HIPAA – the Health Insurance Portability and Accountability Act – is federal legislation passed in 1996 that addresses various elements of healthcare in the United States, including health insurance reforms and several other areas not related to privacy or security. However, this law also includes a mandate for the US… Continue Reading HIPAA Privacy and Security Rules, and Security Awareness Training
COBIT (Control Objectives for Information and Related Technology – ISBN 1-933284-37-4) was developed by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI). It’s a much broader standard than ISO 17799 since it applies to the entire IT structure of an organization (rather than just… Continue Reading COBIT and Security Awareness Training
ISO/IEC 17799:2005(E) (“Information technology – Security techniques – Code of practice for information security management”) is a widely-used guide to information security management that reflects accepted best practice, and which is used in businesses and government organizations around the world. Security awareness training is a key component of the ISO… Continue Reading ISO 17799 and Security Awareness Training
About a year ago, I opened a dialup Internet access account with Earthlink using their ‘secure live sales chat’ feature. “Why a dialup account in this day of high speed internet?”, I hear you ask. Because we were renting a house about 30 miles outside Seattle and couldn’t get any… Continue Reading Earthlink and Process Insecurity
A couple of years ago, Cosaint rolled out a course called "Avoiding Identity Theft". Since that date, most of our clients have picked it up and provided it to their students and it’s been very well received. But sometimes, when talking to prospects, their initial reaction to the course content… Continue Reading Identity Theft? That’s Not Our Problem!
In today’s news, phishing is still on the rise. The trends are inexorable and disturbing – shown here are figures from the Anti Phishing Working Group’s most recent Phishing Activities Trends Report. And this report from Gartner, Inc. in November 2006 notes the following figures:
Over the last 5 years, Cosaint has hosted a lot of security awareness training (SAT) portals for clients. And, in the process, we’ve learned a great deal about how to organize support (and quite a bit about how not to organize it!). So here are my 2 basic rules for… Continue Reading Support Arrangements For Your Security Awareness Training Program
Oh no … not again! On Tuesday, Boeing revealed that an employee’s laptop with sensitive information about more than 380,000 current and former employees had been stolen from a car. This is the third such case at Boeing this year. The Privacy Rights Clearinghouse has been monitoring reported data breaches… Continue Reading US Data Security Breaches Since Feb 2005 Top 100M