tagged w/ IT compliance
-
What if your vendor is acquired, are there assurances in your service agreement allowing you to opt out if you choose to – if so, will all your data be deleted? What if you vendor is acquired by a company based in a foreign country? Maybe the acquiring company ceo, also a peoples republic of china communist party official, will assure you your data has been deleted. All in all – right now, using SaaS simply comes down to a judgment call, what is in the best interest of your firms operations: ease of access, work flow and cost benefits vs. associated risks…
http://information-security-resources.com/2010/02/11/afraid-of-the-cloud-ask-the-right-questions/What if your vendor is acquired, are there assurances in your service agreement... more
-
-
An important consideration with information security incidents is identifying if personally identifiable information - PII - is involved. If it is, then the privacy breach response team needs to be put into action to determine whether or not an actual privacy breach occurred. I’m always interested in hearing the challenges and unique situations they run across as they not only create their plans, but also for how they execute them. Here are three of these situations, often overlooked and not planned for, but experienced by organizations.
http://information-security-resources.com/2010/02/08/perplexities-of-enterprise-privacy-policies/An important consideration with information security incidents is identifying if... more
-
-
Businesses need to scrutinize the information security and privacy programs and practices of vendors and other business partners, and the cloud computing tools, applications and services should be viewed no differently. If your business is entrusting critical processing and data to another entity, you should first ensure it is trustworthy, secure and will meet your organization’s compliance obligations…
http://information-security-resources.com/2010/01/20/on-privacy-and-cloud-computing-challenges/Businesses need to scrutinize the information security and privacy programs and... more
-
-
Access to live energy use data can reveal if people are in the dwelling, what they are doing, where they are in the dwelling, and access to data use profiles that can reveal specific times and locations of electricity use in specific areas of the dwelling can also indicate the types of activities within the dwelling over a period of time. The information revealed is a type of surveillance. We need layers of privacy protections throughout the entire smart grid to effectively address privacy concerns and prevent privacy invasions and breaches.
http://information-security-resources.com/2009/11/30/smart-grid-privacy-standards-proposed/Access to live energy use data can reveal if people are in the dwelling, what they are... more
-
-
Do surviving relatives have a right to read their deceased son’s, daughter’s, husband’s or wife’s communications with other people whose lives could then subsequently be completely altered as a result? What would your email service providers do with all your messages? Who should make that decision, and when should that decision be made?Do surviving relatives have a right to read their deceased son’s,... more
-
-
The first major hurdle that must be addressed to ensure information security and privacy policies are implemented and managed properly is that of upper management support. Beyond upper management buy-in, there are six other critical factors that will determine whether or not security policies are effective.The first major hurdle that must be addressed to ensure information security and... more
-
-
Establish energy industry standards that require each utility to perform at least annual PIAs for their area of responsibility on the Smart Grid, in addition to performing PIAs when significant operations changes occur, to show the privacy vulnerabilities and threats for consumer meter and power collection points.Establish energy industry standards that require each utility to perform at least... more
-
