I just learned about a new survey that’s going on, “The State of Information Security Survey 2008.”
Bankinfosecurity is using it to try to get the best picture of how financial institutions are doing when it comes to information security at their institutions.
Posts Tagged ‘policies and procedures’
Information Security Survey for Financials
Thursday, December 20th, 2007Supporting Compliance With ITIL
Tuesday, December 18th, 2007Organizations have faced legal and regulatory requirements for literally decades. However, IT compliance is relatively young.
U.S. healthcare organizations reacted with alarm over the passage of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The U.S. financial organizations soon followed suit with their reaction to the passage of the Gramm Leach Bliley Act (GLBA), also known as the Financial Modernization Act, of 1999. But probably the biggest whammy felt by the largest numbers of organizations was the passage of the Sarbanes Oxley (SOX) Act of 2002.
18 IT Compliance, Info Sec & Privacy Links to Fortune’s 101 Dumbest Business Moments in 2007
Monday, December 17th, 2007Tis the season for lists upon lists upon lists. However, Fortune’s “101 Dumbest Moments in Business” for 2007 caught my eye for being rather unique-sounding. There were *MANY* dumb information security and privacy business moments in 2007; I wondered, did Fortune recognize any of them?
I took the time to flip through them quickly…ah, yes! Quite a fun exercise! And here at least 18 IT compliance, info sec and/or privacy links to the Fortune 101 list:
18 IT Compliance, Info Sec & Privacy Links to Fortune’s 101 Dumbest Business Moments in 2007
Monday, December 17th, 2007Tis the season for lists upon lists upon lists. However, Fortune’s “101 Dumbest Moments in Business” for 2007 caught my eye for being rather unique-sounding. There were *MANY* dumb information security and privacy business moments in 2007; I wondered, did Fortune recognize any of them?
I took the time to flip through them quickly…ah, yes! Quite a fun exercise! And here at least 18 IT compliance, info sec and/or privacy links to the Fortune 101 list:
2 Years Following Major Privacy Breach, Bahamas Puts Up Data Protection Web Site
Sunday, December 16th, 2007A couple of years ago I finally took my family on a vacation to the Bahamas after not going on any type of vacation for several years. Five months later I learned…from my friends and not from the hotel…that a major breach occurred at the hotel; the credit card files for tens of thousands of their customers had been compromised.
I never did get a notification of the breach from the hotel. However, I did confirm through the Bahamas government, and subsequent widely published reports, that the breach did indeed occur.
“Awards” Given For E-Commerce Site Privacy Policies…The Best And The Worst
Friday, December 14th, 2007I ran across some interesting e-commerce site “awards” recently published by CyberStreetSmart.org. They identified the recipients of their “screen door” (the award retailers DON’T want) and “steel door” (retailers want this) awards based upon the privacy protections the sites had in place for customer personally identifiable information (PII).
New Report Provides Great Information Security Information To Give To CEOs
Thursday, December 13th, 2007Yesterday the British North American Committee (BNAC) and the Atlantic Council of the United States (a U.S. sponsor of the Committee) announced the release of a new study, “Cyber Attack: A Risk Management Primer for CEOs and Directors.”
It is important for business leaders to understand information security and privacy risks better. It is important for information security and privacy professionals to put forth effort to raise CEO understanding of information security and privacy issues. Understanding and acting upon the risks are important for the health of the business, and CEOs must understand HOW information security and privacy relate to business.
Domain Name Issues And Related Business Risks
Wednesday, December 12th, 2007I have learned a lot about domain name maintenance and management issues over the past week! As a follow-up to my blog post yesterday, I have since discovered that as a result of a divestiture *two* registrars claim control of my domain (that I created and have owned and used since 2002); one in Australia has primary control, and the one I have always communicated with in Washington state has secondary control…I never knew this before.
Domain Name Maintenance and Customer Service Lessons
Tuesday, December 11th, 2007Over the past several days I feel as though I’ve been part of a Lemony Snicket book.
I’ve had domain registration problems for rebeccaherold.com that are still in the process of being resolved (<<those of you who sent emails to my rebeccaherold@rebeccaherold.com address, it may be another day or two before it works, but yes, I’m still here!)…my notebook computer mouse key went haywire…and today I lost my Internet connection (a wireless tower and wireless dish antennas don’t work well under a 2″ layer of ice and another few inches of snow on top of that) and I’m using my 24k dial-up. Hopefully the electricity is not next to go…