Did you KNOW that January 28 was international Data Privacy Day? I bet most of you did not. Too bad. The way to help improve privacy practices within organizations is to raise awareness of privacy issues. I recently blogged about Data Privacy Day here and here. Are you planning to do something for Data Privacy Day? If so, please let us know! I love to hear what folks do to observe such days, and to help raise awareness of information security and privacy issues. Or, if you are not planning to do something, why? Too late of notice? You don’t see the point of doing anything? You think it is dumb? You think…???? Let us know!
When I read Steve Andriole’s recent post (via Cindy Swain), What Are the Rules, I looked at the calendar…no, this was not April 1st. What a thought-provoking post! Yes, as some of the comments to Steve’s post indicate, there are definitely some controversial “rules” put forth. To put it mildly. Writing about them all would fill a book. I will just comment on a couple of the proposed rules. “1. CIOs should come from the business, not the technology ranks: technology-rooted CIOs will never really understand the importance of business as the technology driver. When prospective CIOs start talking about network latency and virtualization, it’s time to get the hook out; go with the professional Read more
Eric Clemons’ post “Valuing Social Networking Websites” is interesting and very timely. Social engineering security and privacy issues are something I have been looking at a lot, and wrote an article addressing some of the issues a couple of months ago, “On The Internet, If It Looks, Quacks and Walks Like a Duck, Is It REALLY a Duck?” I agree with Eric, the ways in which we stay informed is rapidly changing. Certainly the big traditional news media conglomerates recognize this and want to glom on to this unexpected evolution and reap any financial benefits possible. Social networking sites and virtual reality sites present both a challenge to the traditional news organizations, along with opportunity. Read more
Speaking of disasters… I had the great opportunity to provide analysis for this month’s newly published Cutter Benchmark Review; “Wake Up and Be Prepared: Preventing a Full-Blown Crisis.” You would think that in this day and age that all organizations would have a documented emergency and disaster plan, wouldn’t you? Well, this survey demonstrates that this is not the case. For years we’ve heard from industry lobbyists that there should be less laws forcing businesses to do certain information assurance activities and allow businesses to be self-governing with their information assurance responsibilities. However, my analysis of the survey results reveals that an alarming number of organizations do not have documented plans. Those that don’t are Read more
“Data leak” is one of the hot catch-phrases today. And it is no wonder. Every day, almost literally, there are news stories published about companies losing personally identifiable information (PII) and other types of sensitive information. The data can leak out of a company in about as many ways as you can store or transmit information. * Through email messages * Intercepting wireless transmissions * Improper disposal of printed paper * Improper disposal of electronic storage devices * Improper disposal and/or reuse of computing devices * Metadata within electronic documents * Poor access control configurations * Lack of awareness and knowledge by users * Malicious insiders with trusted access * And the list goes on Read more