There have been a lot online posts and talk lately about risk management and the “proper” or “acceptable” way to do risk assessments. It seems that the overwhelming talk, though, is only about the right and wrong way to do a risk assessment whenever considering a risk management program. Certainly, using the best risk assessment method to fit your business environment is very important; one size, and one method, does not fit all! However, there are so many more activities necessary within a risk management program than just occasionally doing a risk assessment. Regulatory agencies are (more…)
Posts Tagged ‘social networking’
Work Area Reviews are Necessary for Effective Risk Management
Monday, December 17th, 2012Tags:audit, awareness, breach, compliance, customers, data protection, e-mail, electronic mail, email, employees, employment, facebook, fake IDs, hiring, HR, human resources, IBM, Information Security, information technology, infosec, IT security, job applicants, laws, messaging, midmarket, non-compliance, patients, personal information, personally identifiable information, personnel, PII, policies, privacy, privacy breach, privacy professor, privacyprof, Rebecca Herold, risk, risk assessment, risk management, security, sensitive personal information, social media, social networking, SPI, systems security, test data, training, twitter, walk through
Posted in Information Security | 2 Comments »
Are You Faking It?
Thursday, November 29th, 2012Are you faking it online? Or faking it at work? While faking it certainly has its benefits in both places, I want to touch upon a couple of concerns I have with using fake identities. (more…)
Tags:awareness, breach, compliance, customers, data protection, e-mail, electronic mail, email, employees, employment, facebook, fake IDs, hiring, HR, human resources, IBM, Information Security, information technology, infosec, IT security, job applicants, laws, messaging, midmarket, non-compliance, patients, personal information, personally identifiable information, personnel, PII, policies, privacy, privacy breach, privacy professor, privacyprof, Rebecca Herold, reputation, risk, security, sensitive personal information, social media, social networking, SPI, systems security, test data, training, twitter
Posted in Social Media | 2 Comments »
Potty Pics Poo-Poo Privacy
Tuesday, February 12th, 2008This is a sad example of how others take it upon themselves to invade the privacy of others and don’t understand that they’re doing anything wrong…
Tags:awareness and training, Information Security, IT compliance, Paula Abdul, personal privacy, policies and procedures, privacy, privacy policy, risk management, security awareness, security training, social networking
Posted in Privacy and Compliance, Privacy Incidents | No Comments »
13 Minnesota Students Disciplined For Facebook Photos
Friday, January 11th, 2008I’ve blogged several times, such as here, here and here, about how information posted to the Internet, such as on Facebook and other social networking sites, cannot be considered as being private or secure, have been used to make hiring and firing decisions, and how it has impacted lives in other ways.
Well, now information posted to social networking sites are being used by schools.
Tags:awareness and training, Eden Prairie, facebook, Information Security, IT compliance, personal privacy, personally identifiable information, PII, policies and procedures, privacy, protecting information, risk management, security awareness, security training, social networking
Posted in Privacy and Compliance | No Comments »
5 Things To Do Next Week To Improve Information Security & Privacy
Friday, November 9th, 2007It seems like my to-do list never gets shorter each day; only longer. This was even more true when I was responsible for the information security and privacy program within a large multi-national financial and insurance organization. It seemed the squeakiest wheel to-do items often got done, while other to-do’s that were very important, and often not that time-consuming, got put by the way-side, always put off until another week.
Tags:awareness and training, business networking, facebook, Information Security, IT compliance, LinkedIn, MySpace, personally identifiable information, PII, policies and procedures, privacy, privacy training, protecting information, risk management, security training, social networking
Posted in Information Security, Privacy and Compliance, Training & awareness | No Comments »
More Organizations Are Blocking Social Networking Sites To Address Information Security and Privacy Concerns
Thursday, November 8th, 2007Over the past few months I’ve been keeping a fairly close eye on the evolution of social networks and the security and privacy impacts they have not only on the individuals participating, but also on the businesses that allow their personnel to use the sites from the company’s network. Or, what is more often the case, the large amount of employees using the sites from the company network during work hours unbeknownst to their bosses.
Tags:awareness and training, Barracuda Networks, facebook, Information Security, IT compliance, MySpace, policies and procedures, privacy, privacy training, risk management, security training, social networking
Posted in Information Security, Privacy and Compliance | No Comments »
Emotions Are Mixed for Using Social Networking Sites At Work
Tuesday, August 28th, 2007Well, if you look at the results of my very unscientific poll from last week, it appears there is a very wide range of opinions about the use of social networking sites at work.
Tags:awareness and training, facebook, Information Security, IT compliance, MySpace, personally identifiable information, PII, policies and procedures, privacy, risk management, social networking, YouTube
Posted in Information Security, Privacy and Compliance | 2 Comments »
Very Wide Range of Opinions For the Social Networking Poll
Friday, August 24th, 2007I’m surprised by how different the opinions are for this week’s poll about using social networking sites at work!
If you haven’t clicked a poll button for it yet (see right side of screen and scroll down a little), please do so. It will be interesting to see if the opinions stay so widely scattered by the end of Sunday.
Tags:awareness and training, facebook, Information Security, IT compliance, MySpace, policies and procedures, privacy, risk management, social networking
Posted in Information Security | No Comments »
Speaking of Social Networking Sites…
Monday, August 20th, 2007Over the weekend I read yet another news article about social networking sites and the related risks. This time it was about how schools are implementing rules to address cyber bullying on the Internet; “Students To Be Punished For MySpace Postings.”
Tags:awareness and training, facebook, Information Security, IT compliance, MySpace, personally identifiable information, PII, policies and procedures, privacy, risk management, social networking
Posted in Information Security, Privacy and Compliance | 2 Comments »
