Physical Fails for Information Security and Privacy

IG Guru

Physical Fails for Information Security and Privacy August 7, 2018 Hosted by Rebecca Herold [Download MP3] [itunes] [Bookmark Episode] Guest Information Andrew Ysasi Episode Description This episode covers a problem as bad today as it was decades ago and in many ways worse.

Priceless advice for information security managers

IT Governance

As an information security manager, you enter each day not knowing what it may bring, in spite, perhaps, of having a well-formed plan or at least a to-do list. Physical security. Managing information security in an uncertain world.

The anatomy of effective information security management

IT Governance

With the ever-increasing risks faced by every UK organisation from cyber crime, there is significantly increased pressure on every information security manager to deliver effective security. Build your knowledge and skills in information security management.


IG Guru

by Dr. Jan Buitron, DCS, MSIA, CISSP, MCSE I have been in Information Technology since the late 1980s. I worked my way into one domain of Information Security in 1998 when I worked in Identity and Access Management for the largest customer at IBM Global Services.

Kick-start your career in information security management

IT Governance

If you’re looking to develop a career in information security, the CISMP training course is a great starting point. It provides a broad introduction to information security management upon which more technical qualifications can be built.

How to create an information security policy

IT Governance

ISO 27001 says that you must document an information security policy. What is an information security policy? An information security policy is one of the mandatory documents outlined in Clause 5.2 Key elements of your information security policy.

Information security and compliance training for the healthcare sector

IT Governance

Furthermore, the sector depends on its workforce to provide vital care, which is only possible when information is shared and available at the point of delivery. and healthcare must address the new DSP (Data Security and Protection) Toolkit.

Iowa and Nebraska Enact Information Security Laws

Hunton Privacy

Recently, Iowa and Nebraska enacted information security laws applicable to personal information. Iowa’s law applies to operators of online services directed at and used by students in kindergarten through grade 12, whereas Nebraska’s law applies to all commercial entities doing business in Nebraska who own or license Nebraska residents’ personal information. Operators also are prohibited from selling or renting students’ information.

5 ways to improve your information security

IT Governance

Organisations are always looking for ways to improve their security posture, but the process is often frustrating. As soon as they secure one weakness, cyber criminals find another one. Here are five essential ways you can keep your organisation secure.

Do you know the difference between cyber security and information security?

IT Governance

You often see people use the terms ‘ cyber security ’ and ‘ information security ’ interchangeably. That’s because, in their most basic forms, they refer to the same thing: the integrity and confidentiality of information. Information security.

Introducing Behavioral Information Security

The Falcon's View

The focus of the boot camp was around "behavior design," which was suggested to me by a friend who's a leading expert in modern, progress security awareness program management. Suddenly, it occurred to me, "Hey, you know what we really need is a new sub-field that combines all aspects of security behavior design, such as security awareness, anti-phishing, social engineering, and even UEBA." I recently had the privilege of attending BJ Fogg's Behavior Design Boot Camp.

Your enterprise information security budget is too small

OpenText Information Management

The largest information security and digital risk conference in the world, RSAC 2018, recently descended on the Moscone Center in San Francisco for a packed week on all things cyber security.

What are the best books on information security?

IT Governance

And with thousands of books on information security, it can be hard to know where to begin. We’ve handpicked the best titles to better equip people looking to advance their careers in information security. Mark Rowe, Professional Security Magazine Online.

AusCERT and the Award for Information Security Excellence

Troy Hunt

At the gala dinner last night, without any warning beforehand, I somehow walked away with this: #AusCERT2018 Award for Information Security Excellence goes to @troyhunt @AusCERT 2018 Gala Dinner — ValdemarJakobsen???? SecurityI've been at the AusCERT conference this week which has presented a rare opportunity to walk to a major event from my home rather than fly to the other side of the world.

Improve your information security with risk assessment software

IT Governance

A risk assessment is one of the first tasks an organisation should complete when preparing its cyber security policy and programme. vsRisk is an information security risk assessment software tool created by industry-leading ISO 27001 experts.

