Use What Works to Create a Culture of Privacy
December 20, 2009
I was in an industrial facility recently and noticed large banners on the walls proclaiming “12 Years without a Safety Incident.” I also saw certificates honoring individual employees who had eclipsed certain thresholds without a time-lost safety event. It struck me that this is the kind of simple program that privacy and compliance officers can use as a model to create a “culture of privacy” throughout the entire employee community and instill a basic ...more
Posted by Mike Spinney at 12:03 pm
Permalink
Add Comment
(
0 Comments)
RSA Keynote Address by PGP CEO Phil Dunkelberger
March 23, 2010
Phil Dunkelberger RSA Keynote - Abridged “Those that cannot remember the past are doomed to repeat it.” -George Santayana The history of the information technology sector is one of constant transformation and reinvention. Whether it’s hardware platforms migrating from mainframes to mini-computers, to personal computers to smart phones or proprietary application interfaces being recreated for web browsers, the IT sector has distinguished itself by its rate of innovation and the ability to transition from one ...more
Posted by Dr. Larry Ponemon at 12:03 pm
Permalink
Add Comment
(
0 Comments)
Information Security and a Leaky Roof
March 29, 2010
Here on the East Coast we’ve been treated to a mild but very wet spring and it reminds me of a story my dad told me when I was a young boy. During a late spring deluge an old and less than industrious farmer complained to his neighbor that he was exhausted after spending the night running throughout his house placing pans, pails, buckets and anything else that would hold water underneath the many ...more
Posted by Mike Spinney at 8:05 pm
Permalink
Add Comment
(
0 Comments)
Security in the Trenches
April 14, 2010
We just completed a survey of federal IT security professionals to examine the data protection posture of government agencies. Through the survey, sponsored by CA, we wanted to see whether or not there is consistency in the perception of rank-and-file employees and executive management as it pertains to the safeguarding of sensitive information, regulatory compliance, and the day-to-day management and execution of a security program. What we found was interesting, and in keeping with what ...more
Posted by Dr. Larry Ponemon at 10:23 am
Permalink
Add Comment
(
1 Comments)
The Road to Data Breach is Paved with Good Intentions
April 19, 2010
We recently completed some new research with Accenture in which we were surprised to find that, in spite of all the attention being paid to data protection, and in spite of new and updated data protection regulations, complacency is beginning to settle in among many companies. Yes, I said complacency. Oh, don’t get me wrong: most organizations have good intentions with regard to data protection, but we all know where the road paved ...more
Posted by Dr. Larry Ponemon at 12:25 pm
Permalink
Add Comment
(
3 Comments)
Ponemon Institute/Crowe Horwath HIPAA HITECH Compliance Webinar
April 23, 2010
Curious about what American citizens think about the privacy of their sensitive medical information and how public opionion affects HIPAA HITECH compliance? The Ponemon Institute and Corwe Horwath will present a webinar on May 20th on the issue. Among the points of discussion: • How are key stakeholders responding to increased PHI privacy regulations? • How frequently are healthcare organizations testing and updating their HIPAA/HITECH compliance programs? • How prevalent are deficiencies in HIPAA/HITECH compliance ...more
Posted by Susan Jayson at 11:16 pm
Permalink
Add Comment
(
0 Comments)
Global Data Breach Costs Examined for First Time
April 28, 2010
Without a doubt the Ponemon Institute’s most popular study is our Annual Cost of a Data Breach study, a case study analysis of U.S. data loss incidents of varying size and cause, affecting a representative sampling of industries. Because we examine the actual costs incurred by companies as a result of discovering and responding to a data breach, we believe our figures are an accurate measure of the potentially devastating financial impact following a data breach. ...more
Posted by Mike Spinney at 12:13 pm
Permalink
Add Comment
(
1 Comments)
Think Before you Cloud
May 13, 2010
A few years ago, when wireless networking was still relatively new, there were numerous reports of enterprising employees who, frustrated with the pace of new technology integration in their workplace, took it upon themselves to deploy rogue access points – often hidden behind furniture or above drop-down ceiling panels – in order to provide convenient mobility around the office. Problem was these clandestine devices, while providing a benefit to the user, were not industrial ...more
Posted by Dr. Larry Ponemon at 9:02 am
Permalink
Add Comment
(
