sandy ingram (smallbizprivacy)'s Public Profile in the Diigo Community

Developing a workplace privacy and security project management certificate program along with a local university.

Member since Oct 08, 2008, follows 34 people, 12 public groups, 606 public bookmarks (977 total).

More »

Tags

Recent Tags:	Security(0), Privacy(0), Best Practice(0), Cybersecurity(0), twitter(0), Fraud(0), compliance(0), e-discovery(0), FTC(0), Red Flags Rule(0), workplace(0), identity theft(0), Awareness(0), Best(0), Practice(0), virus(0), sunbelt(0), Employee(0)
Top Tags:	Privacy(157), Security(179), breach(46), twitter(58), Best Practice(62), data(30), compliance(43), Cybersecurity(35), Old But New 2 U(24), identity theft(25)

More »

Recent Bookmarks and Annotations

Twitter security risks, popularity spark regulatory concerns on 2009-11-22
- "Is using Twitter always right for the enterprise, or is it a risk to a
  business?"
- "If a corporate employee puts out information in a tweet that's IP or private,
  anyone in the world can see it.
Fighting Fraud with the Red Flags Rule FAQ on 2009-11-22
- A. General Questions About the Red Flags Rule
- The Red Flags Rule requires many businesses and organizations to implement a
  written Identity Theft Prevention Program to detect the warning signs – or “red
  flags” – of identity theft in their day-to-day operations. The staff of
  the Federal Trade Commission (FTC) has heard from companies across the country
  that are developing Programs. Their questions – and the FTC’s answers –
  may help you develop a Program for your business.
- 3 more annotations...
- - A. General Questions About the Red Flags Rule
  - B. Who’s Covered by the Red Flags Rule?
  - C. The Red Flags Rule and Government Agencies, Non-Profit Organizations, and
    Schools
FTC Announces Expanded Business Education Campaign on 'Red Flags' Rule on 2009-11-22
- The Red Flags Rule is an anti-fraud regulation, requiring “creditors” and
  “financial institutions” with covered accounts to implement programs to
  identify, detect, and respond to the warning signs, or “red flags,” that could
  indicate identity theft. The financial regulatory agencies, including the FTC,
  developed the Rule, which was mandated by the Fair and Accurate Credit
  Transactions Act of 2003 (FACTA).
- The FTC’s Red Flags Web site, www.ftc.gov/redflagsrule, offers resources to help
  entities determine if they are covered and, if they are, how to comply with the
  Rule. It includes an online compliance template that enables companies to design
  their own Identity Theft Prevention Program through an easy-to-do form, as well
  as articles directed to specific businesses and industries, guidance manuals,
  and Frequently Asked Questions to help companies navigate the Rule.
Consumer Form Letters and Opt Out Information | Privacy Rights Clearinghouse on 2009-11-21
Department Of Interior Fails Cybersecurity Audit -- Cybersecurity -- InformationWeek on 2009-11-12
- The Department of the Interior inspector general has issued a report that's
  sharply critical of the agency's cybersecurity performance, concluding that its
  efforts fall short of federal government requirements.
- The Department of Interior has CIOs for each of its large bureaus, and those
  CIOs are supposed to have responsibility for their organizations' IT and
  cybersecurity. However, the inspector general found that responsibilities were
  delegated to smaller offices, resulting in inefficiencies and higher costs.
- 4 more annotations...
- - The report describes IT and cybersecurity governance at the department as being
    inefficient, wasteful, and lacking accountability.
  - A cybersecurity assessment management tool at Interior is used to track
    cybersecurity progress, but status updates aren't verified or followed up on, so
    documented problems often go unfixed or inadequately fixed.
  - Among cybersecurity staff, Interior required only self-certified training.
    The inspector general found that only 13.5% of self certifications were relevant
    and complete.
  - The security levels of some IT systems were incorrectly categorized. For
    example, the U.S. Geological Survey said it had no "high impact" systems,
    despite the fact that it manages computer systems for earthquake monitoring and
    research and for toxic substance analysis.
Cyber Security Audit Spanks Department of Interior | Government Tech | ITBusinessEdge.com on 2009-11-12
- The report sharply criticizes the agency's cyber security performance, calling
  its personnel "substantially under-qualified." Interior required that staff only
  get self-certified training; only 13.5 percent of self certifications were
  relevant and complete.
- The report goes on to say that IT and cyber security governance at the
  department is inefficient, wasteful and lacks accountability
Building a Culture of Data Security and Related Privacy Interests in the Workplace on 2009-11-11
- In preparing for this Insight, I read an enlightening article
  published by the Society for Human Resource Management (SHRM) in its August 2008
  issue of HR Magazine titled, "Out of the Breach: Reduce the Risk of Litigation
  and Build Confidence in Data Handling by Becoming a Privacy Champion." In this
  cover story, senior writer Rita Zeidner presents a case for building a "culture
  of privacy" in the workplace. According to Zeidner, privacy experts recommend
  training, along with taking other precautionary steps, as the best defense for
  avoiding breaches of privacy.
- it is the required thing to do in order to comply with the numerous federal and
  state laws that may be applicable, which both define protected employee/customer
  data and identify related restrictions with respect to the access, use, storage
  and dissemination of the same. If you want to build a culture of privacy in your
  workplace with respect to the protection of personal data, the following summary
  of Zeidner’s steps might serve as a useful reference:
- 2 more annotations...
- - Finally employers should train employees so they know how to
    recognize threats to the security of protected data and report suspicious
    activities. If employees cannot attend and participate in this training, their
    access to such information should be blocked until they attend the training.
    Once employees are trained, and as a way to encourage and reinforce these
    behaviors, employers should publicly acknowledge and reward employees who alert
    the company of potential problems.
  - Since you want to make sure that rank-and-file employees are well
    trained, you will initially want to provide complementary, mandatory training
    and development opportunities for the managers to whom these employees report.
    In doing so, you can develop a benchmarking program, which can be used as a tool
    for checking on and evaluating managerial goals. For instance, managers can be
    held responsible for signing off on benchmarks such as follows:.
    
