Posts Tagged ‘security training’
Monday, December 22nd, 2014
Too many businesses have poor information security controls in place (e.g,. demonstrably Sony, Staples, and a seemingly infinite number of other companies) and are basically giving their intellectual property, and the personal information they are responsible for, away.
A recent Sailpoint survey reveals that: (more…)
Tags:breach, cybersecurity, Dropbox, Google Docs, hack, hacker, HIPAA, HITECH, Information Security, privacy, privacy awareness, privacy training, Rebecca Herold, security awareness, security incident, security training
Posted in Cybersecurity, Information Security | No Comments »
Friday, June 3rd, 2011
A couple of days ago I published my monthly Privacy Professor Tips message, “Summer Break-in.” I provide these tips free to anyone who wants to sign up for it on my web site and fills out one of the boxes that says, (more…)
Tags:awareness, breach, compliance, GLBA, herold, HIPAA, HITECH, incident, Information Security, privacy, privacy professor, privacy training, Rebecca Herold, risk, risk management, security training, training
Posted in Information Security, Laws & Regulations, privacy, Privacy and Compliance, Training & awareness | No Comments »
Monday, December 20th, 2010
Looking ahead to what will happen in the coming year is always an interesting exercise. Just like within a great novel, foreshadowing occurs every day in our lives to drop the hints of things that are likely to come. The trick is to separate out the valuable hints from the extraneous breadcrumbs that are dropped by dozens of other inconsequential sources that mislead us and cause us to fail in our predictions. We shall see at the end of the year how close I am with the following predictions… (more…)
Tags:compliance, GLBA, HIPAA, HITECH, Information Security, meaningful use, PIA, privacy, privacy impact assessment, privacy training, risk assessments, security training, smar meter, Smart Grid
Posted in GLBA, Information Security, Laws & Regulations, privacy, Privacy and Compliance, Social Media, Training & awareness | 2 Comments »
Sunday, October 3rd, 2010
As demonstrated over and over again over the past several years, mobile computing devices and storage media present a huge risk to business and personal information. Because of the portability of these devices, organizations are basically entrusting the security of the information stored upon them into the hands of the people using them. It is vital that an effective mobile computing device and storage media security and privacy management program is in place.
A mobile computing device and storage media security and privacy management program should be able to answer the questions: (more…)
Tags:awareness and training, compliance, Information Security, mobile computing, mobile security, privacy, Rebecca Herold, security, security training, wireless
Posted in Information Security, Laws & Regulations, Miscellaneous, mobile computing, Privacy and Compliance, Training & awareness | 2 Comments »
Saturday, November 28th, 2009
Sorry to be so tardy in getting a blog post out. As many of you know I’ve been working with the NIST Smart Grid Privacy Subgroup since late June. The work done for this group is through time volunteered by all involved.
As a quick recap, I led the privacy impact assessment (PIA) for the consumer-to-utility portion of the planned smart grid during the late June to late August/early September time frame. On Friday, 11/20, I provided an update on our NIST groups activities during the Gridwise Alliance phone conference; perhaps some of you were on that call?
Here are some links showing information about our NIST Smart Grid privacy group’s work:
(more…)
Tags:awareness and training, Information Security, IT compliance, IT training, NIST, personally identifiable information, PIA, PII, policies and procedures, privacy impact assessment, privacy law, privacy training, security training, Smart Grid, Smart Meter, SmartGrid
Posted in Information Security, Laws & Regulations, Privacy and Compliance | 1 Comment »
Monday, November 9th, 2009
I’ve had about half a dozen folks ask me how things are going with the work I’m doing with the NIST Smart Grid privacy group, and if I could provide an update since my last couple of posts on the topic here and here.
The time is going by much too quickly, and I am getting a bit nervous as we get closer to when we need to have the next draft of the NISTIR ready, tentatively set for December 31; there is so much more to do in this VOLUNTEER group effort…
(more…)
Tags:awareness and training, Information Security, IT compliance, IT training, NIST, personally identifiable information, PIA, PII, policies and procedures, privacy impact assessment, privacy law, privacy training, security training, Smart Grid, Smart Meter, SmartGrid
Posted in Privacy and Compliance | 3 Comments »
Thursday, November 5th, 2009
Over the years there have been many…too many…instances where doctors have performed the wrong types of surgeries on patients, and even the wrong surgeries on completely wrong patients…
(more…)
Tags:awareness and training, HIPAA, HITECH, Information Security, IT compliance, IT training, patient privacy, personally identifiable information, PIA, PII, policies and procedures, privacy impact assessment, privacy law, privacy training, Rhode Island Hospital, security training
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »
Thursday, October 29th, 2009
Tags:awareness and training, HIPAA, HITECH, Information Security, IT compliance, IT training, patient privacy, personally identifiable information, PIA, PII, policies and procedures, privacy impact assessment, privacy law, privacy training, security training
Posted in Laws & Regulations, Privacy and Compliance | 2 Comments »
Wednesday, October 21st, 2009
I was recently asked several questions about my work with the NIST Smart Grid privacy group and associated issues. Here are a couple of those questions, and my answers to them…
(more…)
Tags:awareness and training, Information Security, IT compliance, IT training, NIST, NISTIR 7628, personally identifiable information, PIA, PII, policies and procedures, privacy impact assessment, privacy law, privacy training, security training, Smart Grid
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »
Wednesday, October 14th, 2009
I’ve been feeling bad about not posting to my blog as often as I have historically…
(more…)
Tags:awareness and training, HIPAA, HITECH, Information Security, IT compliance, IT training, policies and procedures, privacy policies, privacy training, security policies, security training
Posted in Information Security, Privacy and Compliance | No Comments »
