No matter how much technology you throw at trying to prevent security incidents, the weakest link in the organization, your personnel (who could be your strongest link with effective training and ongoing awareness) can defeat that security technology.
On purpose, because of lack of knowledge, or by making a plain ol’ mistake.
And EVERYONE makes mistakes. Fewer if they are more diligently aware though.
Posts Tagged ‘privacy training’
Commerce Department Issues New Rule For Encryption Exports
Tuesday, October 14th, 2008Remember all the talk in the 1990’s that surrounded the legalities, and largely restrictions, surrounding how encryption could be used for data sent outside the U.S.? Or how encryption tools and algorithms could be exported? It’s been a significantly more silent issue during this new century.
Identity Theft Enforcement and Restitution Act of 2008
Sunday, October 12th, 2008I just read about a new law signed at the end of September, 2008, by U.S. President Bush, H.R. 5983; the “Identity Theft Enforcement and Restitution Act of 2008” which is under Title II.
Info Security & Privacy Convergence in Michigan!
Friday, October 10th, 2008I just realized that I have not yet posted about providing our “Information Security and Privacy Convergence and Collaboration” 2-day training class that I’ll be co-teaching with Chris Grillo in Grand Rapids, MI on Wednesday, November 12, 2008 AND Thursday, November 13, 2008 See more about it here.
More Need Than Ever For Information Security In A Bad Economy!
Thursday, October 9th, 2008There is no doubt that this economy is impacting all companies and most individuals. I’ve read about and heard from many organizations that, as a result, their information security and privacy budgets are being drastically reduced, or even cut completely, in an attempt to save money during these uncertain times.
Throwing out the baby with the bath water in this way is a very bad idea!
Palin Email Hacker Indicted
Wednesday, October 8th, 2008Around September 10 a widely-reported story broke about how Sarah Palin’s Yahoo! email account was broken into.
Contents of some of her email messages were then widely posted to various Internet websites.
HIPAA Compliance During Emergencies and Disasters
Tuesday, October 7th, 2008Yesterday the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) posted a new HIPAA frequently asked question (FAQ) to their site; a great question that many organizations do not even consider until after the fact…
Information Security and Privacy Convergence and Collaboration
Monday, October 6th, 2008Effectively addressing and coordinating privacy and information security initiatives has moved to the top of the list for companies maintaining customer and employee information. However, there are often gaps in communication and collaboration between Privacy and Information Security activities.
These gaps create more complexity and bigger challenges for companies to handle, as well as putting the organization at greater risk for incidents, along with contractual and regulatory noncompliance.
Do Your Legal Contracts Conflict with Your Web Site Privacy Policy?
Friday, October 3rd, 2008Over the years I’ve found while doing website privacy policy reviews and gap analyses that a large portion of organizations make promises within their posted web site privacy policies that they do not support by internal procedures, and that they do not provide internal personnel training and awareness communications for; a huge risk!
I’ve also found that many organizations have online contracts for their web site customers that are in conflict with their posted privacy policies.
Are the Terms of Your Legal Contracts Enforceable?
Wednesday, October 1st, 2008Most web sites have some type of legal contract that is presented to site visitors for any number of reasons. Do your web site visitors actually read them? It probably depends upon how the contracts are presented to the web site visitors, and how the wording is constructed.
Are the contracts written clearly? Or, could they be interpreted in multiple ways? Or trick people into thinking they are agreeing to something other than what the legalese is trying to obligate them to agree to?
