Posts Tagged ‘privacy’
Sunday, November 25th, 2007
Many times software designed to enforce legal compliance, or find network users who are breaking laws, bring along with them greater risks to information security and privacy.
(more…)
Tags:awareness and training, Information Security, IT compliance, MPAA, policies and procedures, privacy, privacy breach, privacy incident, risk management, security risk, security training, University Toolkit
Posted in Laws & Regulations, Privacy and Compliance | No Comments »
Saturday, November 24th, 2007
I hope those of you who celebrated Thanksgiving had a great one! I spent a very nice day with my family at my brother’s house. After getting back home we decided to watch some Christmas movies, so we spent the evening watching one of my very favorites, “A Christmas Story” and then “Home Alone.”
(more…)
Tags:awareness and training, Information Security, IT compliance, policies and procedures, privacy, privacy breach, privacy incident, risk management, security risk, security training, social engineering
Posted in Training & awareness | No Comments »
Friday, November 23rd, 2007
My central Iowa Infragard president, Tom Conley sent all our members a note on Wednesday with a link to a site that contains 9 variables to help demonstrate the range of financial impact to organizations that experience an incident involving personally identifiable information (PII).
(more…)
Tags:awareness and training, Information Security, IT compliance, policies and procedures, privacy, privacy breach, privacy incident, privacy management toolkit, risk management, security risk, security training
Posted in Privacy and Compliance | No Comments »
Wednesday, November 21st, 2007
As a continuation of my blog posting from Monday, here are 7 additional reasons to add to the previous 4 for why sending cleartext instant messages (IMs) and email is not secure:
(more…)
Tags:awareness and training, e-discovery, email security, encryption, Health Insurance Portability and Accountability Act, HIPAA, IM security, Information Security, instant messaging, IT compliance, patient privacy, phishing, policies and procedures, privacy, risk management, security risk, security training, spoofing
Posted in Information Security, Privacy and Compliance | No Comments »
Monday, November 19th, 2007
I got some interesting comments and questions, and lots of good direct feedback, about my blog post on sending cleartext patient information last week, “HIPAA: Beware Doctors Who Claim They Don’t Have To Follow Safeguard and Privacy Requirements” so I wanted to take this opportunity to discuss the topic a little more.
(more…)
Tags:awareness and training, email security, encryption, Health Insurance Portability and Accountability Act, HIPAA, IM security, Information Security, instant messaging, IT compliance, patient privacy, policies and procedures, privacy, risk management, security risk, security training
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »
Monday, November 19th, 2007
I got some interesting comments and questions, and lots of good direct feedback, about my blog post on sending cleartext patient information last week, “HIPAA: Beware Doctors Who Claim They Don’t Have To Follow Safeguard and Privacy Requirements” so I wanted to take this opportunity to discuss the topic a little more.
(more…)
Tags:awareness and training, email security, encryption, Health Insurance Portability and Accountability Act, HIPAA, IM security, Information Security, instant messaging, IT compliance, patient privacy, policies and procedures, privacy, risk management, security risk, security training
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »
Sunday, November 18th, 2007
Early this year I did a data flow analysis for I-9 compliance, and I blogged a few months ago about I-9 related issues in “New Tennessee Law Prohibits Using Federal Individual Taxpayer ID as Proof of Immigration Status.”
I-9 compliance issues impact many areas of an organization. However, within most organizations many areas, such as IT and information security, are not aware of the I-9 compliance issues and unknowingly put the company at noncompliance jeopardy. Compliance with any law or regulation that involves personally identifiable information (PII) usually require the involvement of legal, IT and information security areas.
(more…)
Tags:awareness and training, DHS, employment issues, I-9 forms, Illegal Immigration Reform and Immigrant Responsibility Act of 1996, Information Security, IT compliance, policies and procedures, privacy, risk management, security risk, security training, social security numbers, SSN, U.S. Citizenship and Immigration Services
Posted in Laws & Regulations | 3 Comments »
Sunday, November 18th, 2007
Early this year I did a data flow analysis for I-9 compliance, and I blogged a few months ago about I-9 related issues in “New Tennessee Law Prohibits Using Federal Individual Taxpayer ID as Proof of Immigration Status.”
I-9 compliance issues impact many areas of an organization. However, within most organizations many areas, such as IT and information security, are not aware of the I-9 compliance issues and unknowingly put the company at noncompliance jeopardy. Compliance with any law or regulation that involves personally identifiable information (PII) usually require the involvement of legal, IT and information security areas.
(more…)
Tags:awareness and training, DHS, employment issues, I-9 forms, Illegal Immigration Reform and Immigrant Responsibility Act of 1996, Information Security, IT compliance, policies and procedures, privacy, risk management, security risk, security training, social security numbers, SSN, U.S. Citizenship and Immigration Services
Posted in Laws & Regulations | 1 Comment »
Friday, November 16th, 2007
As I was reading this week’s issue of Time magazine I found a backup lesson given by Francis Ford Coppola!
(more…)
Tags:awareness and training, backup, disaster recovery, Francis Ford Coppola, Information Security, IT compliance, policies and procedures, privacy, risk management, security risk, security training
Posted in Information Security | No Comments »
Thursday, November 15th, 2007
Tags:awareness and training, encryption, Health Insurance Portability and Accountability Act, HIPAA, Information Security, IT compliance, patient privacy, policies and procedures, privacy, risk management, security risk, security training
Posted in Information Security, Privacy and Compliance | 6 Comments »