Incidents continue to accumulate and hit the daily headlines. Many of them involve the loss of sensitive information through some type of messaging activity. The losses can have devastating impacts to business.
The messaging-related incidents are sometimes technology-based, such as social-engineering tactics through instant messaging (IM) communications, sometimes they pre-meditated malicious activities, and sometimes they are just plain ol’ “OOPS!! What the heck did I just do!!!!???” types of situations.
Posts Tagged ‘policies and procedures’
Preventing Data Leakage Through Email and Instant Messaging
Tuesday, March 13th, 2007“Protecting Personal Information: A Guide for Business”: Free from the FTC
Thursday, March 8th, 2007Today the U.S. Federal Trade Commission (FTC) released a 24-page guide, “Protecting Personal Information: A Guide for Business”
Within the guide the FTC advises businesses to protect personally identifiable information (PII) through the following actions:
How Access Management Compliance Supports Good Business
Thursday, March 8th, 2007Many business leaders I speak with now have great concern for data protection law and regulation compliance, which is certainly prudent. However, often when digging into the details of their compliance plans and activities, I find most of the effort and budget is going towards initiatives for firewall and perimeter protection, with increasing implementations for encryption.
New Benchmark Research Report Released Today from IT Policy Compliance (ITPC): “Taking Action to Protect Sensitive Data”
Wednesday, March 7th, 2007Today IT Policy Compliance released a new benchmark research report, “Taking Action to Protect Sensitive Data.”
I had the great oppportunity to not only have a sneak peak at the report, but also to speak yesterday about the report with Jim Hurley, the Managing Director for IT Policy Compliance who authored the report, and Heriot Prentice, Director of Technology at The Institute of Internal Auditors (IIA) which is one of the sponsors for the IT Policy Compliance site.
How Good are the Security Practices for “America’s Most Admired Companies 2007”?
Tuesday, March 6th, 2007Yesterday CNN reported the results of the FORTUNE 2007 survey of business people for the companies, in any industry, they admired most.
The rankings were based upon 8 key score areas:
FTC’s COPPA Report Recommends Larger Penalties and More Education
Monday, March 5th, 2007The February 2007 FTC Report to Congress, “Implementing the Children’s Online Privacy Protection Act” (COPPA) provides a good look into the compliance actions and failures of numerous organizations to appropriately comply with this law designed to protect the privacy of children under 13 years of age.
FTC’s COPPA Report Recommends Larger Penalties and More Education
Monday, March 5th, 2007The February 2007 FTC Report to Congress, “Implementing the Children’s Online Privacy Protection Act” (COPPA) provides a good look into the compliance actions and failures of numerous organizations to appropriately comply with this law designed to protect the privacy of children under 13 years of age.
Maine Seed Company Website Hacked: Demonstrates SMB Vulnerability & Questions Hacker Safe Seals
Saturday, March 3rd, 2007This is the time of the year that thoughts turn to gardening as seed catalogs start filling the mailboxes. I enjoy having fresh-grown vegetables from my garden; nothing is better than a deep red, ripe, juicy Big Boy Beefsteak tomato right off the vine. These seed companies are overwhelmingly small to medium-sized businesses (SMBs). Many have gone online in the past few years, bucking the century-long tradition of depending primarily upon postal mail for their sales.
Vermont State Privacy Breach Follow-up: Penetration Testing Reveals No Additional Vulnerabilities
Friday, March 2nd, 2007After the January Vermont State privacy breach through a remote attack that compromised Social Security numbers and bank account numbers for nearly 70,000 people, Governor Jim Douglas ordered a security review of the computer systems.
Addressing Web-Based Access and Authentication Challenges
Friday, March 2nd, 2007Many incidents occur through access control and authentication vulnerabilities. Just consider the recently reported Fruit of a Loom incident that allowed easy access to 1,006 names and Social Security numbers of former employees. It is likely poorly constructed and inadequately tested applications controls resulted in this breach, not unlike so many other breaches that have occurred.
