25% Of Workers Ignore Internet Use Policies
A couple of days ago Asylum reported...
Continue reading 25% Of Workers Ignore Internet Use Policies...
Now Available:
Featured Resources:
Newsletter
Email Address:
Monthly Archives
Ask the Expert
Have a question for our resident expert? Email your questions to Rebecca.
December 3, 2008
Digg it!
Sphere it!
Del.icio.us
Reddit!
NewsvineDecember 2, 2008
An SMB PCI DSS Learning Opportunity
{Wow...love a chance to use 3 initializations in a row... :) }
Over the past week I have been getting my holiday shopping done, almost entirely all online. I love to find unique stores, often small and medium sized businesses (SMBs) with interesting items, and I found one small store in Florida that makes some great, creative photo items at a reasonable price. Their online site was a little hard to navigate, though, so I spent a little time doing a bit of research about the store. They have been around since the 1980's, and I could find no complaints about them. Their order form encrypted the input, but it was hard to figure out how to fill it in; I couldn't get more than one photo uploaded to order more than one ornament, coffee mug, etc., at one time...
December 1, 2008
Info Sec and Privacy Concerns For Mobile Workers
A couple of weeks ago, while I was at the CSI Annual conference doing sessions and giving my 2-day class there, I took some time to do an interview with Mike Brennan at Michigan Tech News radio about the keynote I did the week before in Kalamazoo, MI; the podcast of it was just posted today...
Continue reading Info Sec and Privacy Concerns For Mobile Workers...
November 30, 2008
Federal Agency SSN Use Mandate Has Been Removed!
On November 18 President Bush signed Executive Order 13478; see how/if it impacts your organization and how you use social security numbers (SSNs), and how it will impact how you require SSNs. And now you personall should NOT need to provide SSNs as often...
Continue reading Federal Agency SSN Use Mandate Has Been Removed!...
November 29, 2008
A New Risk Management Standard Worth Looking At
The bulk of data protection laws and regulations require that security and privacy controls be established based upon the organization's existing and unique risks. Many organizations struggle to find a way to effectivevly determine the risks that exist for their businesses. Often what results is similar to taking a shot in the dark to determine risks.
Continue reading A New Risk Management Standard Worth Looking At...
November 28, 2008
Are Cybercriminals Willing To Risk Death?
Whoa...here's what should be a good cybercrime deterrent...
Continue reading Are Cybercriminals Willing To Risk Death?...
November 26, 2008
Healthy Paranoia: A Nice Note That Brightened My Day!
Recently I was pleasantly surprised to receive the following message...
Continue reading Healthy Paranoia: A Nice Note That Brightened My Day!...
November 25, 2008
Continued Use Of Site Means Consent to Privacy Policy Changes?
I speak with many folks about the importance of published website privacy policies, along with the issues of obtaining consent...not implied but explicit/express...to change the terms of privacy policies.
I also participate in LinkedIn, and I have found it to be a great and valuable tool to network and communicate with other information security and privacy practicitioners.
So, today when I logged in I was quite interested to see the following banner posted on the home page...
Continue reading Continued Use Of Site Means Consent to Privacy Policy Changes?...
Search
Most Active Posts
- Traveling PII comments (2)
- Vote! Vote! Vote! comments (2)
- Audit Shows That After 5 Years CMS *STILL* Has No Documented Procedures For Ensuring HIPAA compliance comments (2)
Library Resources
Recent Posts
- 25% Of Workers Ignore Internet Use Policies
- An SMB PCI DSS Learning Opportunity
- Info Sec and Privacy Concerns For Mobile Workers
- Federal Agency SSN Use Mandate Has Been Removed!
- A New Risk Management Standard Worth Looking At
- Are Cybercriminals Willing To Risk Death?
- Healthy Paranoia: A Nice Note That Brightened My Day!
- Continued Use Of Site Means Consent to Privacy Policy Changes?
- Cloud Computing & Privacy
- Vishing Very Vicious
Categories
Rebecca Herold's Bio:
Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.