1 Comments)
Cold War and a Hot Furnace
June 9, 2010
I was a U.S. Navy intelligence specialist assigned to VA-55 (go Warhorses!), a bomber squadron based at NAS Oceana in Virginia Beach, Virginia. In my position I handled a great deal of classified information and also had responsibility for the destruction of that information. Ashore, I took bags of discarded documents to the base intelligence center and tossed the paper into Igor, a massive pulverizing machine that rendered into a fine powder whatever slid down its chute. ...more
Posted by Mike Spinney at 10:44 am
Permalink
Add Comment
(
0 Comments)
Oil Spills and Data Drills
June 20, 2010
My heart sinks day by day as I watch events unfolding in the Gulf of Mexico. I doubt if anyone can begin to comprehend the potential extent of the devastation taking place as a result of the catastrophe. That massive oil leak is despoiling not only the visible beauty of the Gulf – water, beaches, marshes, wildlife – but is likely to result in enormous and long lasting damage to the region’s fragile ecology and economy as ...more
Posted by Mike Spinney at 1:06 pm
Permalink
Add Comment
(
0 Comments)
Benchmarking Information Security Efficiency
July 1, 2010
Recently the Ponemon Institute completed a new project, the Security Efficiency Benchmark Study, the purpose of which was to learn what IT security leaders in the UK and European think are the key components to having an efficient and effective security operation. In other words, we wanted to know what is necessary for achieving data security goals and protect information assets and infrastructure. As more and more organizations appoint chief information security officers and increase investments ...more
Posted by Dr. Larry Ponemon at 4:07 pm
Permalink
Add Comment
(
0 Comments)
Advanced Cyberthreats: Are You Ready?
July 6, 2010
Last September I had the privilege of addressing an audience of IT professionals from the chemical industry during the ChemITC Annual Conference. My presentation focused on applying lessons learned by consumer-facing industries from five years of experience dealing with data breach notification regulations and what those lessons can teach an industry that, like many others, is beset by data security issues. A number of high profile cases of corporate espionage in the chemical industry, including ...more
Posted by Mike Spinney at 5:12 pm
Permalink
Add Comment
(
0 Comments)
Integrated, Holistic Security Strategies
July 12, 2010
Holistic is a popular word these days. Often applied to food and medicine, the word conjures images of natural, healthy living, but the word holistic refers to the function of an entity as a whole, including the interdependence of all its parts. Given this broader meaning, holistic can (and should) be applied when thinking strategically about the way a business organization operates. Successful, well-functioning organizations most adapt to change, be flexible in their relationships, and innovative in their ...more
Posted by Dr. Larry Ponemon at 8:30 am
Permalink
Add Comment
(
0 Comments)
Car Talk and Compliance
July 14, 2010
Are you familiar with Click and Clack, the Magliozzi brothers of NPR’s hilarious auto repair show Car Talk? Tom and Ray are blessed with both an encyclopedic knowledge of automotive troubleshooting, and with an on-air chemistry that makes mechanics interesting and entertaining. By engaging their callers in seemingly inane banter (and laughing at each other's jokes), they are able to extract enough information to (most of the time) correctly diagnose car troubles over the phone. If you ...more
Posted by Mike Spinney at 11:14 am
Permalink
Add Comment
(
0 Comments)
Information Governance in the Cloud
July 15, 2010
Just a brief note to bring our recent webinar to your attention. I presented Information Governance in the Cloud along with the good people at Symantec. The presentation is based in part on results from our earlier report, Flying Blind in the Cloud. If you want to view the webinar, presented on the Windows Live Meeting platform, please click here. If you have any questions or comments about this issue, our report, or the webinar, we'd ...more
Posted by Dr. Larry Ponemon at 11:08 am
Permalink
Add Comment
(
0 Comments)
When Privileged Access is no longer a Privilege
July 19, 2010
I just read an interesting multi-part investigative report in the Washington Post about how intelligence gathering – and the bureaucracy that has risen since September 11, 2001 to facilitate the harvest and analysis of that information – has spun beyond the federal government’s control, not to mention its ability to make use of the sheer abundance of information. The report, Top Secret America, is frightening to a certain degree. In a country that reveres personal liberty, ...more
Posted by Mike Spinney at 2:59 pm
Permalink
Add Comment
(
0 Comments)
RSS Feed
