By:
On:
In: *Connecting the Dots Blog*, Information Security, Legal

A new Computer Security Audit Report was released by Legislative Division of Post Audit State of Kansas in July 2009 providing an overview of computer and network security for five state agencies.  The audit found weak password controls and missing security patches for servers and 39 percent of one unnamed agency’s passwords were cracked within five minutes using free software that can be easily downloaded from the Internet. To breach an agency’s passwords, hackers scan vulnerable servers that may not have the latest security patches applied and then locate an encrypted list of passwords they can copy and use password cracking software to reveal users’Read More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources, Regulatory Compliance, Workplace Violence

Recalcitrant.  That is the word the Acting Assistant Secretary of OSHA used in her recent testimony before the Subcommittee on Workforce Protections to describe organizations being targeted by a new OSHA program that is under development. Recalcitrant can mean obstinately defiant of authority or difficult to manage or operate.  Either way, OSHA is targeting recalcitrant organizations by revising their current Enhanced Enforcement Program (EEP) with a new program called Severe Violators Inspection Program (SVIP) to ensure recalcitrant organizations who are not implementing required safety and health programs are targeted for additional enforcement action.  The additional enforcement could include daily penalties, other fines, incarceration of anRead More →

By:
On:
In: *Connecting the Dots Blog*, Emergency Management, Incident Reporting, Risk Management

You may have seen the scary story reporting investigators were able to carry liquid bomb-making materials past security at 10 federal building in 10 cities. Members of Congress blasted “disturbing” and “outrageous” security failures in the nation’s federal buildings.  According to the article, Sen. Joe Leiberman blamed the Federal Protective Service Security for failing to provide adequate security and proper training to its 13,000 security guards during a hearing earlier this week on Capitol Hill. The GAO report found that he Federal Protective Service is not doing enough to make sure it’s 13,000 guards are qualified and trained for their jobs – and doing whatRead More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources

A recent story made headlines in The Washington Post, providing an excellent example of how a lack of implementation can lead to embarrassing headlines and illegal and costly results. This story came up because of a previous story The Washington Post (and other media outlets) reported involving Obama officials being invited to intimate dinners at the home of Post publisher Katherine Weymouth, each sponsored at a cost of $25,000. In response to the initial story, White House counsel Greg Craig reportedly sent out an e-mail (megaphone management) with the 9-page White House policy attached that covered dos and don’ts involving gifts, relationships and invitations toRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Human Resources, Risk Management

Numerous lessons learned reveal the Achilles Heel for most managers (and organizations) is the Lack of Implementation Tools.  The lack of implementation tools has become THE principal weakness for all levels of managers that eventually will lead to their downfall. So let’s discuss some of the details surrounding implementation. First, the lack of implementation tools for implementing what you may ask? Implementing Processes.  Processes include:  procedures, policies, plans, regulations, specifications, roles, responsibilities, strategies, priorities, etc.  Numerous Processes need to be implemented in every Department in an organization.  Numerous Processes need to be implemented to meet requirements in Regulations and Mandates, which continue to mount.  NumerousRead More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources, Legal

As more workers are let go in corporate layoffs and cutbacks, many disgruntled workers are taking legal action out of desperation.  Age and sex discrimination allegations are rising as workers claim they have been unfairly or improperly dismissed.   Class actions and individual claims are both increasing at alarming rates.  At a time when budgets are tight, resources are limited, and insurance rates are rising, organizations cannot afford to ignore employment requirements or  be vulnerable to expensive fines and lawsuits. Has your organization implemented effective unlawful discrimination and harassment policies? Have all personnel received training regarding discrimination and harassment policies?  Is this training updated on anRead More →

By:
On:
In: *Connecting the Dots Blog*, Regulatory Compliance, School Safety

On June 12, 2009, New York State Attorney General Andrew Cuomo issued a letter informing every college and university in New York State, that underreporting crime statistics violates state law.  In a landmark case, AG Cuomo required Dominican College to reform their current system of reporting on-campus crimes, as well as pay $20,000 to New York State. The federal Jeanne Clery Act requires colleges and universities to disclose campus security policies, as well as three years worth of crime statistics to current and prospective students.  A complaint was filed against Dominican College following an on-campus sexual assault which led to an investigation revealing that DominicanRead More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources

There seems to be a real transformation taking place across all industries…lower turnouts at trade shows and conferences and cutbacks with training.  With trade shows and conferences, I am seeing more and more discounts being offered to attract attendees and some trade shows and conferences are even offing reduced rates on hotel rooms. With training, I am seeing cutbacks within companies paying for training and I am seeing cutbacks by companies that deliver training services. The economic downturn and budget cuts are playing a big part in whether or not organizations can afford to send their employees to trade shows and conferences or pay forRead More →

By:
On:
In: *Connecting the Dots Blog*, Uncategorized

Step 10 is: Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the nation. Step 10 is definitely needed.  Step 10 mentions privacy which is generally more about collection and dissemination of sensitive and personally identifiable information (PII) than securing or protecting sensitive information.  Privacy is generally more about People and Processes and security is generally more about Technology; however I think President Obama is smart to mention the need to build an identity management vision and strategy that addresses privacy and civil liberties. I have to say….I am surprised that President Obama has notRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security

Step 9 of President Obama’s 10-point action plan is: In collaboration with other Executive Office of the President entities, develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure; provide the research community access to event data to facilitate developing tools, testing theories, and identifying workable solutions. I love the sound of Step 9!  It is like a great pre-game speech from a well respected coach talking about game-changing strategies and teamwork and relying and trusting each teammate to do their part in their goal to winRead More →