Skip to main content

Home/ WPPS C-Suite News/ Group items tagged Privacy

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
sandy ingram

The Cloud's Green Advantage - Forbes.com - 0 views

www.forbes.com/...terprise-technology-cloud.html

Privacy Security cloud microsoft

shared by sandy ingram on 17 Nov 10 - No Cached
  • When small organizations (100 users) move to the cloud, the effective carbon footprint reduction could be up to a 90% savings by using a shared cloud environment instead of their own local servers
  • For large corporations, the savings are typically 30% or more. In a case study with a large consumer-goods company, the team calculated that 32% of energy use and resulting carbon emissions could be saved by moving 50,000 e-mail users in North America and Europe to Microsoft's equivalent cloud offering.
  • What accounts for these significant energy savings? Think of cloud computing as being like mass transit. The data center is essentially getting computing applications to carpool or take the bus instead of sitting in their own individual servers. However, unlike mass transit, there is no sacrifice in convenience or performance with this move. Consider the disappointing fact that a typical server in a company often runs at about 10% of capacity, meaning there are lots of servers out there drawing power without doing much computing
  • ...3 more annotations...
  • The economies of scale of cloud data centers allow much higher utilization of servers, dynamic provisioning to better match server capacity to demand, and multi-tenancy to serve thousands of organizations with one set of shared infrastructure.
  • The efficiency benefits of the cloud won't be realized unless customers are thoughtful about decommissioning or repurposing unused servers, and cloud providers like Microsoft continue to innovate in the name of greater and greater efficiency.
  • For companies with their own large-scale infrastructure, this study identifies the key drivers that will let them optimize for the greatest efficiency as well.
  • sandy ingram on 17 Nov 10
     
    "In his piece, "Cloud Computing Meets Energy Management," William Clifford makes important points about the need to optimize the efficiency of both cloud data centers and on-premise computing. However, a new study released this week challenges his assertion that cloud computing "just transfers the consumption problem to another location." The findings suggest instead that cloud computing can significantly reduce the overall net energy use of business computing needs."
sandy ingram

How a Pas5woRd Can Sink Your Company - NYTimes.com - 0 views

boss.blogs.nytimes.com/...pas5word-can-sink-your-company

Privacy Security password Best Practice

shared by sandy ingram on 28 Nov 10 - No Cached
  • Back in the 1990s fellow science and technology journalist Charles Mann and I wrote a book uncovering the true story of how a lone, young, cognitively impaired hacker with relatively few computer skills managed to perpetrate what was then the most extensive and scariest series of computer break-ins ever — government weapons labs, dam control systems and ATM networks were among the hundreds of networks compromised. At the end of the book, we predicted that no matter how much effort was poured into making the Internet safer, hackers would always be able to have a field day, partly for technical reasons but also because companies and individuals would never get it together to take simple precautions critical to safe computing.
  • Sadly, Mann and I called it right. Viruses, trojans and spyware are bigger problems than ever. Employees unwittingly but routinely hand over their passwords to hackers who break into corporate databases to steal credit card and other information of thousands of customers. Private e-mail is rifled through and made public, and companies have their computers incapacitated by “denial of service” attacks. You need to ask yourself: Could your company survive an encounter with a hacker?
  • Don’t count on even the best security software or services to protect you —
  • ...8 more annotations...
  • they’re always one step behind the latest hacking twist sweeping through networks. Even if you could afford to get a computer-security genius to come in and watch your company’s back 24 hours a day, he or she couldn’t fully protect you if you or any one of your employees were to slip up.
  • Everyone knows by now, I would think, that you shouldn’t use a password that’s easy to guess.  Hackers use automated programs that can find any password if it’s a word in the dictionary or a proper name, even if it’s spelled backwards.
  • But here’s the problem even tricky password users run into: Because we all need passwords for so many Web sites and accounts these days, people end up using the same password for many of them — or else write their passwords down somewhere. Both of these practices are disasters waiting to happen.
  • If you use the same password for many sites, all a hacker has to do is get your password at any one site — and some site out there somewhere is doing a lousy job of protecting your password — and he’s got it for all of your sites and accounts. So if a hacker or malicious employee at the place you buy shoelaces online lifts your password, he can get into your bank account and your company’s computers.
  • Here’s a better solution: Come up with a simple formula for generating passwords in your head that’s based on the name of the site or organization you’re signing up with. For example, you might take the name of the site (tractortires.com), drop everything but the first six characters to the left of the “dot” (tracto), reverse the first three letters (artcto), add the number “5″ after the third character and a capital “Z” at the end (art5ctoZ). By this formula, “plan9movie.net” gets the password “alp5n9mZ,” and “cellphone.org” yields “lec5lphZ.”
  • Make up your own formula, and don’t share it with anyone. It may sound a bit complicated, but after doing it a few times you’ll be able to do it in your sleep, and you’ll have a unique, impossible-to-guess password for every one of your accounts and sites without having to write anything down.
  • Every single one of your employees has to get with the program on this. If they’re writing passwords down, or using the same password everywhere, then they’re not just risking getting hacked at other sites, they’re also inviting hackers into any of your company’s computers or accounts to which they have password access.
  • So you might want to teach everyone in your company how to come up with his or her own in-your-head password-generating formula.
  • sandy ingram on 28 Nov 10
     
