Last week I was at the Computer Security Institute 33rd Annual Computer Security Conference & Exhibition where Chris Grillo and I also gave our post-conference seminar, “Effectively Partnering InfoSec and Privacy For Business Success“. It was interesting to hear the folks attending both the conference and our seminar express their concerns related to information security and privacy. I am always intrigued by the various viewpoints of folks in not only different industries, but also of those who have very little experience in dealing with information security, privacy and compliance versus those with a great amount of experience. It is very noticeable how the viewpoints shift from trying to address primarily only technical issues (overwhelmingly those with little experience) to the viewpoint of incorporating the issues throughout the entire enterprise and into all processes through procedures, awareness and responsibilities (overwhelmingly those with much experience).
Posts Tagged ‘policies and procedures’
Information Assurance: Make a Perspective Adjustment; It’s All About the Business
Monday, November 13th, 2006Computer Stolen from Insurance Provider Has Personal Information About 1,200 Villanova University students and staff members
Tuesday, November 7th, 2006And yes…still another example of a laptop with clear text personally identifiable information (PII) being stolen.
Villanova University confirmed on 11/2 that a laptop with information about 1,200 of their students and staff members, along with other individuals not part of Villanova, was stolen from their auto insurer, Hilb, Rogal & Hobbs in September. Notifications went out to the involved individuals on October 26.
Broadcasting Company Laptop With Employee Personal Information Stolen
Friday, November 3rd, 2006The Boston Herald reported a laptop “holding Social Security numbers of current and former staffers was stolen out of Greater Media’s Philadelphia offices.”
Greater Media is offering credit monitoring to the impacted individuals “if staffers sign up by the end of the year.”
Another U.S. Veterans Affairs Computer Stolen: This One With Personal Information About 1,600 Vets
Friday, November 3rd, 2006Thursday, 11/2, the VA confirmed a computer containing data about 1,600 U.S. military veterans was stolen from their Manhatten hospital.
According to the report, it was stolen from “a locked room in a locked hallway at the VA hospital. The theft occurred Sept. 6, but VA officials sent out a letter to veterans only within the past two weeks. The personal data of about 1,600 people was on the computer’s hard drive. It was the third theft of personal data from a VA facility in less than a year.”
Encryption…Just Do It!
Thursday, November 2nd, 2006I am a big advocate of encryption. It is such a great tool for protecting sensitive and personally identifiable information (PII), particularly for such data that moves…while on mobile devices, storage devices, and while being transmitted through networks. Historically it was a challenge to implement.
In the past few years implementation has been getting much easier, and continues to improve. However, it is still no surprise, but yet a disappointment, that a recent study from Credant Technologies, Inc., yes, an encryption solution vendor, found that out of 426 IT practitioners interviewed throughout the world, 88% know sensitive data and PII is on their personnel’s mobile computers, but the only 20% have deployed encryption for such devices. Note the encryption is deployed; I would bet that the actual amount of PII and sensitive data encrypted on those devices is actually much lower.
Encryption…Just Do It!
Thursday, November 2nd, 2006I am a big advocate of encryption. It is such a great tool for protecting sensitive and personally identifiable information (PII), particularly for such data that moves…while on mobile devices, storage devices, and while being transmitted through networks. Historically it was a challenge to implement.
In the past few years implementation has been getting much easier, and continues to improve. However, it is still no surprise, but yet a disappointment, that a recent study from Credant Technologies, Inc., yes, an encryption solution vendor, found that out of 426 IT practitioners interviewed throughout the world, 88% know sensitive data and PII is on their personnel’s mobile computers, but the only 20% have deployed encryption for such devices. Note the encryption is deployed; I would bet that the actual amount of PII and sensitive data encrypted on those devices is actually much lower.
100 Million Internet Web Sites
Wednesday, November 1st, 2006Today CNN announced the Internet now has 100 million (100,000,000) web sites “with domain names and content on them.” They provided several interesting accompanying statistics.
100 Million Internet Web Sites
Wednesday, November 1st, 2006Today CNN announced the Internet now has 100 million (100,000,000) web sites “with domain names and content on them.” They provided several interesting accompanying statistics.
Consumers Want Identity Theft Protection Through Homeowner Insurance
Tuesday, October 31st, 2006An interesting article was released yesterday in the Insurance Journal, “J.D. Power: Homeowners Want Carriers to Offer Identity Theft.”
It indicates that the 2006 Homeowners Insurance Study, results of feedback from 9,045 homeowners insurance policy holders in the U.S., finds 40% wants their home policy to include identity theft coverage.
