Posts Tagged 'policies-and-procedures'

Jan 252009

Did you KNOW that January 28 was international Data Privacy Day? I bet most of you did not. Too bad. The way to help improve privacy practices within organizations is to raise awareness of privacy issues. I recently blogged about Data Privacy Day here and here. Are you planning to do something for Data Privacy Day? If so, please let us know! I love to hear what folks do to observe such days, and to help raise awareness of information security and privacy issues. Or, if you are not planning to do something, why? Too late of notice? You don’t see the point of doing anything? You think it is dumb? You think…???? Let us know!

Aug 222007

Cutter Fellow Steve Andriole is at it again! He’s come up with a list of the top ten things he’d say to “management” about technology. I’ll just post three of his items here for you to react to, but do read his entire list in this week’s Business Technology Trends & Impacts E-Mail Advisor. 4. Please stop making exceptions to the governance process. If you want to save money and keep us agile, then do not allow all the flowers to bloom; instead, publish the standards and then stick with them. Every time you let someone off the hook, you make our life more complicated — and expensive. 6. Please make us account for our Read more

Jul 262007

When I read Steve Andriole’s recent post (via Cindy Swain), What Are the Rules, I looked at the calendar…no, this was not April 1st. What a thought-provoking post! Yes, as some of the comments to Steve’s post indicate, there are definitely some controversial “rules” put forth. To put it mildly. Writing about them all would fill a book. I will just comment on a couple of the proposed rules. “1. CIOs should come from the business, not the technology ranks: technology-rooted CIOs will never really understand the importance of business as the technology driver. When prospective CIOs start talking about network latency and virtualization, it’s time to get the hook out; go with the professional Read more

Jun 272007

Speaking of disasters… I had the great opportunity to provide analysis for this month’s newly published Cutter Benchmark Review; “Wake Up and Be Prepared: Preventing a Full-Blown Crisis.” You would think that in this day and age that all organizations would have a documented emergency and disaster plan, wouldn’t you? Well, this survey demonstrates that this is not the case. For years we’ve heard from industry lobbyists that there should be less laws forcing businesses to do certain information assurance activities and allow businesses to be self-governing with their information assurance responsibilities. However, my analysis of the survey results reveals that an alarming number of organizations do not have documented plans. Those that don’t are Read more

Jun 152007

“Data leak” is one of the hot catch-phrases today. And it is no wonder. Every day, almost literally, there are news stories published about companies losing personally identifiable information (PII) and other types of sensitive information. The data can leak out of a company in about as many ways as you can store or transmit information. * Through email messages * Intercepting wireless transmissions * Improper disposal of printed paper * Improper disposal of electronic storage devices * Improper disposal and/or reuse of computing devices * Metadata within electronic documents * Poor access control configurations * Lack of awareness and knowledge by users * Malicious insiders with trusted access * And the list goes on Read more