By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security, Regulatory Compliance

Another data breach involving more than 500,000 records and Network Solutions is yet another organization that claims they were PCI compliant.  How can this be happening?  How does an organization know if they are PCI compliant with all 12 sections of PCI Security Standards which include hundreds of processes, roles and responsibilities that people must be following and implementing on a daily basis? Maybe what PCI really needs is a new focus and a new three letter acronym to go with all their other three letter acronyms.  If you visit the PCI Security Standards web site, you will find a whole bunch of three letterRead More →

By:
On:
In: *Connecting the Dots Blog*, Emergency Management, Incident Reporting, Information Privacy, Information Security, School Safety

Keeping You Out of the Headlines and out of this blog… Please take a moment to consider how these Lessons Learned could be implemented by managers within your organization to avoid expensive and embarrassing situations… Secret Service Information Revealed in P2P Data Leak On July 29th, it was revealed that files including information about a Secret Service safe house for the President’s family, details regarding the Pentagon’s network infrastructure, and specific details about every nuclear facility in the US were found on the LimWire file-sharing network.  As a result, a bill has been introduced that would ban P2P sharing on all government computers and networks. Read More →

By:
On:
In: *Connecting the Dots Blog*

Not sure if most people saw the article in USA Today, but health officials from the Center for Disease Control and Prevention made a disturbing new projection that up to 40% of Americans could get H1N1 (swine flu) this year and next….and several hundred thousand could die if a successful vaccine campaign is not ready. These projections for the US are nearly twice the number of people that catch the flu bug in a normal season.  Is your organization prepared?  Has your organization performed assessments to determine what could happen and what would need to happen if up to 40% of its staff was sickRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security

According to a recent survey released by the Messaging Anti-Abuse Working Group (MAAWG), about 1 in 6 consumers have at some point acted on a spam message.  Those who admitted to opening a spam message said they “were interested in a product or service” or “wanted to see what would happen if they opened it.” Wanted to see what would happen if they opened it!?   These people are not 6-year olds wanting to see what would happen if they touched the hot stove or stuck their tongue to a flag pole during an ice storm! Nearly 2/3 of the people surveyed felt they were veryRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity

According to a recent article, because of tight budgets, many organizations plan to cut funding for technologies that would help to mitigate the main security threats they face. The article went on to say that 72 percent of respondents have seen an increase in e-mail borne malware and phishing, but eight percent of respondents said they plan to cut previously allocated funding for messaging security, e-mail encryption, e-mail security or instant messaging security technologies. The survey also revealed that although 40 percent of respondents noted lost or stolen devices as a top security challenge for the next 12 months, 15 percent said they will beRead More →

By:
On:
In: *Connecting the Dots Blog*, School Safety

I am attending the 2009 Virginia School and Campus Safety Training Forum in Virginia and the speakers have been very informative providing the attendees with a whole lot of “what you should dos”…also called recommendations. The “what you should dos” and recommendations are targeting serious challenges and obligations: Legal Gotchas Regulatory Updates Gang and Drug Abuse Search Guidelines Violence and Crime Prevention Bullying Establishing Relationships with School and Community Threat Assessment Team Recommendations And many other important topics…   In talking with several of the attendees, I have been asking which step is the most difficult: Performing Assessments Planning and Development of Programs Implementing PlansRead More →

By:
On:
In: *Connecting the Dots Blog*, Legal

Did you see the $50,000 defamation lawsuit filed by an organization against a “tweeter”? The lawsuit is a lesson learned that you may want to use to better prepare your people and your organization about the potential legal liabilities associated with sending a tweet about someone else or about another organization. While I am not going to argue whether it is right or wrong, I want to bring attention to the personal details that the lawsuit exposes and how a person’s reputation or an organization’s reputation can be exposed no matter what the outcome of the court case. If you scroll down on the verifiedRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security

Keeping You Out of the Headlines and out of this blog… Please take a moment to consider how these Lessons Learned could be implemented by managers within your organization to avoid expensive and embarrassing situations… NYPD…New Typewriters? The New York Post reported that the New York City Police Department had signed a nearly $1 million contract with a vendor to purchase thousands of new manual and electric typewriters during the next three years. The NYPD’s typewriters are a shocking reminder of just how much more change needs to be implemented across government agencies and organizations to eliminate the status quo. Kaiser Hospital Privacy Violation KaiserRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, Risk Management

An article in The Washington Post and comments from Avivah Litan, vice president at the market research firm Gartner Inc, regarding fraudsters targeting commercial business accounts caught my attention….and if you run a business, you should pay attention too. Apparently the bad guys have figured out yet another way to steal real money and they are targeting business accounts rather than personal accounts.  The fraud involves mules and mule recruiters, some keylogger software planted on the PC of an unknowing person inside a bank, some social engineering and some fake, but real looking websites.  Notice how the bad guys are focusing on people and theirRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security

Received e-mail below this week…Wouldn’t it be great if all phishing attempts were this obvious? How are you doing and your family? I shall require from you , your  full names, address and phone numbers to start the process of claim in this regard. Do send me these details to barwonglee@******.com.hk for prompt and needed action Again I guarantee that all is under control and you have nothing to worry about, Just grant to me your full cooperation and keep this transaction close at heart. Regards, Wong Lee. Of course many phishing attempts are more sophisticated and more professional looking and unfortunately more successful atRead More →