By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security, Regulatory Compliance

  A review of security practices and investments at 46 global organizations finds that compliance with industry security standards actually saves money over the long-term.   A recent Ponemon Study revealed that companies that consistently comply with security requirements and standards save three times more in security-related expenses annually than non-compliant companies. Lessons Learned: Compliance does not equal security, but security can benefit from compliance.  Organizations investing in comprehensive compliance programs are better prepared to prevent expensive breaches, lawsuits, fines, etc. and save money and resources over time.Read More →

By:
On:
In: *Connecting the Dots Blog*, Information Security

  A review of security practices and investments at 46 global organizations finds that compliance with industry security standards actually saves money over the long-term.   A recent Ponemon Study revealed that companies that consistently comply with security requirements and standards save three times more in security-related expenses annually than non-compliant companies. Lessons Learned: Compliance does not equal security, but security can benefit from compliance.  Organizations investing in comprehensive compliance programs are better prepared to prevent expensive breaches, lawsuits, fines, etc. and save money and resources over time.Read More →

By:
On:
In: *Connecting the Dots Blog*, Regulatory Compliance

  A new study by the Ponemon Institute shows organizations that perform internal audits spent less per capita on compliance than those that didn’t perform internal audits. Larry Ponemon is chairman of the Ponemon Institute and he commented:  “I believe that the reason why internal audits reduce compliance cost is that they help prioritize the organization’s overall compliance efforts.  This leads to greater efficiency in managing the total compliance burden. In other words, companies that do not conduct audits appear to be less efficient in their ongoing program management of data protection and privacy efforts.” From my experiences and from lessons learned I agree thatRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Emergency Management, Legal, Regulatory Compliance

  Most everyone has heard or muttered these words at some time or another: If I Knew Then What I Know Now…                                                                                                                                                                                                                          The saying is most often used when we look back at our life and we realize that if I knew then (when I was younger) what I know now (with more experience and wisdom), I may have made some different decisions. The saying also came to mind recently as we were reminded of the 9year anniversary of September 11th and the 5 year anniversary of Katrina and numerous other incidents that have provided experience and wisdom that we could have used before these eventsRead More →

By:
On:
In: *Connecting the Dots Blog*, Emergency Management, Incident Reporting, Risk Management

  Most everyone has heard or muttered these words at some time or another: If I Knew Then What I Know Now…                                                                                                                                                                                                                          The saying is most often used when we look back at our life and we realize that if I knew then (when I was younger) what I know now (with more experience and wisdom), I may have made some different decisions. The saying also came to mind recently as we were reminded of the 9year anniversary of September 11th and the 5 year anniversary of Katrina and numerous other incidents that have provided experience and wisdom that we could have used before these eventsRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Emergency Management, Risk Management, School Safety, Workplace Violence

  I attended the Virginia Governor’s Campus Preparedness conference last week and had an interesting discussion with one of the attendees.  We were talking about how building preparedness across an organization or an entire campus is becoming more complex and more difficult due to escalating challenges, regulations, obligations, liabilities and much more. As our discussion continued, we started talking about how important tools can be when building campus-wide preparedness programs.   In reference to whether tools can make a difference, I offered the following analogy: Could a skyscraper be built using a hammer, a saw and some nails? The attendee responded quickly, yes the skyscraper couldRead More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources, Legal

As more workers are let go in corporate layoffs and cutbacks, many disgruntled workers are taking legal action out of desperation.  Age and sex discrimination allegations are rising as workers claim they have been unfairly or improperly dismissed.   Class actions and individual claims are both increasing at alarming rates.  At a time when budgets are tight, resources are limited, and insurance rates are rising, organizations cannot afford to ignore employment requirements or  be vulnerable to expensive fines and lawsuits. Has your organization implemented effective unlawful discrimination and harassment policies? Have all personnel received training regarding discrimination and harassment policies?  Is this training updated on anRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Incident Reporting, Information Privacy, Information Security, Regulatory Compliance, Risk Management

In one of the largest data breaches to date, Heartland Payment Company compromised the cards of over 100 million people, almost 1/3 of the U.S. population. In addition to dealing with a damaged reputation, expensive notifications and fallout, and continued lawsuits from affected banks and credit Unions, the latest hit to Heartland came from Visa.  Visa recently took action at Heartland by suspending the data breach victim and removing it from Visa’s online list of PCI-DSS compliant providers. Heartland was last certified as PCI-DSS compliant in April 2008 but in a presentation given earlier this month by two Visa executives, Visa was quoted as saying,Read More →