    "Back in the 1990s fellow science and technology journalist Charles Mann and I wrote a book uncovering the true story of how a lone, young, cognitively impaired hacker with relatively few computer skills managed to perpetrate what was then the most extensive and scariest series of computer break-ins ever - government weapons labs, dam control systems and ATM networks were among the hundreds of networks compromised. At the end of the book, we predicted that no matter how much effort was poured into making the Internet safer, hackers would always be able to have a field day, partly for technical reasons but also because companies and individuals would never get it together to take simple precautions critical to safe computing."
sandy ingram

RESEARCH SHOWS MORE THAN HALF OF SMBs OPERATE WITHOUT STAFF IT SECURITY GUIDELINES | Ec... - 0 views

econsultancy.com/...t-staff-it-security-guidelines

Privacy Security compliance SMB survey

shared by sandy ingram on 27 Nov 10 - No Cached
  • AVG's research shows that: * 83% agree that having the right level of IT security protection is critical to their business * 77% say that a security threat could have a significant negative impact on their business * 55% feel they can make IT security decisions without 3rd party influence * However, only 48% have a clear IT security policy in place for their staff, leaving most at the mercy of what employees decide to download or access online * As a result, perhaps not surprisingly, 1 in 4 have experienced a security breach * Most worryingly, 1 in 7 have no security software or systems in place at all AVG also asked small businesses whether they expect to see growth in the next five years - 61% of UK and 74% of US small businesses say that they do.
  • sandy ingram on 27 Nov 10
     
    "Research released today by Internet Security company AVG (http://www.avg.com) shows that although most small businesses understand the need to protect their IT systems, fewer are willing to put it into practice. Out of 2000 SMBs surveyed in the US and UK for the "SMB Landscape Report", more than half (52%) have no IT security guidelines for their staff, while 1 in 7 have no Internet security software or solutions in place at all. "
sandy ingram

5 Steps to Secure a Mobile Workforce #infosec #grc - 0 views

www.businessweek.com/...secure_a_mobile_workforce.html

mobile security Best Practice Privacy compliance cybersecurity

shared by sandy ingram on 30 Nov 10 - No Cached
  • Here are five steps your company can implement quickly and cost-effectively.
  • 1. Deploy comprehensive endpoint security to check endpoint devices for spyware and malware.
  • 2. Ensure that user devices adhere to defined corporate security policies before, during, and after network connection.
  • ...3 more annotations...
  • 3. Encrypt sensitive data and log file access to ensure that data is not compromised if a mobile device is lost or stolen.
  • 4. Automatically filter and delete SMS spam by setting up pre-defined, configurable settings on mobile devices.
  • 5. Restrict network access by noncompliant or potentially infected devices.
  • sandy ingram on 30 Nov 10
     