Risk 66

National Standard on Personal Information Security Goes into Effect in China

Hunton Privacy

On May 1, 2018, the Information Security Technology – Personal Information Security Specification (the “Specification”) went into effect in China. The Specification constitutes a best practices guide for the collection, retention, use, sharing and transfer of personal information, and for the handling of related information security incidents.

ISO 27001: How to set and document your information security objectives

IT Governance

Having created an information security policy , risk assessment procedure and risk treatment plan , you will be ready to set and document your information security objectives. Our annotated template takes the hassle out of documenting your information security objectives.

China Releases National Standard on Personal Information Security

Hunton Privacy

On January 25, 2018, the Standardization Administration of China published the full text of the Information Security Technology – Personal Information Security Specification (the “Specification”). The Specification is voluntary, but could become influential within China because it establishes benchmarks for the processing of personal information by a wide variety of entities and organizations.

The 5 biggest information security concerns facing organisations

IT Governance

When implementing defences to keep data secure, organisations should rightly put a lot of effort into preventing external actors penetrating them, but as the 2018 BCI Horizon Scan Report reminds us, there are many other things to prepare for.

How OpenText Information Security employees prevent cybersecurity threats

OpenText Information Management

The Equifax breach disclosed in September 2017 validates why Information Security is at the forefront of the mainstream media, once again. This high visibility attack comes alongside an upswing in hackers manipulating the code of … The post How OpenText Information Security employees prevent cybersecurity threats appeared first on OpenText Blogs. OpenText Careers & Culture Information Security vacancies

Once more unto the Breach – Managing information security in an uncertain world

IT Governance

The Internet is a playground for criminal hackers waiting to get their hands on your sensitive information. . Threats like this are very real for ISMs (information security managers), who face the reality of phishing scams, cracking and ransomware daily. . Physical security .

Information Security and Compliance Through the Prism of Healthcare and Retail


Organizations must focus strategically on how to manage digital content and understand that: 1) end-users are consuming technology differently; 2) consumer devices are being increasingly used as “on-ramps” to digital workflows; and 3) how you secure the scan and capture process becomes increasingly important. 2 -- Retail provides useful lessons in the importance of decentralized capture and the security challenges it creates.

China issues Personal Information Security Specification

Data Protection Report

On 29 December 2017 the Standardization Administration of China issued an Information Security Technology – Personal Information Security Specification ?GB/T Although the Specification is not a mandatory regulation, it nonetheless has a key implementing role in relation to China’s Cyber Security Law (“Cyber Security Law”) in respect of protecting personal information in China. Expanded scope of personal information.

e-Records 2017: “Big Data vs. Information Security: Bringing Peace to Conflict”

The Texas Record

Information Governance: Take Control and Succeed. The Public Information Act and Updates from 85th Legislative Session. Establishing Information Governance for Local Governments in Microsoft SharePoint and Office 365. Data Protection and Information Governance across Data Silos.

An Action Plan to Fill the Information Security Workforce Gap

Dark Reading

Nothing says #whorunstheworld like an all-female blue team taking down a male-dominated red team in a battle to protect sensitive customer data, and other ideas to entice women into a cyber career

The first step in strong information security is to understand data assets

Information Management Resources

Data security Cyber security Cyber attacksIn talking to many CISOs over the last past few years, it is clear many organizations are still not sure what constitutes their most valuable assets and, as a result, cannot adequately protect their 'crown jewels.'.

ISOO Report Recommends Government-wide Technology Strategy to Address Inefficiencies in Information Security

Archives Blogs

Today, the Information Security Oversight Office (ISOO) released its 2017 Annual Report to the President on security classification and implementation of the Controlled Unclassified Information (CUI) program. ISOO believes that robust agency implementation of compliant CUI policies designed to better protect and facilitate the sharing of sensitive information would further advance the President’s management initiatives.

