Categories
-
Recent Posts
- Security Awareness and Social Networks: Why You Should Care, and What You Should Teach
- Poor Delivery – 5 Reasons Why Security Awareness Training Programs Fail – Part 2
- If You’re Going to Use PowerPoint
- Don’t Get Bogged Down in “How To”
- The Wrong Content – 5 Reasons Why Security Awareness Training Programs Fail – Part 1
Archives
Category Archives: Information Security
Disaster Recovery Plans for Small Businesses
The New York Times has published a useful article on developing Disaster Recovery Plans for small businesses (and, I would assume, other organizations such as non-profits and government agencies). Too many small organizations are putting themselves and, in some cases, … Continue reading
Posted in Information Security
Leave a comment
Crack Your Webmail Password for $33?
The Washington Post has published an article about the continuing availability of password-cracking services as YourHackerz.com, piratecrackers.com and hack-mail.net. They advertise openly, and offer to crack the password of Web-based email systems as Gmail, Facebook, Yahoo, Hotmail, and AOL for … Continue reading
Posted in Information Security
Leave a comment
Cost of a Single Security Breach – US$822,000
It’s often difficult to justify security measures because of the lack of realistic data regarding the cost of security incidents. After all, few organizations want to publicize their mistakes! But, from time-to-time, a snippet of information becomes available that enables … Continue reading
Posted in Information Security
1 Comment
Facebook Applications Have Holes – Lots of Them!
DarkReading is carrying a report about research into Facebook security holes by a researcher known only as ‘theharmonyguy’. He/she is disclosing flaws that he/she has discovered in Facebook and the 3rd party applications that many people use. So far, he/she … Continue reading
Posted in Information Security
Leave a comment
Data Exchanged Between Employees Could be a Security Breach
The Washington Post recently reported that an employee in the National Finance Center sent an Excel spreadsheet of employees’ personal information to a coworker in an unencrypted email. The Commerce Department sent a letter to all affected employees notifying them … Continue reading
Posted in Compliance, Information Security
Leave a comment
IBM 2009 Mid-Year Trend and Risk Report
If you’re responsible for developing computer security training, the 2009 Mid-Year Trend and Risk Report from IBM should be required reading.
Posted in Information Security
Leave a comment
Social Engineering Attacks Still Alive and Well
CNET News recently reported that the AT&T account of convicted hacker turned security consultant Kevin Mitnick had been breached for the second time. Reportedly, the hacker(s) simply called a representative at an AT&T store in Idaho and asked them to … Continue reading
Posted in Education, Information Security
Leave a comment
Fax Insecurity
Recently, I was working on a Cosaint end-user awareness course about fax security – when it’s safe to use a fax, how to protect faxed information … But, as I worked on it, I became increasing convinced that it’s never … Continue reading
Posted in Information Security
1 Comment
CMS Recommendations for Complying with the HIPAA Security Awareness Training Requirements
During 2008, the Centers for Medicare & Medicaid Services (CMS) Office of E-Health Standards and Services (OESS) reviewed ten HIPAA covered entities (CEs) for their compliance with the HIPAA Security Rule. They found that the CEs had problems in compliance … Continue reading
Posted in Compliance, Education, Information Security
Leave a comment
Security Questions – Good, Bad and Just Plain Ugly
Most of us, at one time or another, have forgotten a password for a website. So we go to the ‘Forgot Your Password’ link, answer a simple question, and the password is reset or we get access to the account … Continue reading
Posted in Information Security
Leave a comment