Managing third parties can be a challenge; especially when it comes to privacy practices. How stringent your organization’s privacy practices must be will vary by industry vertical, but it is not a far stretch to assume that no company wants to be known to mishandle customer data. How, then, can you ensure that your vendors […]
Guest Posts
Information security and privacy management in healthcare
Historically, organizations that outsourced have pretty much done just one thing to ensure their outsourced business partners would appropriately protect the information with which they had been entrusted access or possession: Include a brief information security clause with no details to speak of. Oh, and also include a lengthier “No Liability,” or “Limited Liability,” clause […]
3 factors of fail: The authentication problem
The following post was originally written for Security and Coffee. It is part one in a series by Barry Caplin, Secure360 Conference speaker. Authentication is one of the biggest challenges in information security. We can have all kinds of technical security measures in our systems. There are various controls we can have at the data […]
From the basement to the board room: Records management’s evolution
When I say from the basement, I mean from the basement. As a newly degreed Records and Information Management (RIM) professional, fresh out of college and ready to apply the knowledge I had gained in countless courses (and while working on myriad of projects), I jumped at the chance for a paid RIM internship in […]
Business in the crosshairs of cyber criminals – protecting your digital assets, part 2
This is part two of a two-part series on protecting digital assets. In my previous post, I talked about the importance of physical security, Internet security and data security when it comes to protecting your digital assets as a small or mid-sized business. As a small business owner, the importance of protecting your company from […]
Business in the crosshairs of cyber criminals – protecting your digital assets, part 1
This is part one in a two-part series on protecting digital assets. Many computer criminals are targeting small and medium size businesses because they have more valuable assets to steal than consumers, and their security is generally much weaker than large enterprise companies. A small business represents a fat and easy victim to criminal hackers. […]
Let’s be honest; let’s talk about what’s happening
Today’s cyber security landscape is littered with regulations, best-practices, arms races and ever-increasingly complex technology tools. As technologies advance, so must the controls we use to secure them. To this end, companies do the obvious; they educate people in technologies and securities, they implement the myriad tools and processes required to keep up, to keep […]
Speaking to non-IT people
As a security professional, you’re working in a field that most of us would consider highly technical. In other words, when you speak to a someone who doesn’t share your technical expertise there’s a good chance much is lost in translation. When this happens, important client relationships can be affected, processes can become cumbersome, and […]
