Recent Comments
Category Archives: Uncategorized
Auditing Privacy Part 1 – Ethics and the Canon
It would comfort many compliance auditors to discover the ultimate checklist and tear after their organization’s privacy program, collecting tick marks and developing the dreaded deficiency finding. I say to them, “Google is your friend.” For the more enlightened internal … Continue reading
I Am Not A Cop
A couple posts on the role of internal audit in the information security controls of a company got me thinking. First, Anton describes an auditor as “policing agent” model: InfoSec develops controls. Operations operationalizes them. Audit goes around with a … Continue reading
Posted in Uncategorized
Leave a comment
More Questions than answers
This evening has been spent practicing for my SXSW day show: a brief discussion about privacy for which some auditors will be getting CPE. As a result, I have also spent the evening listening to my voice slowly decay into … Continue reading
Repost Redux: Special SXSW Edition
Having read a few additional commentaries, I began to think some more on two issues I posted about earlier. Greg Abbott vs. The County ClerksMordaxus at Emergent Chaos says we need to chill, which made me wonder if there was … Continue reading
Posted in Uncategorized
Tagged breach notification, disclosure laws, panic, sb1386, ssns, texas
Leave a comment
Charts ‘n Graphs
From Pogo, this article from Physorg on the classic Evil Hacker v. Evil Suit dilemma. From the article: If Phil Howard’s calculations prove true, by year’s end the 2 billionth personal record – some American’s social-security or credit-card number, academic … Continue reading
Posted in Uncategorized
Tagged breach notification, consumer, disclosure laws, privacy, sb1386
Leave a comment
SSN Panic, Texas Style
Here’s the Computerworld run-down. And here’s the Attorney General’s letter (worth reading) and the proposed bill to change the law Texas HB 2061 so as all the county clerks don’t get thrown in jail. The AG letter says it in … Continue reading
Learn to Play Sonic Reducer
I was going to write about this article on Dark Reading, that includes this power-quote of insight and mind-blowitude: “A lot of blogs now have become very big on the Internet,” noted OSC Director Douglas Naquin in an interview with … Continue reading
It’s the Crime, Not the Tool
Tim Wilson at Dark Reading on IT Security: The New Big Brother: “To identify potential insider threats, IT must monitor end users’ behavior by scanning email, tracking network activity, and even watching employees for “trigger” events that might cause disgruntlement. … Continue reading
Posted in Uncategorized
Tagged airport security, fraud, insider threat, internal auditing, privacy, security
Leave a comment
Privacy and Security Lessons from Criminal Enterprises: The Corner & PCI
Either you have heard the stories, or encountered first hand the difficulty in convincing an organization’s leaders to take adequate precautions to insure the privacy of identity related data, and maintain the integrity, confidentiality and availability of their information assets. … Continue reading
Posted in Uncategorized
Tagged compliance, pci compliance, privacy, security, the corner, the wire
Leave a comment
Impacted Molars: Insurance, Banks and Godzilla
A Risk Management & Assessment Deathmatch Gunnar Peterson’s interpretation of Warren Buffet’s risk management. vs. The Bank Lawyer’s outstanding post on bank risk managers and regulatorsvs. Alex’s Godzilla pandemic risk deflation.
Posted in Uncategorized
Leave a comment
The One In Five 