    "Some 2.8 million Americans now work permanently from home offices and a full 38 million (37 percent of the total U.S. workforce) telecommute at least once a month. For the most part, the mainstreaming of telecommuting and the arrival of the virtual or mobile office has been a positive development, both in terms of employee productivity and cost reduction. However, one of the challenges of the proliferating mobile workforce is for companies to ensure that their most-sensitive customer and corporate information is truly secure."
sandy ingram

Security awareness: Helping employees really 'get' company policy - CSO Online - Securi... - 0 views

www.csoonline.com/...yees-really-get-company-policy

security awareness Privacy Best Practice employees training

shared by sandy ingram on 30 Nov 10 - Cached
  • Employee awareness of their companies' security policies is high—if you ask the employees. In a survey of 2,000 office workers, software security company Clearswift found almost three quarters, 74 percent, felt 'confident' that they understand their employers' Internet security policies. That is, policy designed to safeguard data and IT security, as well as maintain productivity.
  • But the confidence is misplaced, Clearswift suggests in their summary of the findings, because a third of those surveyed have not received any training on IT security since joining their firm. And more than two thirds of those who have not had recent training joined their organization more than five years ago—a 'technological lifetime,' notes Clearswift.
  • "When security is kept in the shadows and not discussed openly, and only referred to when things go wrong, it is all too easy for office 'folk-law' to become perceived as official policy very quickly. If employees are not aware of when they have broken policies—in some cases because the policy is not even enforced—it can lead to a false sense of security or a belief that what they are doing is actually in line with the corporate policy."
  • ...1 more annotation...
  • The research raises a question that is frequently discussed, but very rarely measured, among organizations: What kind of awareness training is effective? Is it regular and incremental? Is it most effective when done through courses, formal sessions or informal discussions? And how does an organization gauge its effectiveness?
  • sandy ingram on 30 Nov 10
     
    "Research finds while most employees believe they understand their company's security policies, a large number have never received any formal policy education or training. How can an organization really ensure people understand risk?"
sandy ingram

Staff fraud 'on the rise'. Majority still undetected and unreportd - 0 views

www.insideretailing.com.au/...Staff-fraud-on-the-rise.aspx

Privacy security Fraud employees

shared by sandy ingram on 06 Dec 10 - No Cached
  • "The vast majority of staff in any organisation are trustworthy and honest. However, businesses are now beginning to realise and understand the scale of the threat posed by the small proportion of staff that act dishonestly and defraud their employer."
  • According to the ACFE 2010 report on occupational fraud the median length of the schemes was 18 months from the time the fraud began until the time it was detected. The median loss caused by the occupational frauds in the report was $160,000. Nearly one-quarter of the cases caused at least $1 million in losses and nine cases caused losses of $1 billion or more.
  • Historically, the most serious threat from staff fraud has been centred on relatively senior employees in management positions. However, the major threat has now shifted down the organisational hierarchy to more junior members of staff, who have access to, and responsibility for, more confidential customer and payroll data than ever before,"
  • ...3 more annotations...
  • "With as much as 30 per cent of all business failures attributable to employee theft, employers are interested in any device or technique that could detect or prevent employee theft.
  • "Given the present wave of corporate scandals and failures, it is not surprising that organisations are being expected to create strong ethical cultures and select employees who will fit into those cultures. This explains, to some extent, the growing emphasis on integrity testing in the business world.
  • Spitzer has simple advice for businesses who are concerned they may be at risk:
  • sandy ingram on 06 Dec 10
     
    "Employee theft and fraud is on the increase - and an Australian start-up company believes it has pioneered a means of early detection. According to a recent survey conducted by KPMG, the total funds lifted from organisations came to $345 million - a significant increase from the $301 million of 2008, totalling 174,914 cases. "Employee fraud is a growing concern for organisations in all business sectors both in monetary and reputational terms," says Alon Spitzer, who has founded Integrity Elements, a company specialising in the new field of ' integrity testing and valuation'."
sandy ingram

