Posts Tagged ‘privacy awareness’

No Those Messages Will Not Completely Self-Delete

Friday, October 30th, 2015

A childhood friend of mine, who does not have a technology or information security background, recently asked me whether or not apps that promise messages, photos, videos, and anything else sent through them will completely disappear were to be trusted. She referenced several different proclaimed “disappearing messages” apps that are currently available and asked, “So what do you think of these disappearing apps?  The messages are not really gone?” She is responsible for the care of an adult relative, and wanted to be able to communicate with his healthcare providers securely, and to not have any of the communications to linger and had been using one of these apps. (more…)

Four Things to Do for National Cyber Security Awareness Month

Friday, October 16th, 2015

Since this is National Cyber Security Awareness Month (NCSAM) it seems appropriate to give some examples and tips for how everyone can improve upon security, and better protect their privacy, this month. (more…)

Improve Information Security and Privacy Now!

Monday, December 22nd, 2014

Too many businesses have poor information security controls in place (e.g,. demonstrably Sony, Staples, and a seemingly infinite number of other companies) and are basically giving their intellectual property, and the personal information they are responsible for, away.

A recent Sailpoint survey reveals that: (more…)

5 Effective Ways to Raise Privacy Awareness

Thursday, December 18th, 2014

Have you made plans for Data Privacy Day (DPD) yet? What, you’ve never heard of DPD?  You can see more about it here. Or, have you heard about DPD, but you’ve not yet had time to plan for it? Well, I love doing information security and privacy awareness activities and events! I’ve been doing them for 2 ½ decades, and have written about them often, and included a listing of 250 awareness activities in my Managing an Information Security and Privacy Awareness and Training Program book.

Here are five of the ways that I’ve found to be very effective for raising privacy awareness throughout the years. (more…)

Privacy Awareness: Moving from “I have nothing to hide” to “Oh dear!”

Wednesday, December 10th, 2014

The day before Thanksgiving here in the U.S. I had the great pleasure of speaking with a couple of consumate information security experts from across the pond in England and Norway, Kai Roer and Mo Amin, on an episode of their Security Culture TV! We chatted about how to get folks to be more aware of privacy risks, and how to change their mindset to a more privacy proactive stance. You can see this episode here.

When you look at recent breaches, it is clear that awareness of information security and privacy risks, and how to mitigate them, is not getting the attention necessary by leaders of organizations. Why else would (more…)

Community Information Security and Privacy Awareness

Monday, April 27th, 2009

Today I read a nice article describing a presentation about information security, “Cyber safety tips shared“…


My Son Caught A “Hacker”!

Thursday, April 23rd, 2009

NOTE: Just realized today is Take Your Child To Work Day so this is timely! 🙂
My sons, 12-years-old and 9-years-old, have been with me a lot while I work in my home office over the years, and they have a strong interest in much that I do. I even ask them to read the articles I write for Protecting Information since I want that publication to be informational to not only personnel, but also all the personnel’s family members.
It amazes me how much my sons soak up that I’m not even aware of…


2 More Things In History That Could Have Improved Infosec & Privacy

Wednesday, April 22nd, 2009

Late last week I blogged about a question I got while at InfoTec in Omaha last week, “2 Things In Computing History That Could Have Improved Information Security and Privacy“…


Breach Notices, Securing PHI & PHR Vendor Responsibilities Under HIPAA/HITECH Act

Tuesday, April 21st, 2009

Last Friday the US Department of Health and Human Services (HHS) released, at the last possible moment to meet their deadline, their interim final regulations to require covered entities (CEs) under the Health Insurance Portability and Accountability Act (HIPAA) and their business associates (BAs) to provide for notification in the case of breaches of unsecured protected health information (PHI) as required by the HITECH Act.
If you’ve read any of the at least 47 U.S. state and territory beach notice laws you will get a strong sense of deja vu while reading this document. They borrowed HEAVILY from the various existing breach notice laws to estblished their proposed definitions of securing PHI, what constitutes a “breach” of PHI, and for doing breach notifications.
There are two major issues…


HIPAA Requirements Changes & Business Associates Impacts From HITECH Act

Monday, April 20th, 2009

Last week I engaged in a very interesting tweetversation with David Mortman about when the U.S. Department of Health and Human Services (HHS) needs to get their guidance documents and rules published for the various HITECH Act requirements…