By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Incident Reporting, Information Privacy, Information Security, Regulatory Compliance, Risk Management

In one of the largest data breaches to date, Heartland Payment Company compromised the cards of over 100 million people, almost 1/3 of the U.S. population. In addition to dealing with a damaged reputation, expensive notifications and fallout, and continued lawsuits from affected banks and credit Unions, the latest hit to Heartland came from Visa.  Visa recently took action at Heartland by suspending the data breach victim and removing it from Visa’s online list of PCI-DSS compliant providers. Heartland was last certified as PCI-DSS compliant in April 2008 but in a presentation given earlier this month by two Visa executives, Visa was quoted as saying,Read More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity

Learning from our mistakes is popular advice and I find it interesting that the majority of the advice and the majority of experts’ quotes have two common themes: If YOU are taking risks and moving forward, YOU will make mistakes. When YOU make mistakes, the key is not to make the same mistakes twice.   Good advice but not updated for today: Today’s challenges include serious economic challenges, accelerating threats and constant changes. Today’s leaders will not live long enough to make all the mistakes on their own so today’s leaders must do a better job of learning from the mistakes of others.   Headlines,Read More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, Regulatory Compliance

I was reading a blog the other day and the question presented to readers was do you believe adoption of end-to-end encryption technology throughout the payments industry is the panacea to protecting personal information?  Some experts have indicated that end-to-end encryption is the way to protect sensitive and personal information from being hacked in situations like TJX and Heartland Payment Systems and others.  The Ponemon Institute even released a new survey (sponsored by PGP – an encryption company) saying that their research shows that breaches are more expensive and can lead to losing customers and indicated that a strategic and more holistic use of encryptionRead More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources

As good as Tiger Woods is at golf, even Tiger could not take 8 months off and then perform at the level he needed to be successful and win this past week’s tournament. So here’s a question… Why in the world would management think their employees can make winning decisions for their organization if they have training every twelve months?? While Tiger’s results help, the results we are seeing in the headlines today (fines, breaches, lawsuits, losses, layoffs, etc.) clearly show that organizations are not proactively training and preparing their people (management, employees, contractor, partners, vendors, etc.) to win. An organization’s success and ability toRead More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources, Incident Reporting, Information Security, Legal, Regulatory Compliance

I recently blogged about the Veterans Affairs and the lost laptop that cost Veterans Affairs (tax payers) $20M to settle a lawsuit against them.  Now we have some very expensive trash. Attention all public and private organizational leaders!  Did you see the FTC charges released last week against CVS Caremark Corporation?  The costs of not establishing, implementing and maintaining a comprehensive information security program to protect the security, confidentiality, and integrity of personal information it collects from consumers and their employees is expensive! The FTC order requires CVS to pay $2.25 million to HHS to settle HIPAA violations and CVS is required to obtain independent,Read More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources, Incident Reporting, Information Privacy, Information Security, Regulatory Compliance, Risk Management

In case you didn’t notice among all the TARP and Stimulus Bill news…the Veterans Affairs Department has agreed to pay $20M to settle a lawsuit filed by veterans due to a VA laptop containing sensitive information stolen in 2006.  (Before I go any further, I want to be clear that I completely support veterans receiving compensation for out-of-pocket expenses that resulted from the computer theft, credit monitoring to protect against identity loss and medical expenses that were the result of severe emotional distress.) So how is “customized knowledge” and “individual-level accountability” worth at least $20M of your and my money (tax payer dollars)? For starters,Read More →

By:
On:
In: *Connecting the Dots Blog*, Emergency Management, Risk Management, School Safety

 I was exchanging e-mails with my daughter the other day and she told me about a magazine called Campus Technology and how she thought it might be good for me to review due to Awareity’s successful solutions for schools and colleges.    My daughter is a very smart young lady and she is the one that told me I needed to start blogging too… so I clicked on the web link she provided to see what types of stories they covered.  When I landed at the Campus Technology web page, I went straight to the current issue to see what types of stories were availableRead More →

By:
On:
In: *Connecting the Dots Blog*, Uncategorized

January 20th, 2009 was great day!  And for many reasons, January 20th, 2009 will long be remembered as a very important day in the history of the United States of America. As USA Today reported, President Obama’s speech mixed promises with rebukes of former President Bush. I do not want to get into the rebukes, but I would like to take this opportunity to highlight a few of President Obama’s comments and promises regarding accountability, responsibility and knowledge. Accountability –  And those of us who manage the public’s dollars will be held to account – to spend wisely, reform bad habits, and do our businessRead More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources, Information Privacy, Information Security, Risk Management

I was reading about a “reply all” storm that hit the State Department’s e-mail systems and thought I would take this opportunity to point out how “megaphone management” is ineffective and also point out how next generation knowledge management is more effective and more efficient. Megaphone Management 101 – Executive Management decides to blast out a cable or e-mail to all employees and it is not clear regarding where responsibility begins or ends, lacks accountability and offers no auditability. In this example, State Department employees and American Diplomats received a cable from the Under Secretary of State for Management Patrick Kennedy that: Instructed people toRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Human Resources

One thing you can bet on this time of year is “resolutions”. And now that 2008 is behind us, experts, leaders and politicians are offering all types of information. Some offer top 10 events of 2008 and some provide lists of past and future incidents and challenges that organizations will need to manage and oversee more effectively in 2009 and beyond. There is no doubt that these experts, leaders and politicians mean well and there is no doubt they are attempting to offer valuable information to help organizations more successfully address escalating challenges especially now due to limited budgets and limited resources. But…(yes I knowRead More →