Integrating Ethics and Compliance Into the Entire Organization - 0 views

tfoxlaw.wordpress.com/...e-into-the-entire-organization

Privacy Security compliance ethics integrating SMB Best Practice

shared by sandy ingram on 28 Nov 10 - No Cached
  • There’s no point investing in and implementing an ethics and compliance program unless the time is spent integrating the program into every aspect of an organization. The need for companies to develop effective ethics and compliance programs has been acknowledged by several government agencies- examples are the SEC in the US and the government in the United Kingdom. Both groups have recently passed legislation or made amendments to existing guidelines, focusing heavily on the importance of ethics and compliance at all levels of an organization- especially at the top.
  • Employees at each level contribute to the success of a company’s ethics and compliance program. Integrating ethics and compliance at each level helps ensure the message from the top makes it all the way down to the lower levels of the organization. Training, messages and other ethics and compliance initiatives must be developed to evolve with employees as they move through the company. That being said, employees at various levels need to be prepared to address different ethical issues they may encounter based on the role they play in the organization.
  • Integrating Ethics in the Middle  In many companies, employees report that the middle level is where ethics and compliance commitments break down. Since many of the lower level employees report directly to those in the middle, a commitment to ethics and compliance from middle managers is equally as important as it is at the top.
  • ...4 more annotations...
  • Top level managers can use a number of techniques to assist mid-level managers in understanding the role they play in creating an ethical workplace.
  • Integrating Ethics at Lower Levels Lower level employees are usually the ones on the frontlines acting as ambassadors for a company/brand. Ensuring the commitment to ethics and compliance is as strong at the bottom as it is at the top is critical to the success of a fully integrated ethics and compliance program.
  • One of the easiest ways to begin implementing ethics and compliance within lower levels is to provide new hires with extensive training on company expectations and ethics and compliance. During the interview process, ask questions related to ethical situations and decision making. This can be used as a way to ensure new hires are a proper fit with the existing corporate culture.
  • It’s important to remember that ethics training and implementation doesn’t stop here- this is just the beginning.
  • sandy ingram on 28 Nov 10
     
    "One of the easiest ways to begin implementing ethics and compliance within lower levels is to provide new hires with extensive training on company expectations and ethics and compliance"
sandy ingram

Strong Growth And Innovation Seen For IaaS In 2011 - "dramatically improved data security" - 0 views

blogs.forrester.com/...formation_as_a_service_in_2011

compliance IaaS Privacy Security data forrester research Best Practice

shared by sandy ingram on 27 Nov 10 - No Cached
  • Even smaller and moderately sized companies will start to look at IaaS. So far, most of the IaaS deployments have been concentrated around very large $1B+ companies; however, we are now seeing that even smaller and moderate sized organizations are very interested in IaaS to help them overcome their data challenges. As a result, in 2011 and beyond we are likely to see small mission-critical IaaS deployments in these organizations to support various types of use cases, ranging from single-version-of-the-truth to BI to searching and compliance reporting. 
  • sandy ingram on 27 Nov 10
     
    6. "More organizations will realize IaaS's security potential. During various inquiry calls this year, some customers mentioned to us that they dramatically improved data security by using an IaaS framework, centralizing the authentication, authorization, and access control of critical data - as a result disallowing direct access to data sources. This not only improves compliance audits for various organizations but also ensures that only authorized users can access sensitive data. We expect that more organizations, especially those that have hundreds and thousands of sources, will adopt an IaaS framework just to improve data security and compliance. "
sandy ingram

THE INSIDE THREAT: Financial firms focus on internal threats, employee errors - 0 views

searchfinancialsecurity.techtarget.com/...9142,sid185_gci1347604,00.html

Security Internal Threat Human Error Employees

shared by sandy ingram on 12 Feb 09 - Cached
  • Mark Steinhoff, head of Deloitte's financial services security and privacy practices, said an organization's biggest mistake would be to let its guard down
  • "The number of breaches that are occurring are really at the hands of insiders and organizations are understanding that there is a real threat of malicious attacks and exposure of personal information by insiders," Steinhoff said.
    • sandy ingram
      sandy ingram on 12 Feb 09
       
      The failing economy may be driving the increased concern over insider threats
    • sandy ingram
      sandy ingram on 12 Feb 09
       
      "We are seeing the layoffs and other forms of downsizing. Frankly with limited budget and less than satisfied employees, it really raises the parameter on that threat."
    • sandy ingram
      sandy ingram on 12 Feb 09
       
