Posts Tagged ‘regulatory compliance’

FISA Change Gives Telecoms Immunity; Headaches Ahead For Businesses?

Thursday, July 10th, 2008

In case you didn’t hear about it yet, President Bush just signed into law changes to the U.S. Foreign Intelligence Surveillance Act (FISA) that, among other things, grants immunity to telecom companies that cooperate with the secret warrantless wiretap program.

(more…)

Laws & Regulations Require Security & Privacy Training & Awareness

Wednesday, July 9th, 2008

I’m in the final weeks of creating some privacy breach training courses that will not only help personnel to prevent privacy breaches, but also help support compliance with the FACTA Red Flags rule, the at least 45 U.S. privacy breach notice laws, plus many other laws and regulations.
Over the past decade+ there have been a large number of laws, regulations and industry standards that have specifically stated the need for organizations to provide information security and privacy training and awareness to their personnel.

(more…)

Information Security and Privacy Education Lesson Fines And Court Penalty Judgments

Tuesday, July 8th, 2008

My July issue of “IT Compliance in Realtime” has been published!
This month I continue to focus on the importance of information security and privacy training and awareness to not only improve security and privacy preservation, but also to meet a very wide range of compliance requirements. The first article in this month’s Journal is, “Information Security and Privacy Education Support Compliance.” Download the PDF of the full Journal issue for the formatted, best-looking version.
Here are the first couple of sections from that article…

(more…)

E-Discovery Decision Demonstrates Need For Effective Retention Practices: A Great Case Study For E-Discovery Training

Monday, January 7th, 2008

I’m still catching up on December news…and I ran across a significant e-discovery ruling. The U.S. District Court for the Central District of California ruled December 13, 2007, that Justin Bunnell/www.TorrentSpy.com was guilty of “willful spoliation of evidence” violating the E-Discovery Rule in the suit Columbia Pictures, Inc. brought against them for copyright infringement.
Reading through the court records, it is really amazing how blatantly the defendent violated what seemed to be almost every e-discovery rule possible in this situation. They…

(more…)

Compliance and Information Security: Common Sense Confirmed

Thursday, July 26th, 2007

So many times I’ve heard business leaders complain that the data protection requirements within the multiple laws and regulations only hurt business; that they are not necessary and have no true impact on really protecting data…they are just bureaucratic hoops forced upon businesses to placate the politicians’ constituents by lawmakers who know nothing about the nuts and bolts of implementing information security…and that the cost of compliance is only hurts the business’ bottom line.
Hmm…

(more…)

RAM Is Subject To E-Discovery Under Recent Ruling: Talk With Your Legal Counsel About The IT Issues

Friday, June 29th, 2007

Late last year I blogged about the new E-Discovery Rule that took effect on December 1, 2006.
I wrote “The Business Leader Data Retention and E-Discovery Primer” discussing the issues, and I also wrote an article discussing the e-discovery issues for which IT must be involved, “E-Discovery Quagmires.”

(more…)

I Don’t Want Spam, Even If it Is “Certified” To be From a Legitimate Business

Thursday, June 14th, 2007

There are some vendors offering “certifications” to businesses to help get their marketing email past spam filters as well as to help prevent successful phishing exploits.

(more…)

Does Using “Certified” Software Products Improve Compliance?

Thursday, May 17th, 2007

It seems the term “certified” is being used more and more…for professionals, hardware, software, you name it.
You see software vendors touting that their products have been certified and that they will help companies meet “compliance,” but I have found very little research into what this really means, or if it means anything at all.

(more…)

Reducing Attack Exposure for Internet-Facing Applications

Thursday, May 3rd, 2007

Yesterday the Channel 12 news in Jackson, Mississippi reported a Kennesaw, Georgia business had its Internet-facing computer system hacked. That business’s application is “now generating thousands of counterfeit messages to businesses and consumers, purporting to be a complaint filed with the BBB.”

(more…)

New Study: More Confirmation That Spam Costs Businesses Significant $$

Wednesday, May 2nd, 2007

On April 2 Nucleus Research, Inc. released a study, “Spam: The Repeat Offender” which reports that, according to a survey of 849 email users, 90% of all email going into company networks is spam, and 66% of spam gets through corporate filters.

(more…)