E-Discovery – Compliance and Privacy Challenges

July 27, 2010

One of our readers recently brought our attention to the Legal Talk Network website and recommended that we pass along the fine reporting work this website provides its readership regarding the topic of e-Discovery.

Our staff agrees and recommends that anyone trying to keep current on this controversial risk management topic should visit and benchmark this website as well as pass this information to the business continuity and risk management team members in their organization.

Click here to listen to a recent podcast of host Gina Jytyla, Managing Staff Attorney in the Legal Technologies division at Kroll Ontrack, as she welcomes Kimberly Marin, Security Analyst and E-Discovery Specialist with the Hershey Company and Nasar Ali, Legal Consultant for Kroll Ontrack, to discuss key milestones in the history of e-discovery.

Federal Cybersecurity Guidelines Document Update Released by NIST

July 13, 2010

The National Institute for Standards and Technology (NIST) — associated the U.S. Department of Commerce — recently released an updated set of guidelines that organizations can use to develop their security assessment plans, as well as their associated procedures for security controls.

These new guidelines are officially entitled, “NIST Special Publication 800-53A, Revision 1, Guide for Assessing the Security Controls in Federal Information Systems and Organizations Building Effective Security Assessment Plans”.

This document is a valuable content resource that should be included in the library of reading requirements for your organization’s information security and risk management teams.

To download this guidelines document, CLICK HERE.

GAO Continues to Express Ongoing Cyber Security Concerns

July 5, 2010

Many postings about information security associated with Cloud computing decisions have indicated that the jury is still out regarding a final decision of how secure the cloud really is – now more than ever, it is very important to take the time to review, evaluate, and test those organization specific components of a cloud decision making process before you make a final decision.  

Compliance and regulatory requirements along with having  information security controls in place before you make a final decision are just a few of the elements to consider in that decision process.

It is with this in mind, that we point your direction to a recent article written by Grant Gross and posted on the Computerworld website.  In this article, you may see concerns about cloud computing or cybersecurity mentioned and summarized from a recent U.S. Government Accountability Office (GAO) report that match risk managment issues over cloud computing expressed in your own organization. 

It is also  likely that your organization and our own U.S. government are both being driven by similar anticipated cost reductions coming from a move to a cloud computing environment. 

Our staff believes that those similarities for both benefits and risks may have some relevancy in all organizational cloud computing decisions, and, should be passed on to information security and risk management team members in your organization.

Click here to read the full article, and let us know your thoughts and comments. 

Is your organization at the same point of review regarding a cloud computing decision? 

After reading this article, have you learned more of what to do or what not to do in order to make a best case decision for moving your organization to the cloud?

Best Practices Offered for Private Cloud Computing

July 3, 2010

In a recent article written by Features Writer Laura Smith, and posted on the SearchCIO website, some developing best practices for the utilization of private cloud computing are presented and offered to our readers. 

That list of best practices starts with three actions – (1) assess, (2) deploy and (3) analyze —  and ends with the following two recommendations —  (4) creating reusable code and (5) stressing  not to forget to charge back those reported metered services provided by private cloud computing providers.

Click here to read Laura Smith’s entire article.

Many of our past postings on this website have focused on the cloud and cybersecurity issues, and, as a result, have initiated readers inputs regarding ongoing concerns about information security and privacy.  Our staff  hopes that the information provided by Laura Smith’s article will offer more perspective 0f and input to the decision making process regarding this current and controversial topic. 

If applicable, please pass this information along to those business continuity and risk managers and management team members in your organization.

BP’s e-Discovery Challenges

June 20, 2010

In past postings on this website, our staff has tried to bring the attention of our readers to the topic of e-Discovery, and the potential risks involved, and, — if not properly mitigated with effective and timely responses – the probable negative burden that a discovery process will have on any organization’s assets and/or resources.  

Aside from all of the obvious damages stemming from the BP oil spill in the Gulf of Mexico, we believe that another less obvious challenge is facing BP – and that challenge is e-Discovery.

Even for those organizations not in the oil industry, we present the premise that there may be important lessons to learn in observing the ongoing developments of the discovery process in the pending litigation against BP over the next several months and the role that e-Discovery plays in those processes.