      Human error is the leading cause of information systems failure, and is likely to be the main cause of security attacks in the near future, according to 86% of those surveyed
  • sandy ingram on 12 Feb 09
     
    Banks and financial firms are placing more emphasis on internal threats to cut the flow of data leakage as a result of employee mistakes or workers disgruntled with layoffs and downsizing during the economic crisis, according to a recent survey.
sandy ingram

CERT's Podcast Series - 0 views

www.cert.org/...20090120pethia.html

Cert podcast

shared by sandy ingram on 12 Feb 09 - Cached
sandy ingram liked it
  • sandy ingram on 12 Feb 09
     
    CERT'S PODCASTS: SECURITY FOR BUSINESS LEADERS: SHOW NOTES Tackling Tough Challenges: Insights from CERT's Director Rich Pethia Key Message: Rich Pethia reflects on CERT's 20-year history and discusses how he is positioning the program to tackle future IT and security challenges. Executive Summary CERT's vision is a securely connected world. CERT's mission is to enable informed trust and confidence in the use of information technology. To achieve this vision and mission, CERT has broadened its perspective to include the full system/software engineering and operations life cycle and is reaching out to thought leaders in the global IT and security community. In this podcast, Rich Pethia, director of the CERT Program at Carnegie Mellon University's Software Engineering Institute, discusses the past, current, and future state of Internet security and CERT's role in tackling future challenges as CERT celebrates its 20th anniversary. PART 1: LOOKING BACK, LOOKING FORWARD: THE GOOD, THE BAD, AND THE UGLY CERT's Vantage Point CERT's vision is a securely connected world, supported by CERT's mission of enabling informed trust and confidence in the use of information technology. As the director of CERT, Pethia has unique access to government, commercial, and industry leaders. The Good News Internet use continues to grow, not just in size (number of people, volume of traffic) but also in utility, for example: * the increasing amount of real government and business operations * the introduction of new applications * the growing use of new mobile appliances User awareness of the need to address security is increasing along with increasing attention from service providers (firewalls, virus protection, anti-spyware, data backup). Developers are paying more attention to building security into their products. Vendors have more mature processes for providing cost-effective, timely updates for software vulnerabilities. Users are more willing
sandy ingram

Malicious insider attacks to rise: "This is one of the most significant threats compani... - 0 views

news.bbc.co.uk/...7875904.stm

employee layoffs

shared by sandy ingram on 12 Feb 09 - Cached
  • Microsoft said so-called "malicious insider" breaches are on the rise and will worsen in the present downturn.
  • "This is one of the most significant threats companies face,"
  • "The malicious insider is classed as the greatest security concern because they have access, and relatively easy access, to corporate assets," said Mr Leland.
  • ...5 more annotations...
  • The problem is not just a serious one for business.
  • "The national security and economic health of the United States depend on the security, stability and integrity of our nation's cyberspace, both in the public and private sectors,"
  • A report last week by the Ponemon Institute, a privacy and data-protection research group, found that 88% of data breaches were caused by simple negligence on the part of staff.
  • While insider attacks are lower in number, Mr Rowney said they can be more devastating because the employee knows where "the crown jewels" are kept
  • Verizon indicates these protections are a critical form of risk management that no enterprise can no longer afford to ignore.
  • sandy ingram on 12 Feb 09
     
    "This is one of the most significant threats companies face,"
  • sandy ingram on 12 Feb 09
     
    People to Google: Doug Leland, Microsoft John Brennan, the President's top adviser for counterterrorism and homeland security. Kevin Rowney, Symantec, founder of the firm's Data Loss Prevention Unit
sandy ingram

