Email Address:
My May issue of "IT Compliance in Realtime" is now available!
The first article I have within this issue is, "Addressing the Insider Threat."
Here is the unformatted text of the article; download the PDF to get the much nicer, prettier, formatted version...
Tomorrow and Wednesday I'm doing some sessions at the Secure 360 conference in St. Paul, Minnesota. I'm really looking forward to also seeing the other sessions while here (yes, I've arrived and getting some work done in my room)!
While at CSI SX last week, we covered the need to ensure business partners, to whom we outsource information processing and handling, have good security and privacy programs in place within the class I provide with Chris Grillo, "Executive Summit: Security and Privacy Collaboration."
Continue reading Revisiting Two Viewpoints Of Outsourcing Vendor Security...
I've been here at the CSI SX conference for the past few days, and I've had the great opportunity and pleasure of speaking with a large number of folks while here. I was finally able to meet Ron Woerner in person (nice to meet you Ron!) after communicating with him in the Security Catalyst Community over the past 1+ year.
I love coming to these conferences and just talking with the participants. There is always at least one topic for which I receive enlightenment that I had not considered before. During the past few days I've spoken with 4 to 5 people who are responsible for information security, all from highly regulated industries, who all say despite their adequate to even generous information security and privacy budgets, some of their most important information security and privacy efforts are being quashed by their corporate communications offices; those responsible for the messages that are sent to personnel throughout the enterprise.
A few months ago I had some lively back-and-forth blog postings with a doctor who used email and instant messaging (IM) a lot in his practice; here, here and here.
Today my good friend Alec forwarded me another interesting news article (thanks Alec!) about the use of email by doctors; "It's no LOL: Few US doctors answer e-mails from patients."
Continue reading Do We REALLY Need Doctors To Do Consultations Via Email?...
The second article in this month's IT Compliance in Realtime Journal is, "Smart Business Leaders Support Log Management."
I wrote this with an audience of information security and privacy personnel, along with IT managers, in mind.
Download the formatted PDF version to get the full content, not to mention a nicer looking document.
Here is the unformatted version...
Yesterday the ISSA posted on their website a free webcast I did, "Information Security and Privacy Convergence"
Here is the synopsis...
Continue reading My Information Security and Privacy Convergence Webcast Now Available...
Recently in my Norwich MSIA class we were discussing the importance of program change controls, and I wanted to continue the discussion here because as important as it is, it typically does not get the attention it deserves in most organizations.
Continue reading Improve Program Change Controls To Reduce Incidents...
The third and final paper in my PCI DSS log management compliance series is now available!
I encourage you to download the much nicer-looking formatted PDF version. :)
However, the following is the unformatted version of "Addressing Application Vulnerabilities with PCI Log Management Compliance"...
Continue reading Addressing Application Vulnerabilities With PCI DSS Log Management Compliance...
There is a new document from the U.S. Government Accountability Office (GAO), "STRENGTHENING THE USE OF RISK MANAGEMENT PRINCIPLES IN HOMELAND SECURITY"
It includes discussions of current risk management practices from non-government industries that are really quite interesting, not to mention some great risk management ideas and descriptions of risk management practices.
Check it out!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine