By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security, Regulatory Compliance

  A review of security practices and investments at 46 global organizations finds that compliance with industry security standards actually saves money over the long-term.   A recent Ponemon Study revealed that companies that consistently comply with security requirements and standards save three times more in security-related expenses annually than non-compliant companies. Lessons Learned: Compliance does not equal security, but security can benefit from compliance.  Organizations investing in comprehensive compliance programs are better prepared to prevent expensive breaches, lawsuits, fines, etc. and save money and resources over time.Read More →

By:
On:
In: *Connecting the Dots Blog*, Information Security

  A review of security practices and investments at 46 global organizations finds that compliance with industry security standards actually saves money over the long-term.   A recent Ponemon Study revealed that companies that consistently comply with security requirements and standards save three times more in security-related expenses annually than non-compliant companies. Lessons Learned: Compliance does not equal security, but security can benefit from compliance.  Organizations investing in comprehensive compliance programs are better prepared to prevent expensive breaches, lawsuits, fines, etc. and save money and resources over time.Read More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security

  One of my last blogs discussed the risks of third-party contractors and their responsibilities for protecting information.  This blog will address yet another third-party risk – your janitors. A janitor was recently arrested for removing boxes of records from a Southern California health care clinic.  Interested only in getting money for the paper, the janitor sold 14 boxes of patient records to a recycling center for $40.  This janitor was not interested in identity theft, but the next one might be… In an earlier case, a janitor stole personal information from patient files at a Chicago hospital, participating in an identity theft ring thatRead More →

By:
On:
In: *Connecting the Dots Blog*, Emergency Management, Incident Reporting, Risk Management, School Safety

  Did you see the story from the San Jose International Airport this past weekend? Just before 3pm on Saturday, an SUV pulled up to the arrival curb outside Terminal A at Mineta San Jose International Airport.  Two men dressed in black got out of the SUV and approached the information desk to inquire about flight 1205 from Dallas.  Both men carried assault rifles that were strapped across their chests and they had handguns in their holsters. One of the volunteers politely asked if they were one of those people on planes that look for terrorists…one of the men simply answered no. The volunteers commentedRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Emergency Management, Legal, Regulatory Compliance

  Most everyone has heard or muttered these words at some time or another: If I Knew Then What I Know Now…                                                                                                                                                                                                                          The saying is most often used when we look back at our life and we realize that if I knew then (when I was younger) what I know now (with more experience and wisdom), I may have made some different decisions. The saying also came to mind recently as we were reminded of the 9year anniversary of September 11th and the 5 year anniversary of Katrina and numerous other incidents that have provided experience and wisdom that we could have used before these eventsRead More →

By:
On:
In: *Connecting the Dots Blog*, Emergency Management, Incident Reporting, Risk Management

  Most everyone has heard or muttered these words at some time or another: If I Knew Then What I Know Now…                                                                                                                                                                                                                          The saying is most often used when we look back at our life and we realize that if I knew then (when I was younger) what I know now (with more experience and wisdom), I may have made some different decisions. The saying also came to mind recently as we were reminded of the 9year anniversary of September 11th and the 5 year anniversary of Katrina and numerous other incidents that have provided experience and wisdom that we could have used before these eventsRead More →

By:
On:
In: *Connecting the Dots Blog*, Incident Reporting, Workplace Violence

  What is your first thought when you hear the word WHISTLEBLOWER? Whistleblower definitions commonly say a whistleblower is any person that reveals wrongdoing or malpractices taking place within an organization.  And in many cases a whistleblower may face retaliation or other negative ramifications and by law may require special protection. What is your first thought when you hear the word HERO? Hero definitions run from mythical and legendary figures to a person that is admired for their achievements or noble qualities to a central figure in an event, period or movement. When is the last time you heard an organization promote their Hero Line? Read More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Emergency Management, Risk Management, School Safety, Workplace Violence

  I attended the Virginia Governor’s Campus Preparedness conference last week and had an interesting discussion with one of the attendees.  We were talking about how building preparedness across an organization or an entire campus is becoming more complex and more difficult due to escalating challenges, regulations, obligations, liabilities and much more. As our discussion continued, we started talking about how important tools can be when building campus-wide preparedness programs.   In reference to whether tools can make a difference, I offered the following analogy: Could a skyscraper be built using a hammer, a saw and some nails? The attendee responded quickly, yes the skyscraper couldRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security

  One of the first things security professionals recommend when you install new programs, systems or hardware is that you change the default password immediately.  And, if a system has been breached or is vulnerable to a potential breach, most security professionals recommend your Users change their passwords as a precaution. Now, what if the password was hard-coded into the system and could not be changed without throwing all systems into chaos and disrupting or halting operations? And what if the default password for your software had been shared in online forums since 2008? That would never happen, right…? Unfortunately this is exactly what hasRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Incident Reporting, Information Privacy, Information Security, Regulatory Compliance, Risk Management

In one of the largest data breaches to date, Heartland Payment Company compromised the cards of over 100 million people, almost 1/3 of the U.S. population. In addition to dealing with a damaged reputation, expensive notifications and fallout, and continued lawsuits from affected banks and credit Unions, the latest hit to Heartland came from Visa.  Visa recently took action at Heartland by suspending the data breach victim and removing it from Visa’s online list of PCI-DSS compliant providers. Heartland was last certified as PCI-DSS compliant in April 2008 but in a presentation given earlier this month by two Visa executives, Visa was quoted as saying,Read More →