CIO and CISO

Privacy Leader

Marketer and Brand Manager

Blog

Legislating Social Privacy
July 30, 2010
There’s a great deal of talk these days about privacy and social media. Specifically, services like Google, Facebook, Twitter, and other popular social networking platforms are coming under increased scrutiny over their privacy policies and data sharing practices. Permalink

When Privileged Access is no longer a Privilege
July 19, 2010
I just read an interesting multi-part investigative report in the Washington Post about how intelligence gathering – and the bureaucracy that has risen since September 11, 2001 to facilitate the harvest and analysis of that information – has spun beyond the federal government’s control, not to mention its ability to make use of the sheer abundance of information. Permalink

Information Governance in the Cloud
July 15, 2010
Just a brief note to bring our recent webinar to your attention.  I presented Information Governance in the Cloud along with the good people at Symantec. Permalink

RSS Feed

RSS Feed RSS Feed

eGov Initiative Not Without Risk to Citizen Data

November 19, 2009

The eGovernment movement is a good thing, and maybe too long in coming given how many years businesses have been taking advantage of technology to provide convenience and a higher quality of service to their customers. Constituent services have been available online for years, certainly, but only recently has the effort to modernize government been policy. Yet the push to digitalize federal agencies is not all photo ops and campaign sound bites. There’s risk involved, and unless ...more

Posted by Dr. Larry Ponemon at 7:36 am
Permalink Add Comment (0 Comments)

Training Is the Strongest Link

December 10, 2009

Today we held a RIM College event featuring three noted experts in corporate privacy training programs -- namely, Dean Forbes (Merck), Bob Posch (Merck) and John Block (Media Pro).  Our focus is: what are leading companies doing to achieve awareness and knowledge about privacy and data protection requirements? To minimize insider threats within the corporate environment, I believe there is nothing more important that educating the workforce. Despite its importance, our Institute's benchmark results suggest ...more

Posted by Dr. Larry Ponemon at 3:50 pm
Permalink Add Comment (3 Comments)

Use What Works to Create a Culture of Privacy

December 20, 2009

I was in an industrial facility recently and noticed large banners on the walls proclaiming “12 Years without a Safety Incident.” I also saw certificates honoring individual employees who had eclipsed certain thresholds without a time-lost safety event.   It struck me that this is the kind of simple program that privacy and compliance officers can use as a model to create a “culture of privacy” throughout the entire employee community and instill a basic ...more

Posted by Mike Spinney at 12:03 pm
Permalink Add Comment (0 Comments)

Consumer Influences on Most Trusted for Privacy

March 4, 2010

FoxBusiness.com called the other day asking if we might be interested in talking about our annual Most Trusted Companies for Privacy study. Always eager to promote our research (the Institute, after all, produces the most interesting privacy and information security research in the land), I said yes. It’s a busy time for us – Larry was knee-deep in RSA, and I was scheduled to give a talk on privacy in online social networking – but we made ...more

Posted by Mike Spinney at 8:35 pm
Permalink Add Comment (1 Comments)

Ozob’s Tale: Clowning Around with Kids and Facebook

March 18, 2010

In February I was invited to be part of a panel presentation at Darien High School in Darien, Connecticut. The school decided to take action and confront some issues related to prudent use of Facebook following a betrayal of trust among a small group of students that spilled over from a private, off campus affair into a public situation on school grounds. Luckily it was a relatively minor issue and the school wisely decided to use the ...more

Posted by Mike Spinney at 10:22 pm
Permalink Add Comment (2 Comments)

RSA Keynote Address by PGP CEO Phil Dunkelberger

March 23, 2010

 Phil Dunkelberger RSA Keynote - Abridged “Those that cannot remember the past are doomed to repeat it.” -George Santayana The history of the information technology sector is one of constant transformation and reinvention. Whether it’s hardware platforms migrating from mainframes to mini-computers, to personal computers to smart phones or proprietary application interfaces being recreated for web browsers, the IT sector has distinguished itself by its rate of innovation and the ability to transition from one ...more

Posted by Dr. Larry Ponemon at 12:03 pm
Permalink Add Comment (0 Comments)

Information Security and a Leaky Roof

March 29, 2010

Here on the East Coast we’ve been treated to a mild but very wet spring and it reminds me of a story my dad told me when I was a young boy.   During a late spring deluge an old and less than industrious farmer complained to his neighbor that he was exhausted after spending the night running throughout his house placing pans, pails, buckets and anything else that would hold water underneath the many ...more