    Completing a privacy-data inventory that identifies where information is
    stored.
    Establishing and communicating a privacy policy statement program.
    Verifying policies and practices for security measures.
    Setting aside off-network computers that employees can use during break
    times or off-hours that will not compromise your network files; and
    Taking steps to ensure that contractor-software providers take regard for
    ensuring protection, the same as you do.
Google Dashboard Creates Security and Privacy Concerns on 2009-11-06
- Providing a resource like the Google Dashboard that presents all associated
  information in one place may actually create more privacy and security issues
  than it solves though.
- If you know the right queries to use you can find usernames and passwords,
  financial spreadsheets, confidential documents, and more by leveraging the vast
  database of indexed information stored at Google.
- 3 more annotations...
- - Google delivers all of the juicy details it has about you in a one-stop-shopping
    resources like the Google Dashboard which also provides a juicy
    one-stop-shopping target for attackers
  - "Google Dashboard is akin to putting all of one's eggs in a single basket. The
    problem is that the average end-user is clueless on how to guard that digital
    basket.
  - So once that Google account is breached/hacked, the victim has their entire
    Google experience compromised."
Facebook and MySpace users hit by cyber attacks on 2009-11-06
- Users will receive an email that looks like an official Facebook invite or a
  password reset confirmation.
- As soon as the unwitting Facebook user does this, their password is in the hands
  of cybercriminals.
Digital Data Make For A Really Permanent Record : NPR on 2009-11-05

More »

Bookmark Lists

More »

Groups

CIPP Information Privacy & Security News

8 members, 731 items

News stories, videos, podcasts about information privacy & related disciplines of information governance, security, audit & risk management
Diigo Community

1083 members, 3452 items

Share your review, tips, tricks, and ideas for using Diigo here, and discuss our features, ideas for new features, anything Diigo related. Note that bookmarks posted to this group have no relation to 'Hot Bookmarks from the Diigo Community'.
Healthy Water

3 members, 22 items

Drink your way back to better health.
Information Security

38 members, 98 items

All things information security, information assurance, and security engineering.
PresidentObama

1 members, 8 items