We also believe that surrounding this BP disaster recovery effort, there is an associated argument that clearly demonstrates the need for companies – especially global companies – to have a strong eDiscovery plan and/or policy in place as part of their total organizational resiliency and preparedness strategy.

We recommend reading a recent article written by Rob Ameerun and posted on the Legal IT Professionals website where Digital Reef’s Steve Akers was interviewed about the e-Discovery challenges that face BP after the oil spill disaster in the Gulf region. Steve talks about the best strategy, information governance, and Early Case Assessment.

Pass this information along to your organization’s in-house counsel and risk management or business continuity team leaders.

Click here to read the full interview.

Information Security Risk and Tips Using Photocopiers

June 15, 2010

In a recent article written by Michael Kassner and posted on the TechRepulic.com website, we notice an area of information security and compliance risk concern that needs to be brought to the attention of our readers.

If your organization is in compliance to or certified to any information technology framework or international standard (i.e. ISO 27001:2005), then the security analysis process or at least the information security policy of your organization should address the information security and data security risk(s) associated with any digital photocopier product operating in your organization.

Many of our readers may be already aware of this risk, but, they also may be less than totally clear on the information system security risks associated with those copiers.

While whether a particular multi-function peripheral (MFP) saves every digitized document or not appears to depend on the brand, and, how it is configured — we suggest adding this article to your library of information security reference documents.

Please pass this along to your information security assessment and risk management team members in your organization.

Click here to read the full article.

Cyber Security Legislation Introduced by Lieberman, Collins and Carper

June 11, 2010

Cybersecurity is an information security topic often discussed in postings on this website.

Many of the information security systems and security policies of organizations that follow this website face (or will face in the future) ever more challenging risk management decisions to be made over cyber security concerns.  Our staff views this legislative support activity as a strong component in the ability of our government to better support U.S. companies who are facing a growing number of cybersecurity related issues.  

To our point —  Senate Homeland Security and Governmental Affairs Chairman Joe Lieberman, Ranking Member Susan Collins and Committee Member Thomas Carper recently introduced legislation to strengthen, modernize and safeguard our nation’s cybersecurity networks today. 

View the video summary of this important development as posted on the Senate Committee on Homeland Security and Governmental Affairs website as well as read additional related articles on this topic — CLICK HERE.

Click here to read the complete letter written by Lieberman, Collins and Carper, posted on the Politico website and submitted in support of their legislative presentation. 

If your organization is affected by cybersecurity risk management issues, then please pass this information along to the appropriate information security management members assigned the responsibility of information technology security.

Do you think this kind of legislation activity is good for U.S. companies?

Security and Business Continuity Dashboard Tips

June 4, 2010

In a recent article written by Derek Slater, and posted on the CSO: Security and Risk website, we are offered a baseline model of a dashboard made up of a collection of key feeds that could affect the security and continuity of your organization.

Many of our readers have requested information as to how to streamline the process of awareness regarding information, and current developments relevant to their responsibilities to meet their organization’s IT and physical security, business continuity and disaster preparedness requirements.  We hope this information will satisfy at least some of those requests.

Click here to check out the new CSO Daily Dashboard and read more of Derek Slater’s article for more ideas and tips that with some modifications may work well for your own organization.

Please pass this information along to those individuals in your organization who are responsible for information technology security, physical security, continuity management, business risk assessment and disaster preparedness.

Can you share any of your ideas regarding modifications, additions, or changes to the CSO Daily Dashboard that you would like to see implemented?

Social Networking Safety Tips

June 2, 2010

In a recent article written by Upasana Gupta, Contributing Editor and posted on the HealthInfoSecurity website, a recommendation and reminder was given “…to think twice, the next time a contact tries to “friend” you – It may turn out to be an undercover fed looking to scrutinize your employment history or examine personal references.” 

While this may be no surprise to many of our readers, it must be emphasized that not all of our readers are aware of this social networking risk, and certainly there exists a large population beyond our readership where safety tips in social networking behavior are very much needed. 

This website tries to keep our readers current on this  personal privacy rights and information security issue not only for themselves but also for the way that their participation may affect the organizations where they are employed. 

