A couple of years ago I finally took my family on a vacation to the Bahamas after not going on any type of vacation for several years. Five months later I learned…from my friends and not from the hotel…that a major breach occurred at the hotel; the credit card files for tens of thousands of their customers had been compromised.
I never did get a notification of the breach from the hotel. However, I did confirm through the Bahamas government, and subsequent widely published reports, that the breach did indeed occur.
Posts Tagged ‘privacy’
2 Years Following Major Privacy Breach, Bahamas Puts Up Data Protection Web Site
Sunday, December 16th, 2007“Awards” Given For E-Commerce Site Privacy Policies…The Best And The Worst
Friday, December 14th, 2007I ran across some interesting e-commerce site “awards” recently published by CyberStreetSmart.org. They identified the recipients of their “screen door” (the award retailers DON’T want) and “steel door” (retailers want this) awards based upon the privacy protections the sites had in place for customer personally identifiable information (PII).
New Report Provides Great Information Security Information To Give To CEOs
Thursday, December 13th, 2007Yesterday the British North American Committee (BNAC) and the Atlantic Council of the United States (a U.S. sponsor of the Committee) announced the release of a new study, “Cyber Attack: A Risk Management Primer for CEOs and Directors.”
It is important for business leaders to understand information security and privacy risks better. It is important for information security and privacy professionals to put forth effort to raise CEO understanding of information security and privacy issues. Understanding and acting upon the risks are important for the health of the business, and CEOs must understand HOW information security and privacy relate to business.
There Are MANY Software Licensing and Awareness Tools Available For All Business Sizes and Budgets
Saturday, December 1st, 2007Earlier this week I posted about one of the Business Software Alliance (BSA) initiatives for enforcing software licensing compliance, “Another Approach To Licensing Compliance.”
There are *MANY* software licensing tools and awareness communications that businesses of all sizes, and with all ranges of budgets, can use to effectively track and manage their software licenses, and make their personnel aware of the issues involved with software licensing.
DHS IT Security EBK: Don’t Complain After They Are Published…Comment On Them While You Can!
Friday, November 30th, 2007The Department of Homeland Security (DHS) recently released the draft “IT Security Essential Body of Knowledge (EBK)” for public comment and feedback.
This 45-page document outlines the skill sets the groups working with the DHS have determined as being necessary for different information security topics. Many information security folks asked why another information security EBK was necessary when there was already the CISSP Common Body of Knowledge (CBK).
Do Employers Need GPS And Logs When They Have YouTube and Facebook To Monitor Employees?
Thursday, November 29th, 2007I don’t know why I continue to be surprised at the stupid things some people do, but apparently some people will never realize how much of themselves they are giving away when they post their pictures and other personal information on the Internet. My friend Alec (thanks again, Alec!) pointed me to a perfect example of what a growing number of people are doing…apparently thinking their employers are not savvy enough to be able to use the Internet.
Email is for “Old People”: Do Lack of Laws Make IM and Texting Ripe for Exploiting Children & Teens?
Wednesday, November 28th, 2007My 13-year-old-niece wrote an article for me about social engineering, and I got a chuckle out of her writing, “Maybe I’m old-fashioned, but I only use email. I don’t have my own FaceBook site.”
Can you imagine email being old-fashioned?! Gosh, my hand-written letters must be prehistoric!
6 “Scary Stuff” Privacy Terms IT, Info Sec and Privacy Folks Should Know
Tuesday, November 27th, 2007Robert Ellis Smith sent me an email yesterday to let me know about his most recent article in Forbes magazine, “Scary Stuff.”
It’s a very interesting read and highlights some terms that, to date, I have not seen in print that much. However, they are some terms that information security, privacy and IT pros needs to acquaint themselves with:
Information Security and Privacy Leaders, Get Your Elevator Speeches Ready For Your CxOs!
Monday, November 26th, 2007My father was the superintendent of the public school district where I grew up in Missouri. He was a very hands-on type of leader; when he was not filling out forms, writing reports, making plans, or in meetings he was out in the hallways seeing what was up with the students and teachers and making sure that all was well. And then the evenings were busy with basketball games, concerts or other school events. Those school employees, parents and students that were able to talk with him during opportune times in the hallway or in the bleachers during time-outs, and get their concerns or points stated succinctly and clearly, made a positive impression with my dad. He appreciated that they communicated their ideas and concerns clearly, and got right to the point.
If you had an opportunity to speak for a few minutes with your CEO, CFO, or other CxO, would you be prepared to communicate succinctly and clearly your concerns and state your points regarding the importance of your information security and privacy initiatives?
Another Approach To Licensing Compliance
Sunday, November 25th, 2007My blog posting from earlier talked about how the MPAA is trying to combat movie piracy.
I just visited the LinkedIn site and was intrigued to find an ad from the Business Software Alliance (BSA) offering up to $1,000,000…yes, US $1 million …for reporting illegal software and copyright infringements by organizations, by a distributor, or over the Internet.
