,000 mile mark. I never really cared much until my starter went out a couple of months ago. I wondered, what if this had happened to me while I was in a neighboring state at a client site? Sure, I have AAA, but it would still be a hassle. So, I decided if I saw a car I really liked and that had all the features I wanted, I would splurge and get a new car.
Well…I just happened to find a car I absolutely loved after seeing and driving it. I was at the dealer paying for it yesterday, and the sales person asked for my Social Security Number (SSN).

(more…)

Supporting Compliance With ITIL

Tuesday, December 18th, 2007

Organizations have faced legal and regulatory requirements for literally decades. However, IT compliance is relatively young.
U.S. healthcare organizations reacted with alarm over the passage of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The U.S. financial organizations soon followed suit with their reaction to the passage of the Gramm Leach Bliley Act (GLBA), also known as the Financial Modernization Act, of 1999. But probably the biggest whammy felt by the largest numbers of organizations was the passage of the Sarbanes Oxley (SOX) Act of 2002.

(more…)

18 IT Compliance, Info Sec & Privacy Links to Fortune’s 101 Dumbest Business Moments in 2007

Monday, December 17th, 2007

Tis the season for lists upon lists upon lists. However, Fortune’s “101 Dumbest Moments in Business” for 2007 caught my eye for being rather unique-sounding. There were *MANY* dumb information security and privacy business moments in 2007; I wondered, did Fortune recognize any of them?
I took the time to flip through them quickly…ah, yes! Quite a fun exercise! And here at least 18 IT compliance, info sec and/or privacy links to the Fortune 101 list:

(more…)

18 IT Compliance, Info Sec & Privacy Links to Fortune’s 101 Dumbest Business Moments in 2007

Monday, December 17th, 2007

Tis the season for lists upon lists upon lists. However, Fortune’s “101 Dumbest Moments in Business” for 2007 caught my eye for being rather unique-sounding. There were *MANY* dumb information security and privacy business moments in 2007; I wondered, did Fortune recognize any of them?
I took the time to flip through them quickly…ah, yes! Quite a fun exercise! And here at least 18 IT compliance, info sec and/or privacy links to the Fortune 101 list:

(more…)

2 Years Following Major Privacy Breach, Bahamas Puts Up Data Protection Web Site

Sunday, December 16th, 2007

A couple of years ago I finally took my family on a vacation to the Bahamas after not going on any type of vacation for several years. Five months later I learned…from my friends and not from the hotel…that a major breach occurred at the hotel; the credit card files for tens of thousands of their customers had been compromised.
I never did get a notification of the breach from the hotel. However, I did confirm through the Bahamas government, and subsequent widely published reports, that the breach did indeed occur.

(more…)

“Awards” Given For E-Commerce Site Privacy Policies…The Best And The Worst

Friday, December 14th, 2007

I ran across some interesting e-commerce site “awards” recently published by CyberStreetSmart.org. They identified the recipients of their “screen door” (the award retailers DON’T want) and “steel door” (retailers want this) awards based upon the privacy protections the sites had in place for customer personally identifiable information (PII).

(more…)

New Report Provides Great Information Security Information To Give To CEOs

Thursday, December 13th, 2007

Yesterday the British North American Committee (BNAC) and the Atlantic Council of the United States (a U.S. sponsor of the Committee) announced the release of a new study, “Cyber Attack: A Risk Management Primer for CEOs and Directors.”
It is important for business leaders to understand information security and privacy risks better. It is important for information security and privacy professionals to put forth effort to raise CEO understanding of information security and privacy issues. Understanding and acting upon the risks are important for the health of the business, and CEOs must understand HOW information security and privacy relate to business.

(more…)

Domain Name Issues And Related Business Risks

Wednesday, December 12th, 2007

I have learned a lot about domain name maintenance and management issues over the past week! As a follow-up to my blog post yesterday, I have since discovered that as a result of a divestiture *two* registrars claim control of my domain (that I created and have owned and used since 2002); one in Australia has primary control, and the one I have always communicated with in Washington state has secondary control…I never knew this before.

(more…)

Domain Name Maintenance and Customer Service Lessons

Tuesday, December 11th, 2007

Over the past several days I feel as though I’ve been part of a Lemony Snicket book.
I’ve had domain registration problems for rebeccaherold.com that are still in the process of being resolved (<<those of you who sent emails to my rebeccaherold@rebeccaherold.com address, it may be another day or two before it works, but yes, I’m still here!)…my notebook computer mouse key went haywire…and today I lost my Internet connection (a wireless tower and wireless dish antennas don’t work well under a 2″ layer of ice and another few inches of snow on top of that) and I’m using my 24k dial-up. Hopefully the electricity is not next to go…

(more…)