Some tips for ensuring online safety mentioned and offered by this article include:

• Use Good Judgment
• Know Your Contact
• Do Not Tag Photos
• Change Your Passwords
• Know Your Privacy Settings
• Be Consistent
• Avoid Controversial Statements.

While so much of this advice seems to be “common sense”, this topic of information security still remains one of the top risk management issues for organizations and individuals alike.

Do you have any additional safety tips you would like to share with our community?

Read more about these safety tips ….

Red Flags Rule Enforcement Date Delayed Yet Again

June 1, 2010

The following was announced today on the HealthCareInfoSecurity website – “Reacting to requests from several members of Congress, the Federal Trade Commission (FTC) has yet again delayed enforcement of the Identity Theft Red Flags Rule until Dec. 31, 2010. The law had been slated to be enforced June 1.”

Under the Red Flags Rule, which became effective Jan. 1, 2008, organizations that extend credit to their clients must develop and implement written identity theft prevention programs that help identify, detect and respond to patterns, practices or specific activities, known as “red flags,” that could indicate identity theft.

If your organization extends credit to its customers, then we encourage you to pass this message along to those organizational risk management team members so that they can make a fair evaluation of risk relationship between the Red Flags Rule and their own organization and advise their management accordingly.

With so many previous delays already announced by the FTC over the enforcement of the Red Flags Rule law, what are your thoughts regarding this latest further delay announcement?

What kind of a message do you think this delay sends to those fighting for more privacy rights protection?

Read more …

Next Page »

• 
• 
• 
• 

• Subscribe

  • Subscribe to RSS
  • Comments

• Recent News

  • Career Options and the PS-Prep Program
  • E-Discovery – Compliance and Privacy Challenges
  • “Career Options and the PS-Prep Program” – July 27th, 2010 Webinar Reminder
  • Can Resilience be Enshrined in a Standard?
  • PS-Prep Developing Liability Protection?
  • PS-Prep Career Options Webinar
  • Emergency Plans and Behavioral Accuracy
  • Business Continuity Testing Guidance
  • Federal Cybersecurity Guidelines Document Update Released by NIST
  • Checklist Offered to Mitigate Project Related Risk Factors

• Categories

  • Events
  • Information
    • Auditing
    • Business Continuity Info
    • IT Service Management
    • Organizational Resiliency
    • PS-Prep Program
    • Regulatory Compliance
    • Standards & Best Practices
  • Security
    • Cybersecurity
    • Environmental Security
    • Executive Protection
    • Homeland Security Dpt
    • Information Security
    • Physical Security
    • Regulatory Compliance
    • Safety
  • Tools & Resources
    • Community Projects
      • Forms & Checklists
      • Glossary
    • First Timers
      • FAQs
  • Uncategorized

• Archives

  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009

• What Others Are Reading About

  ANAB ASIS ASIS SPC.1-2009 best practices Business Continuity business continuity management business continuity planning Business Continuity Plans compliance compliance risk contingency planning corporate security crisis management cybersecurity cyber security data breach Department of Homeland Security DHS disaster recovery disaster recovery planning e-Discovery emergency response enterprise risk management FEMA Information Security information systems security network security NFPA 1600 organizational resilience Organizational Resiliency Physical Security preparedness privacy Private Sector Preparedness PS-Prep PS-Prep Program readiness Regulatory Compliance resilience Resiliency risk assessment risk management Security security management security policies Auditing (4)
  Business Continuity Info (89)
  Community Projects (2)
  Cybersecurity (26)
  Environmental Security (2)
  Events (3)
  Executive Protection (1)
  FAQs (1)
  Forms & Checklists (1)
  Glossary (2)
  Homeland Security Dpt (11)
  Information (2)
  Information Security (57)
  IT Service Management (6)
  Organizational Resiliency (12)
  Physical Security (15)
  PS-Prep Program (57)
  Regulatory Compliance (16)
  Regulatory Compliance (9)
  Safety (4)
  Standards & Best Practices (9)
  Tools & Resources (4)
  Uncategorized (2)
  

  WP Cumulus Flash tag cloud by Roy Tanck and Luke Morton requires Flash Player 9 or better.