IT Compliance and Controls

Converging Business, Information, and Controls

IT Compliance and Controls header image 4

Entries Tagged as 'Human Resources'

Article: Blackmail payments for stolen client data

February 21st, 2008 · No Comments

Yesterday I highlighted that organizations must consider the value of information based on the party that possesses it, i.e. If the information was made available to anyone – what could they do and how bad would the impact be to your organization? Today’s Wall Street Journal had an article entitled “Another Liechtenstein Bank Suffers Theft […]

[Read more →]

Tags: Fraud · Human Resources · Identity Theft · Risk Awareness

Intellectual Assets: News items on Espionage & Public Dissimination of Data

February 20th, 2008 · 1 Comment

Intellectual property for an organization can vary between trade secrets (i.e. the ‘secret sauce recipe’) and customer specific data.  Every organization must classify information appropriately based on their own usage of the data, governing laws, and best practices.  Two recent examples caught my attention as examples where data was compromised and the affects. The first […]

[Read more →]

Tags: Access and Authorization · Human Resources · Logical Access · Monitoring and Performance Reviews · Risk Awareness

Sensitive Information includes Internet Addresses, EU Data Privacy Group

January 25th, 2008 · No Comments

Personally Identifiable Information is defined differently by each industry, country, and region. Companies must have information intelligence practices in place that account for these types of information, and means of classifying and protecting. Such information in the U.S. varies by jurisdiction, but can include medical records, financial information, and now perhaps in the EU your […]

[Read more →]

Tags: Human Resources · Monitoring and Performance Reviews · Policy and Procedures · Risk Awareness · Technology Intelligence

HITBSecConf2007 presentations are online!

September 27th, 2007 · 1 Comment

The generous conference organizers at this years “Hack In The Box Security Conference Series” Malaysia (September 3-6) have posted the full presentations for anyone to download and enjoy. This is an excellent resource for extending your knowledge and leveraging the leading thought leaders in security. My favorite reads include Andrew Cushman’s “State of Security“, Martin […]

[Read more →]

Tags: Human Resources · Life Cycle Management · Risk Awareness · Security and Assurance · Trusted Communications and Network · Trusted Computing Platform Systems