The Gramm-Leach-Bliley Act of 1999 (also known as the Gramm-Leach-Bliley Financial Services Modernization Act or “GLBA”) was designed to open up competition in the financial services industry. It applies to all “Financial Service Providers” which includes obvious groups such as insurance agencies, tax preparers and financial advisors, as well as… Continue Reading Gramm-Leach-Bliley Act (GLBA) and Security Awareness Training

The Payment Card Industry (PCI) Data Security Standard is a set of comprehensive security requirements that applies to merchants and service providers who process and/or store payment card information. The standard was developed by Visa and MasterCard, and has now been adopted by the other major credit card issuing companies.… Continue Reading PCI Data Security Standard and Security Awareness Training

HIPAA – the Health Insurance Portability and Accountability Act – is federal legislation passed in 1996 that addresses various elements of healthcare in the United States, including health insurance reforms and several other areas not related to privacy or security. However, this law also includes a mandate for the US… Continue Reading HIPAA Privacy and Security Rules, and Security Awareness Training

COBIT (Control Objectives for Information and Related Technology – ISBN 1-933284-37-4) was developed by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI). It’s a much broader standard than ISO 17799 since it applies to the entire IT structure of an organization (rather than just… Continue Reading COBIT and Security Awareness Training

ISO/IEC 17799:2005(E) (“Information technology – Security techniques – Code of practice for information security management”) is a widely-used guide to information security management that reflects accepted best practice, and which is used in businesses and government organizations around the world. Security awareness training is a key component of the ISO… Continue Reading ISO 17799 and Security Awareness Training

About a year ago, I opened a dialup Internet access account with Earthlink using their ‘secure live sales chat’ feature. “Why a dialup account in this day of high speed internet?”, I hear you ask. Because we were renting a house about 30 miles outside Seattle and couldn’t get any… Continue Reading Earthlink and Process Insecurity

A couple of years ago, Cosaint rolled out a course called "Avoiding Identity Theft". Since that date, most of our clients have picked it up and provided it to their students and it’s been very well received. But sometimes, when talking to prospects, their initial reaction to the course content… Continue Reading Identity Theft? That’s Not Our Problem!

Over the last 5 years, Cosaint has hosted a lot of security awareness training (SAT) portals for clients. And, in the process, we’ve learned a great deal about how to organize support (and quite a bit about how not to organize it!). So here are my 2 basic rules for… Continue Reading Support Arrangements For Your Security Awareness Training Program

Oh no … not again! On Tuesday, Boeing revealed that an employee’s laptop with sensitive information about more than 380,000 current and former employees had been stolen from a car. This is the third such case at Boeing this year. The Privacy Rights Clearinghouse has been monitoring reported data breaches… Continue Reading US Data Security Breaches Since Feb 2005 Top 100M