Information security myopia


My article in the current edition of IDM magazine used examples of traditional information security failures to provide some balance against concerns about Web 2.0 security. is more secure but that we need to look at the information security risks of both existing technologies and the new social media tools.

Two thirds of organisations unlikely to survive a data breach

IT Governance

The Risk:Value 2018 Report by NTT Security discovered that only 29% of organisations have dedicated cyber insurance in place, despite 81% of senior executives touting insurance against data breaches as “vital”.

NAID 2019 Registration Now Open

IG Guru

i-SIGMA IG News Information Governance information security NAID Shredding AAAThe post NAID 2019 Registration Now Open appeared first on IG GURU.

Cyber resilience: What does this mean for Scotland?

IT Governance

Organisations face an increasing number of threats from ransomware, data breaches and weaknesses in the supply chain, according to the NCSC’s (National Cyber Security Centre) annual report published earlier this year. aiming to improve cyber security and promote?

Make sure your cyber security policies aren’t only ‘skin deep’

IT Governance

Almost every data breach begins with an organisation saying they were secure until a crook comes along and shows them otherwise. . This is one of the biggest problems facing the cyber security industry. Physical security issues that can cause you difficulties; and .

When is Blockchain not secure? Learn why you need Blockchain Defender

IG Guru

The post When is Blockchain not secure? Blockchain IG News information security Risk News #infosec Scott SchoberLearn why you need Blockchain Defender appeared first on IG GURU.

Zasio offers Popular Records Retention Solution Online

IG Guru

IG News Information Governance information privacy information security Record Retention Records Management Sponsored Zasio VRThe post Zasio offers Popular Records Retention Solution Online appeared first on IG GURU.

Free ISO 27001 resources

IT Governance

ISO 27001 is the international standard that describes best practice for an ISMS (information security management system). Download our free data sheet here >> Infographic: What is an information security management system (ISMS)?

Paper 67

Which ISO 27001 implementation bundle is right for you?

IT Governance

It’s the international standard for information security, and its framework can be used to reduce the risk of data breaches, ensure that your data protection practices are as efficient as possible and persuade potential customers that their information is safe with you.

Risk 62

Travellers refusing digital search now face $5000 Customs fine in NZ

IG Guru

IG News Information Governance information privacy information security Privacy Risk News Breach Fine10:40 am on 1 October 2018 Previously, Customs could stop anyone at the border and demand to see their electronic devices.

4 reasons to get CISMP qualified

IT Governance

Those seeking a qualification that demonstrates a broad understanding of information security management should consider the British Computer Society (BCS) Certificate in Information Security Management Principles (CISMP).

ISO 27001 Global Report 2018: top 3 key takeaways

IT Governance

2) Improving information security is the biggest driver for implementing ISO 27001. You are only as strong as your weakest link, and an organisation’s biggest security risk is often its own employees. 1) ISO 27001 aids GDPR compliance.

US Department of Homeland Security: Russian Activity Against Critical Infrastructure

IG Guru

The post US Department of Homeland Security: Russian Activity Against Critical Infrastructure appeared first on IG GURU. IG News Information Governance information privacy information security Records ManagementRussian_Activity_Webinar_Slides.

ICRM creates bookstore on Facebook

IG Guru

ICRM IG News Information Governance information security Records Management Bookstore FacebookICRM has recently created a “Book Store” on Facebook. The “Book Store” is a way to buy, swap or share RIM publications between candidates or members.

CVE Funding and Process

Adam Shostack

government information securityI had not seen this interesting letter (August 27, 2018) from the House Energy and Commerce Committee to DHS about the nature of funding and support for the CVE. This is the sort of thoughtful work that we hope and expect government departments do, and kudos to everyone involved in thinking about how CVE should be nurtured and maintained.

GP practice fined £35K for failing to secure medical records

IT Governance

The Information Commissioner’s Office (ICO) has fined London surgery Bayswater Medical Centre (BMC) £35,000 after highly sensitive medical information was left unsecured in an empty building. It was also reported that the premises were secured by just one lock.