Categories
-
Recent Posts
- Security Awareness and Social Networks: Why You Should Care, and What You Should Teach
- Poor Delivery – 5 Reasons Why Security Awareness Training Programs Fail – Part 2
- If You’re Going to Use PowerPoint
- Don’t Get Bogged Down in “How To”
- The Wrong Content – 5 Reasons Why Security Awareness Training Programs Fail – Part 1
Archives
Category Archives: Compliance
Security Awareness Training for Call Center Reps
Call centers often handle highly sensitive information for customers including financial data such as credit card details, Social Security numbers, and bank account details; and, in some cases, health information. This means that they need to comply with an increasing … Continue reading
Posted in Compliance, Education, Information Security
Leave a comment
Data Exchanged Between Employees Could be a Security Breach
The Washington Post recently reported that an employee in the National Finance Center sent an Excel spreadsheet of employees’ personal information to a coworker in an unencrypted email. The Commerce Department sent a letter to all affected employees notifying them … Continue reading
Posted in Compliance, Information Security
Leave a comment
Signed Policies Are a Must-Have
A couple of interesting articles today. Germany has just enacted a new law that requires companies to obtain a signed consent from employees before their work communications can be monitored. How this affects monitoring for inappropriate, illegal and insecure communications … Continue reading
Posted in Compliance
Leave a comment
HIPAA /HITECH Breach Notification Applies to Deceased Individuals
In her Realtime IT Compliance blog, Rebecca Herold posted an article about the implications of the FTC’s Health Breach Notification Rule. As usual, it’s probably going to take a while for the dust to settle so that we can understand … Continue reading
Posted in Compliance
Leave a comment
CMS Recommendations for Complying with the HIPAA Security Awareness Training Requirements
During 2008, the Centers for Medicare & Medicaid Services (CMS) Office of E-Health Standards and Services (OESS) reviewed ten HIPAA covered entities (CEs) for their compliance with the HIPAA Security Rule. They found that the CEs had problems in compliance … Continue reading
Posted in Compliance, Education, Information Security
Leave a comment
1 Course per Month Programs – Why I Don’t Like Them
Some organizations use a “1 course per month” approach to trickle security awareness training out to their staff – the intention being that they avoid overloading staff with a large amount of training upfront by dividing it up into more … Continue reading
Posted in Compliance, Education
Leave a comment
The Second Year and Beyond
Let’s say that you’ve been tasked with establishing a security awareness program to comply with the regulations that apply to your organization. You set up a series of courses – probably web-based because you have too many students and insufficient … Continue reading
Posted in Compliance, Education
Leave a comment
Save Money by Automating Policy Signature Management
Many laws and regulations – both security-related and other areas of HR – require employees to review a set of policies and sign them to indicate that they understand and will obey them. This usually involves someone printing out multiple … Continue reading
Posted in Compliance
Leave a comment
Sarbanes Oxley (SOX) and Security Awareness Training
The Sarbanes Oxley Act became law in 2002 in the wake of the Enron financial scandal. Its focus is setting rules for the ways that public organizations and accounting firms should handle corporate governance and financial disclosures – it is … Continue reading
Posted in Compliance
Leave a comment
Gramm-Leach-Bliley Act (GLBA) and Security Awareness Training
The Gramm-Leach-Bliley Act of 1999 (also known as the Gramm-Leach-Bliley Financial Services Modernization Act or "GLBA") was designed to open up competition in the financial services industry. It applies to all "Financial Service Providers" which includes obvious groups such as … Continue reading
Posted in Compliance
1 Comment