Posted by Mike Spinney at 8:05 pm
Permalink Add Comment (0 Comments)

Sit Down and Talk with your Kids

April 2, 2010

I've had a positive and heartening response to my recent post about my experience creating a bogus Facebook account to illustrate the ease with which someone can gain access to kids' accounts.   Parents have contacted me to let me know that the story helped them better understand the threats to themselves and their children.  One even said he sat down with his son and together they went though and un-friended individuals with whom he ...more

Posted by Mike Spinney at 9:59 am
Permalink Add Comment (0 Comments)

Security in the Trenches

April 14, 2010

We just completed a survey of federal IT security professionals to examine the data protection posture of government agencies. Through the survey, sponsored by CA, we wanted to see whether or not there is consistency in the perception of rank-and-file employees and executive management as it pertains to the safeguarding of sensitive information, regulatory compliance, and the day-to-day management and execution of a security program.   What we found was interesting, and in keeping with what ...more

Posted by Dr. Larry Ponemon at 10:23 am
Permalink Add Comment (1 Comments)

The Road to Data Breach is Paved with Good Intentions

April 19, 2010

We recently completed some new research with Accenture in which we were surprised to find that, in spite of all the attention being paid to data protection, and in spite of new and updated data protection regulations, complacency is beginning to settle in among many companies.   Yes, I said complacency.   Oh, don’t get me wrong: most organizations have good intentions with regard to data protection, but we all know where the road paved ...more

Posted by Dr. Larry Ponemon at 12:25 pm
Permalink Add Comment (3 Comments)

Littler Mendelson on Quon

April 19, 2010

Our good friend Phil Gordon, one of the sharpest minds on privacy and labor/employment law, offers an interesting view of today's oral argument before the U.S. Supreme Court today in the potentially landmark case of City of Ontario v. Quon.   Phil's blog on the case includes telling statements from Justice Sottomayor, Justice Alito, and Chief Justice Roberts which Phil believes point toward a more ruling "far narrower than anticipated by many."   To read the ...more

Posted by Mike Spinney at 10:31 pm
Permalink Add Comment (0 Comments)

Ponemon Institute/Crowe Horwath HIPAA HITECH Compliance Webinar

April 23, 2010

Curious about what American citizens think about the privacy of their sensitive medical information and how public opionion affects HIPAA HITECH compliance? The Ponemon Institute and Corwe Horwath will present a webinar on May 20th on the issue. Among the points of discussion: • How are key stakeholders responding to increased PHI privacy regulations? • How frequently are healthcare organizations testing and updating their HIPAA/HITECH compliance programs? • How prevalent are deficiencies in HIPAA/HITECH compliance ...more

Posted by Susan Jayson at 11:16 pm
Permalink Add Comment (0 Comments)

Global Data Breach Costs Examined for First Time

April 28, 2010

Without a doubt the Ponemon Institute’s most popular study is our Annual Cost of a Data Breach study, a case study analysis of U.S. data loss incidents of varying size and cause, affecting a representative sampling of industries. Because we examine the actual costs incurred by companies as a result of discovering and responding to a data breach, we believe our figures are an accurate measure of the potentially devastating financial impact following a data breach. ...more

Posted by Mike Spinney at 12:13 pm
Permalink Add Comment (1 Comments)

Fear and Loathing in Online Advertising

May 3, 2010

Have you ever seen an interactive advertisement while browsing around on the Web and, even though it was from a brand that you recognized promoting a product, service or event that you found interesting, you simply refused to click on the image because of a nagging sense of trepidation? What really lies beyond that alluring digital veil? Is the offer worth the risk? What of my digital privacy might I be giving up by responding to that message? ...more

Posted by Dr. Larry Ponemon at 2:21 pm
Permalink Add Comment (2 Comments)

Think Before you Cloud

May 13, 2010

A few years ago, when wireless networking was still relatively new, there were numerous reports of enterprising employees who, frustrated with the pace of new technology integration in their workplace, took it upon themselves to deploy rogue access points – often hidden behind furniture or above drop-down ceiling panels – in order to provide convenient mobility around the office.   Problem was these clandestine devices, while providing a benefit to the user, were not industrial ...more

Posted by Dr. Larry Ponemon at 9:02 am
Permalink Add Comment (1 Comments)

Facebook's Pioneering Privacy Path

May 26, 2010

Wow. Facebook seems to have rubbed a lot of folks the wrong way -- again. Time Magazine  put the company on the cover this week following yet another privacy misstep and an admission by CEO Mark Zuckerberg that, perhaps, the company had made a few mistakes in calculating the public’s acceptance of its data use practices.   Even as Facebook implements simpler privacy controls in response to criticism, a growing number of users are upset at the ...more

