By:
On:
In: *Connecting the Dots Blog*, Information Security, Risk Management

I was reading a report the other day (The Evolution of Data-Centric Protection) from InformationWeek Analytics presented by Security Dark Reading (requires registration) and written by technology expert Joe Hernick.  The report includes a survey of 384 business technology decision-makers at North American companies and the purpose of the report was to determine the role of endpoint protection in enterprise data security strategies.  The opening line of the report was great: “Think sophisticated attackers are your biggest problem?  Our survey says clueless and malicious end users are more likely to stymie even the best-laid defensive plans.”  I have experienced and observed similar results for years,Read More →

By:
On:
In: *Connecting the Dots Blog*, Regulatory Compliance, School Safety

Great news! A pending New Jersey bill would mandate that all public and nonpublic schools conduct monthly school security drills for non-fire evacuation, lockdown and active shooter response.  Why is this great news? Currently, most schools probably have emergency security plans in place, but due to lack of implementation many schools are not comfortable with their level of preparedness.  They have a plan, but because they are not actively implementing and practicing their plans, confusion exists regarding roles and responsibilities and what do actually do if an incident were to occur.  The status quo methods outlined below are not working: You have an Emergency Plan.Read More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, School Safety

Lessons Learned Review…Keeping You Out of the Headlines and out of this Blog… Please take a moment to consider how these Lessons Learned could be implemented by managers within your organization to avoid expensive and embarrassing situations… Law would require monthly school security drill A new New Jersey bill would mandate that all public and nonpublic schools conduct monthly school security drills for non-fire evacuation, lockdown and active shooter response. Currently, all schools have emergency security plans in place, but many schools are not comfortable with the procedures due to a lack of implementation.  Spam Survey According to a recent survey released by the MessagingRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security

As People continue to accumulate numerous passwords for their online social networking sites, personal e-mail and online banking, most People seem to have no problem logging in with different passwords for different applications to protect THEIR PERSONAL information. So we know People can handle passwords!  The key then for Managers (including IT Managers) is to help People (boards, employees, vendors, contractors, partners, etc.) understand the importance of THEIR ORGANIZATION’s information. However, a recent survey by Credant Technologies revealed that 35% of IT Security professionals do not use a password on their business phones or smartphones, even though they contain sensitive and confidential information!  Information mayRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, Legal

A new Computer Security Audit Report was released by Legislative Division of Post Audit State of Kansas in July 2009 providing an overview of computer and network security for five state agencies.  The audit found weak password controls and missing security patches for servers and 39 percent of one unnamed agency’s passwords were cracked within five minutes using free software that can be easily downloaded from the Internet. To breach an agency’s passwords, hackers scan vulnerable servers that may not have the latest security patches applied and then locate an encrypted list of passwords they can copy and use password cracking software to reveal users’Read More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources, Regulatory Compliance, Workplace Violence

Recalcitrant.  That is the word the Acting Assistant Secretary of OSHA used in her recent testimony before the Subcommittee on Workforce Protections to describe organizations being targeted by a new OSHA program that is under development. Recalcitrant can mean obstinately defiant of authority or difficult to manage or operate.  Either way, OSHA is targeting recalcitrant organizations by revising their current Enhanced Enforcement Program (EEP) with a new program called Severe Violators Inspection Program (SVIP) to ensure recalcitrant organizations who are not implementing required safety and health programs are targeted for additional enforcement action.  The additional enforcement could include daily penalties, other fines, incarceration of anRead More →

By:
On:
In: *Connecting the Dots Blog*, Emergency Management, Incident Reporting, Risk Management

You may have seen the scary story reporting investigators were able to carry liquid bomb-making materials past security at 10 federal building in 10 cities. Members of Congress blasted “disturbing” and “outrageous” security failures in the nation’s federal buildings.  According to the article, Sen. Joe Leiberman blamed the Federal Protective Service Security for failing to provide adequate security and proper training to its 13,000 security guards during a hearing earlier this week on Capitol Hill. The GAO report found that he Federal Protective Service is not doing enough to make sure it’s 13,000 guards are qualified and trained for their jobs – and doing whatRead More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources

A recent story made headlines in The Washington Post, providing an excellent example of how a lack of implementation can lead to embarrassing headlines and illegal and costly results. This story came up because of a previous story The Washington Post (and other media outlets) reported involving Obama officials being invited to intimate dinners at the home of Post publisher Katherine Weymouth, each sponsored at a cost of $25,000. In response to the initial story, White House counsel Greg Craig reportedly sent out an e-mail (megaphone management) with the 9-page White House policy attached that covered dos and don’ts involving gifts, relationships and invitations toRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Human Resources, Risk Management

Numerous lessons learned reveal the Achilles Heel for most managers (and organizations) is the Lack of Implementation Tools.  The lack of implementation tools has become THE principal weakness for all levels of managers that eventually will lead to their downfall. So let’s discuss some of the details surrounding implementation. First, the lack of implementation tools for implementing what you may ask? Implementing Processes.  Processes include:  procedures, policies, plans, regulations, specifications, roles, responsibilities, strategies, priorities, etc.  Numerous Processes need to be implemented in every Department in an organization.  Numerous Processes need to be implemented to meet requirements in Regulations and Mandates, which continue to mount.  NumerousRead More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources, Legal

As more workers are let go in corporate layoffs and cutbacks, many disgruntled workers are taking legal action out of desperation.  Age and sex discrimination allegations are rising as workers claim they have been unfairly or improperly dismissed.   Class actions and individual claims are both increasing at alarming rates.  At a time when budgets are tight, resources are limited, and insurance rates are rising, organizations cannot afford to ignore employment requirements or  be vulnerable to expensive fines and lawsuits. Has your organization implemented effective unlawful discrimination and harassment policies? Have all personnel received training regarding discrimination and harassment policies?  Is this training updated on anRead More →