By:
On:
In: *Connecting the Dots Blog*, Information Security, Risk Management

Ok, now we are starting to get into the action points that have a lot more complexity and will absolutely require an “intelligent playbook” and innovative tools to implement appropriate mechanisms, priorities, processes, policies, roles, responsibilities, activities and more across the federal government.  Based on Lessons Learned, Inspector General Reports and a recent May 2009 GAO Report that stated 23 out of 24 major federal agencies had weaknesses in their agencywide information security programs…it is obvious that action point 5 is going to be extremely difficult to implement and manage.  Action Point 5 – Convene appropriate interagency mechanisms to conduct interagency-cleared legal analyses of priorityRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security, Risk Management

The good news is that Social Networking is experiencing explosive growth. The bad news is that Social Networking is experiencing explosive growth. According to the third annual Deloitte LLP Ethics & Workplace survey, organizational leaders have some decisions to make when it comes to employee beliefs and management beliefs regarding online Social Networking. 60% of business executives believe they have the right to know how employees portray themselves and their organizations in online social networks 53% of employees disagree and say their social networking pages are not an employer’s concern 63% of younger employees (age 18-34)  say employers have no business monitoring their online activityRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, Risk Management

Lost or stolen laptops and other digital media are the cause of more than 40% of data breaches. Business travelers lose more than 10,000 laptops per week in U.S. airports. An estimated 11,300 laptop computers, 31,400 handheld computers and 200,000 mobile telephones were left in taxis around the world during a recent six month period. While these statistics may seem outrageous, I was recently on vacation in Chicago when one of my friends accidentally left his laptop sitting on the train.  While his immediate response was, “Oh, *%$&!”, my thought was “Oh, no, I am going to have to blog about my friend’s company andRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, Risk Management

A recent survey revealed that 59% of workers who were laid off, fired or quit their jobs in the last 12 months, admitted to stealing company data.  Many ex-employees are taking information from their organization to help them find new jobs and make them more valuable to competition and other organizations. With the downturn in the economy and layoffs affecting millions of people nation-wide, organizations must realize employees can easily carry out paper documents, CDs, DVDs, USB memory sticks or simply send documents to personal e-mail accounts before exiting, so it is critical for organizations to communicate acceptable and unacceptable actions to all employees andRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, Risk Management

A recent incident revealed that thieves installed simple card skimming devices and cameras on bank ATMs, stealing customer account details and recording PIN numbers.  Once the thieves gathered the ATM card data, new ATM cards were easily created with the stolen customer information and the new ATM cards were used to make unauthorized withdrawals. The thieves stole $500,000 from over 250 bank customers, and according to follow up news stories the customers are now being reimbursed by the bank. In this economic  downturn, can  banks afford to put $500,000 back into their customers’ accounts and continue to foot the bill for identity theft? Do youRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Incident Reporting, Information Privacy, Information Security, Regulatory Compliance, Risk Management

In one of the largest data breaches to date, Heartland Payment Company compromised the cards of over 100 million people, almost 1/3 of the U.S. population. In addition to dealing with a damaged reputation, expensive notifications and fallout, and continued lawsuits from affected banks and credit Unions, the latest hit to Heartland came from Visa.  Visa recently took action at Heartland by suspending the data breach victim and removing it from Visa’s online list of PCI-DSS compliant providers. Heartland was last certified as PCI-DSS compliant in April 2008 but in a presentation given earlier this month by two Visa executives, Visa was quoted as saying,Read More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources, Incident Reporting, Information Privacy, Information Security, Regulatory Compliance, Risk Management

In case you didn’t notice among all the TARP and Stimulus Bill news…the Veterans Affairs Department has agreed to pay $20M to settle a lawsuit filed by veterans due to a VA laptop containing sensitive information stolen in 2006.  (Before I go any further, I want to be clear that I completely support veterans receiving compensation for out-of-pocket expenses that resulted from the computer theft, credit monitoring to protect against identity loss and medical expenses that were the result of severe emotional distress.) So how is “customized knowledge” and “individual-level accountability” worth at least $20M of your and my money (tax payer dollars)? For starters,Read More →

By:
On:
In: *Connecting the Dots Blog*, Emergency Management, Risk Management, School Safety

 I was exchanging e-mails with my daughter the other day and she told me about a magazine called Campus Technology and how she thought it might be good for me to review due to Awareity’s successful solutions for schools and colleges.    My daughter is a very smart young lady and she is the one that told me I needed to start blogging too… so I clicked on the web link she provided to see what types of stories they covered.  When I landed at the Campus Technology web page, I went straight to the current issue to see what types of stories were availableRead More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources, Information Privacy, Information Security, Risk Management

I was reading about a “reply all” storm that hit the State Department’s e-mail systems and thought I would take this opportunity to point out how “megaphone management” is ineffective and also point out how next generation knowledge management is more effective and more efficient. Megaphone Management 101 – Executive Management decides to blast out a cable or e-mail to all employees and it is not clear regarding where responsibility begins or ends, lacks accountability and offers no auditability. In this example, State Department employees and American Diplomats received a cable from the Under Secretary of State for Management Patrick Kennedy that: Instructed people toRead More →