Posted by Mike Spinney at 11:47 am
Permalink Add Comment (0 Comments)

Cold War and a Hot Furnace

June 9, 2010

I was a U.S. Navy intelligence specialist assigned to VA-55 (go Warhorses!), a bomber squadron based at NAS Oceana in Virginia Beach, Virginia. In my position I handled a great deal of classified information and also had responsibility for the destruction of that information. Ashore, I took bags of discarded documents to the base intelligence center and tossed the paper into Igor, a massive pulverizing machine that rendered into a fine powder whatever slid down its chute. ...more

Posted by Mike Spinney at 10:44 am
Permalink Add Comment (0 Comments)

Benchmarking Information Security Efficiency

July 1, 2010

Recently the Ponemon Institute completed a new project, the Security Efficiency Benchmark Study, the purpose of which was to learn what IT security leaders in the UK and European think are the key components to having an efficient and effective security operation. In other words, we wanted to know what is necessary for achieving data security goals and protect information assets and infrastructure. As more and more organizations appoint chief information security officers and increase investments ...more

Posted by Dr. Larry Ponemon at 4:07 pm
Permalink Add Comment (0 Comments)

Advanced Cyberthreats: Are You Ready?

July 6, 2010

  Last September I had the privilege of addressing an audience of IT professionals from the chemical industry during the ChemITC Annual Conference. My presentation focused on applying lessons learned by consumer-facing industries from five years of experience dealing with data breach notification regulations and what those lessons can teach an industry that, like many others, is beset by data security issues. A number of high profile cases of corporate espionage in the chemical industry, including ...more

Posted by Mike Spinney at 5:12 pm
Permalink Add Comment (0 Comments)

Integrated, Holistic Security Strategies

July 12, 2010

Holistic is a popular word these days. Often applied to food and medicine, the word conjures images of natural, healthy living, but the word holistic refers to the function of an entity as a whole, including the interdependence of all its parts. Given this broader meaning, holistic can (and should) be applied when thinking strategically about the way a business organization operates. Successful, well-functioning organizations most adapt to change, be flexible in their relationships, and innovative in their ...more

Posted by Dr. Larry Ponemon at 8:30 am
Permalink Add Comment (0 Comments)

Car Talk and Compliance

July 14, 2010

Are you familiar with Click and Clack, the Magliozzi brothers of NPR’s hilarious auto repair show Car Talk? Tom and Ray are blessed with both an encyclopedic knowledge of automotive troubleshooting, and with an on-air chemistry that makes mechanics interesting and entertaining. By engaging their callers in seemingly inane banter (and laughing at each other's jokes), they are able to extract enough information to (most of the time) correctly diagnose car troubles over the phone. If you ...more

Posted by Mike Spinney at 11:14 am
Permalink Add Comment (0 Comments)

Information Governance in the Cloud

July 15, 2010

Just a brief note to bring our recent webinar to your attention.  I presented Information Governance in the Cloud along with the good people at Symantec.  The presentation is based in part on results from our earlier report, Flying Blind in the Cloud. If you want to view the webinar, presented on the Windows Live Meeting platform, please click here. If you have any questions or comments about this issue, our report, or the webinar, we'd ...more

Posted by Dr. Larry Ponemon at 11:08 am
Permalink Add Comment (0 Comments)

When Privileged Access is no longer a Privilege

July 19, 2010

I just read an interesting multi-part investigative report in the Washington Post about how intelligence gathering – and the bureaucracy that has risen since September 11, 2001 to facilitate the harvest and analysis of that information – has spun beyond the federal government’s control, not to mention its ability to make use of the sheer abundance of information. The report, Top Secret America, is frightening to a certain degree. In a country that reveres personal liberty, ...more

Posted by Mike Spinney at 2:59 pm
Permalink Add Comment (0 Comments)

Legislating Social Privacy

July 30, 2010

There’s a great deal of talk these days about privacy and social media. Specifically, services like Google, Facebook, Twitter, and other popular social networking platforms are coming under increased scrutiny over their privacy policies and data sharing practices. As I write this issue has the attention of a number of politicians in Washington, DC as Congress mulls new legislation addressing privacy concerns. The Ponemon Institute believes a big part of addressing issues of consumer privacy as they ...more

Posted by Mike Spinney at 2:20 pm
Permalink Add Comment (0 Comments)