By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Information Security, Risk Management

Step 7 is: Develop U.S. Government positions for an international cybersecurity policy framework and strengthen our international partnerships to create initiatives that address the full range of activities, policies, and opportunities associated with cybersecurity. Wow…this is a very complex step when you consider the Cyberspace Policy Review described cybersecurity policy as: cybersecurity policy as used in this document includes strategy, policy, and standards regarding the security of and operations in cyberspace, and encompasses the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missionsRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Incident Reporting, Information Privacy, Information Security, Legal

In 2007 the Swedish Bank, Nordea was stung for $1.1 million, in the “biggest ever” online bank heist.  250 bank customers were affected by the fraud after falling victim to phishing e-mails.  The e-mail contained a trojan horse that redirected customers to a false home page where they entered important login information.  Most of the customers affected had not been running antivirus applications on their computers. The bank covered the attacks and refunded all the affected customers. In 2009 Credit Union Customers received text messages notifying them that their debit cards had been inactivated.  The message gave a number to call to reactivate the cardRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Emergency Management

This past Sunday I was watching and listening to DHS and HHS officials talk about the Swine Flu Alert. During the announcement I found it interesting that Secretary Napolitano made a special point to clarify the declaration of emergency by saying she wished they could call it a declaration of emergency preparedness, because that is really what it is in this context.   I agree with Secretary Napolitano that a declaration of emergency preparedness is needed because most organizations are not well prepared for a Pandemic flu outbreak….but that is another topic for another day. Then I came across a headline on CNN about TwitterRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Incident Reporting, Information Privacy, Information Security, Regulatory Compliance, Risk Management

In one of the largest data breaches to date, Heartland Payment Company compromised the cards of over 100 million people, almost 1/3 of the U.S. population. In addition to dealing with a damaged reputation, expensive notifications and fallout, and continued lawsuits from affected banks and credit Unions, the latest hit to Heartland came from Visa.  Visa recently took action at Heartland by suspending the data breach victim and removing it from Visa’s online list of PCI-DSS compliant providers. Heartland was last certified as PCI-DSS compliant in April 2008 but in a presentation given earlier this month by two Visa executives, Visa was quoted as saying,Read More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity

Learning from our mistakes is popular advice and I find it interesting that the majority of the advice and the majority of experts’ quotes have two common themes: If YOU are taking risks and moving forward, YOU will make mistakes. When YOU make mistakes, the key is not to make the same mistakes twice.   Good advice but not updated for today: Today’s challenges include serious economic challenges, accelerating threats and constant changes. Today’s leaders will not live long enough to make all the mistakes on their own so today’s leaders must do a better job of learning from the mistakes of others.   Headlines,Read More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Human Resources

One thing you can bet on this time of year is “resolutions”. And now that 2008 is behind us, experts, leaders and politicians are offering all types of information. Some offer top 10 events of 2008 and some provide lists of past and future incidents and challenges that organizations will need to manage and oversee more effectively in 2009 and beyond. There is no doubt that these experts, leaders and politicians mean well and there is no doubt they are attempting to offer valuable information to help organizations more successfully address escalating challenges especially now due to limited budgets and limited resources. But…(yes I knowRead More →