Picking an anti-fraud team » Adotas - 0 views

www.adotas.com/...picking-an-anti-fraud-team

Privacy Fraud Advertising Best Practices

shared by sandy ingram on 27 Jan 09 - Cached
  • Individuals in areas such as sales and marketing will absorb fraud identification, reporting, and prevention responsibilities.
  • This will prove to be ineffective for the following reasons:
  • 1. The sales and marketing staffs are not trained to identify fraud and they cannot keep up with the ever-changing tactics
  • ...7 more annotations...
  • 2. Associates are conflicted when faced with a fraud incident. They are not motivated to report fraud and their compensation structure dissuades them from reporting incidents.
  • 3. Business goals are not aligned appropriately, which naturally moved fraud last on the priority list for the associates assigned the additional responsibilities.
  • 4. While the internal attempt is made, no time is spent on partner due diligence and monitoring.
  • Organizations will benefit in the long term by hiring dedicated staff.
  • This tactic is one component of my company’s Best Practice approach to doing business.
  • When recruiting for your team, expect to receive a small number of resumes compared to the average you may receive for other positions
  • Do not worry about where to post the job description, just get it posted.
sandy ingram

Health care providers anticipate new audit program - 0 views

www.finance-commerce.com/...allenges-as-scrutiny-increases

Health Care Audit

shared by sandy ingram on 05 Jan 09 - Cached
  • New audit program
  • Another development affecting hospitals will be the nationwide implementation of the Medicare Recovery Audit Contractor (RAC) Audit program, Jesson noted. After testing the program in three states over the past three years, RAC auditors will begin auditing hospitals in Minnesota and other states for Medicare or Medicare fraud.
  • The federal government recently offered additional incentives to states that adopt laws that parallel the False Claims Act.
  • ...8 more annotations...
  • Data privacy is another hot-button issue for health care consumers, providers and regulators
  • a Minneapolis attorney, expects to see stepped up reinforcement of so-called “red flag rules” under the Health Insurance Portability and Accountability Act to prevent identity theft from health care providers and their patients.
  • health care organizations need to address three primary areas
  • making sure they have ID-theft prevention programs in place;
  • requirements relating to credit reports;
  • requirements related to the use of debit cards, credit cards and “smart” cards.
  • expects to see greater enforcement and “stiffening” of Medicare and Medicaid reimbursement:
  • As the current economic downturn continues, DeLoss also foresees another trend which should keep health law attorneys occupied in the coming year: more consolidation among medical practices.
  • sandy ingram on 05 Jan 09
     
    Another development affecting hospitals will be the nationwide implementation of the Medicare Recovery Audit Contractor (RAC) Audit program, Jesson noted. After testing the program in three states over the past three years, RAC auditors will begin auditing hospitals in Minnesota and other states for Medicare or Medicare fraud.
sandy ingram

REPORT: show lack of executive oversight in data protection. - 0 views

www.marketwatch.com/...story.aspx

informaiton executive board cybersecurity Report Carnegie Mellon Red Flag

shared by sandy ingram on 03 Dec 08 - Cached
  • survey also said that cybersecurity issues need to be seen as an enterprise risk management problem rather than an IT issue.
  • "Managing cyber risk is not just a technical challenge, but it is a managerial and strategic business challenge,"
  • senior management has not budgeted for key positions requiring expertise in cybersecurity or privacy areas. "No wonder the number of security breaches has doubled in the past year
  • sandy ingram on 03 Dec 08
     
    survey also said that cybersecurity issues need to be seen as an enterprise risk management problem rather than an IT issue.
sandy ingram

"The Neb" implemented by IBM - 0 views

www.links.org

Privacy security neb

shared by sandy ingram on 09 Nov 08 - Cached
  • The basic idea here was that you can’t trust your PC, so you should have a separate trusted device (The Neb) which is used only for final authorisation of transactions - all the work of getting the transaction set up is done on the untrusted PC.
  • only the data relating to the final transaction is sent to The Neb,
  • explicitly, by the server,
  • ...1 more annotation...
  • which then displays it and, if the user agrees, signs it.
  • sandy ingram on 09 Nov 08
     
