By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Information Privacy, Information Security

  A targeted phishing e-mail with the subject line “2011 Recruitment Plan” tricked an RSA employee to open a document attached to an e-mail.  The document contained a virus that led to a sophisticated attack on RSA’s information systems. Lessons Learned:  Are your employees aware of changing and more sophisticated risks?  Does your organization update employees with situational awareness as more and more attacks target your employees?  All employees must understand their individual roles and responsibilities for protecting sensitive information.  Organizations need to implement comprehensive and ongoing awareness programs to ensure all individuals understand changing risks, threats, best practices, etc.Read More →

By:
On:
In: *Connecting the Dots Blog*, Uncategorized

Step 10 is: Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the nation. Step 10 is definitely needed.  Step 10 mentions privacy which is generally more about collection and dissemination of sensitive and personally identifiable information (PII) than securing or protecting sensitive information.  Privacy is generally more about People and Processes and security is generally more about Technology; however I think President Obama is smart to mention the need to build an identity management vision and strategy that addresses privacy and civil liberties. I have to say….I am surprised that President Obama has notRead More →