Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Obscure Email Security Issue: 5 Lessons About Re-using Email Addresses | Main | Obscure Email Security Issues: Whitehouse Provides Lessons in Email Management Practices and Using Non-Business Email Accounts to Conduct Business »

Data Storage Must Be Secured to Protect Privacy

Often times privacy breaches occur because the access controls are not configured appropriately for databases, or inadequate processes weren't even established to protect data within the network perimeter. Too many organizations still focus almost all of their efforts on securing the typically highly fuzzy and porous perimeter to the exclusion of other highly vulnerable areas. Many incidents can be prevented by putting more attention and time to securing the data storage areas.

One of my friends and colleagues, Kevin Beaver, just finished doing a webcast, "The Three Things You Need to Know About Managing Privacy Data."

Give it a listen if you get some time; Kevin provides some good insights. His views support the recommendations and use of the tools I provide within my Privacy Management Toolkit.

Tags:                
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on April 14, 2007 12:07 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/379

Comments

Agreed. Many people focus on security features such as having a firewall or anti-virus software. But in reality, I think most security issues stem from using mediums most people think are "safe" and "innocent" such as email or IM. Because these are not obviously bad as, say a virus, firewalls will not protect you against an "oopses" after pressing the send button on an email that had customer information attached to it.

Where there is digital data, there must be security.

Posted by: mroonie | April 16, 2007 2:04 PM

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for the past two decades. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the world's best privacy experts and on their list of the best privacy consulting firms in both 2007 and 2008. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 13th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.