    only the data relating to the final transaction is sent to The Neb,
sandy ingram

Amended SB1386 - Health care data security breach explained - 0 views

www.scmagazineus.com/...120069

hipppa SB1386 health training breaches

shared by sandy ingram on 01 Nov 08 - Cached
  • Health care data security breaches in the U.S.
  • New laws and regulations regarding data security breaches and disclosure laws affect the way in which health care organizations do business
  • Notifications can be delayed if law enforcement determines it could hinder a criminal investigation
  • ...11 more annotations...
  • he disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subdivision (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
  • Any agency that maintains computerized data that includes personal information that the agency does not own shall notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person.
  • They need to implement proper security measures, like encryption,” Booz says. In addition, the law will require a new level of investment in training for customer service, sales, and other externally facing operations.
  • Individuals affected by data breaches that meet the personal information definition and notification requirements must be notified by using one of three methods: written notice, electronic notice with customer's consent, or substitute notice
  • A new California law requiring that customers be notified of a breach involving their medical information is likely to influence legislation in other states.
  • The new law requires all state agencies and companies that conduct business in California to notify residents when a breach of their medical information occurs.
  • The purpose of this rule is to secure personally identifiable information (PII) as it travels through the healthcare system. Healthcare organizations, including providers, payers, and clearinghouses, must comply with the Privacy Rule.
  • Between 2000 and 2007, nearly half of all health care security incidents that occurred in the U.S. were associated with hospitals.
  • Between 2000 and 2007, 40 percent of publicly known security incidents at health care organizations are classified as data breaches
  • Although data breaches (hackers, malicious employees, social engineering, etc.) only constitute 40 percent of incidents, they account for 57 percent of all records compromised, nearly two and a half times the next closest category.
  • This again speaks to the need for strong policies and procedures. If organizations did not allow sensitive data to leave their facility without being encrypted (for electronic data) or disposed of properly (for physical data), it could eliminate nearly a quarter of the incidents they would face.
  • sandy ingram on 01 Nov 08
     
    Notifications can be delayed if law enforcement determines it could hinder a criminal investigation
  • sandy ingram on 01 Nov 08
     
    A new California law requiring that customers be notified of a breach involving their medical information is likely to influence legislation in other states.
sandy ingram

Organisation for Economic Co-operation and Development - WHERE PRIVACY LAW GET'S IT'S QUE - 0 views

www.oecd.org/..._2649_201185_1_1_1_1_1,00.html

Economics Statistics Research OECD cooperation

shared by sandy ingram on 06 Jan 09 - Cached
  • sandy ingram on 06 Jan 09
     
    The economic downturn will hit the Internet economy hard in 2009, according to the latest available OECD estimates. The IT Outlook 2008 says that the IT industry is likely to have grown by 4% at most in 2008 compared to the previous year. But with the outlook for the global economy worsening and business and consumer confidence plumetting, growth will remain flat or decline in 2009.
sandy ingram

Obama cyber czar choice worries about smartphones, social networking - Network World - 0 views

www.networkworld.com/...122209-schmidt-cyber-czar.html

privacy security cyber czar

shared by sandy ingram on 26 Dec 09 - Cached
  • sandy ingram on 26 Dec 09
     
    Schmidt says layoffs from the bad economy will prompt theft of corporate data or damage, aided by the vulnerability of network peripheral devices such as printers
sandy ingram

Information Security Clauses and Certifications - Part 1 : Info Law Group - 0 views

www.infolawgroup.com/...uses-and-certifications-part-1

Privacy Security Best Practice

shared by sandy ingram on 21 Jan 10 - Cached
  • What contractual information security provisions should you consider, as a customer or as a vendor or business partner, when the contract contemplates the exchange of protected information? What do security standards and audits entail for a vendor, and what do they offer for a customer?
  • With heightened liability and compliance risks associated with handling protected categories of data, it is becoming more common to see contractual requirements holding vendors accountable for information security or requiring them to conform to a specified information security standard
  • sandy ingram on 21 Jan 10
     
    Outsourcing business and IT functions often means outsourcing compliance and liability risks as well. When a service contract involves protected categories of personal information, both parties need to understand the security requirements and risks. The contract should allocate responsibilities to prevent and respond to security breaches. The contract may also set expectations more precisely by incorporating a written security policy or referring to a widely accepted information security standard, sometimes accompanied by a requirement for a third-party security audit or assessment
« First ‹ Previous 41 - 60 of 95 Next › Last »
Showing 20 items per page