Posts Tagged ‘security training’

And The Award For Best Email Security Awareness Film of 2007 Goes To…

Friday, December 7th, 2007

I’ve been seeing a ton of articles and blog postings for the “Best Security <Whatever> of 2007,” “Worst Security Exploits of 2007,” “Security Projections for 2008” and so on in the past few weeks.
Well, I’ve got my own “Best of” award to give for 2007!
None of the best of or worst of postings or articles that I have seen have covered information security and privacy awareness, even though most information security incidents and privacy breaches occur as a result of humans…human error, lack of knowledge or malicious intent.

(more…)

And The Award For Best Email Security Awareness Film of 2007 Goes To…

Friday, December 7th, 2007

I’ve been seeing a ton of articles and blog postings for the “Best Security <Whatever> of 2007,” “Worst Security Exploits of 2007,” “Security Projections for 2008” and so on in the past few weeks.
Well, I’ve got my own “Best of” award to give for 2007!
None of the best of or worst of postings or articles that I have seen have covered information security and privacy awareness, even though most information security incidents and privacy breaches occur as a result of humans…human error, lack of knowledge or malicious intent.

(more…)

Be Aware: Court Ruling Allows Circumstantial Evidence In Court Case Against Company That Experienced Privacy Breach

Thursday, December 6th, 2007

So many times…actually almost every time…a privacy breach occurs the company that experienced the breach makes a public statement similar to, “We have no evidence that the personal information has been used fraudulently” or “We do not believe the information stolen will be used for identity theft.”
Why do companies so often make this statement? Because their lawyers know that it will be hard, if fraud and crime occurs using the compromised personally identifiable information (PII), to directly tie the breach to such fraud crimes.

(more…)

Be Aware: Court Ruling Allows Circumstantial Evidence In Court Case Against Company That Experienced Privacy Breach

Thursday, December 6th, 2007

So many times…actually almost every time…a privacy breach occurs the company that experienced the breach makes a public statement similar to, “We have no evidence that the personal information has been used fraudulently” or “We do not believe the information stolen will be used for identity theft.”
Why do companies so often make this statement? Because their lawyers know that it will be hard, if fraud and crime occurs using the compromised personally identifiable information (PII), to directly tie the breach to such fraud crimes.

(more…)

California Privacy Breach Law Changes Go Into Effect January 1, 2008: Redefines & Broadens “Personal Information” Definition

Wednesday, December 5th, 2007

California’s privacy breach notification law SB1386 started the ball rolling with regard to what is now at least 40 U.S. states, including the District of Columbia, that have breach notice laws. Most of the subsequent state laws largely based theirs upon SB1386, including how the law defines “personal information.”
Effective January 1, 2008, the definition of “personal information” changes when AB1298 goes into effect in California.

(more…)

Mobile Security: Goals and Frequent Misses

Tuesday, December 4th, 2007

Most organizations got into mobile computing at the hands of the folks in the various business units, and security was an afterthought. However, recent history has shown numerous incidents that have occurred as a result of not properly addressing mobile computing security.

(more…)

Insider Threat, the Value of Computer Logs & the Need for Consistent Policy Enforcement

Monday, December 3rd, 2007

In recent years many organizations have implemented the use of computer logs on their networks to be in compliance with multiple laws. However, here’s a perfect example of the value of computer logs beyond just to be in compliance; using them for one of the things they were meant to do…catch inappropriate activity and provide evidence that a specific person is doing something inappropriate or outright wrong.
A current news story documents how computer logs will likely cost a cop his pension and could point to evidence for his missing wife.

(more…)

New U.S. Cybersecurity Special Assistant Appointed on November 28

Sunday, December 2nd, 2007

On November 28 U.S. President G. W. Bush appointed Marie O’Neill Sciarrone to be Special Assistant to the President for Homeland Security and Senior Director for Cybersecurity and Information Sharing Policy.

(more…)

There Are MANY Software Licensing and Awareness Tools Available For All Business Sizes and Budgets

Saturday, December 1st, 2007

Earlier this week I posted about one of the Business Software Alliance (BSA) initiatives for enforcing software licensing compliance, “Another Approach To Licensing Compliance.”
There are *MANY* software licensing tools and awareness communications that businesses of all sizes, and with all ranges of budgets, can use to effectively track and manage their software licenses, and make their personnel aware of the issues involved with software licensing.

(more…)

DHS IT Security EBK: Don’t Complain After They Are Published…Comment On Them While You Can!

Friday, November 30th, 2007

The Department of Homeland Security (DHS) recently released the draft “IT Security Essential Body of Knowledge (EBK)” for public comment and feedback.
This 45-page document outlines the skill sets the groups working with the DHS have determined as being necessary for different information security topics. Many information security folks asked why another information security EBK was necessary when there was already the CISSP Common Body of Knowledge (CBK).

(more…)