Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Compliance Matters written by Sam Dekay

Sam Dekay

At The Bank of New York Mellon Corporation, Dr. DeKay is responsible for the development of policies and standards related to information security. Prior to BNYM, he served as manager of information security for Empire Blue Cross/Blue Shield; before this he worked at ABN Bank, also as manager of information security. His areas of expertise include security risk assessment, policy development, information security and law, and business/corporate communications. He is certified as an Information Security Manager (CISM). Dr. DeKay has received PhD degrees from Fordham University and Columbia University.

The Status of Recent Research Concerning Data Breaches and Reputational Risk

September 11, 2008 – 6:00 am – Nearly three years ago, Ken Belva wrote a paper intended to be a “starting point for further, positive discussion” regarding the topic of data breaches and reputational risk.  The title of the paper also presented Ken’s major theme:  “How It’s Difficult to Ruin a…
Posted in General | Tagged , , , , | Comments (0)

Who’s In Charge Here? The Problem of Information Security Governance

July 28, 2008 – 6:00 am – A long-time friend of mine recently called with surprising, and sad, news.  “I’ve been laid off due to poor profits,” he said.  “I receive eight-month’s severance.  But if, at the end of eight months, I tell my ex-employer that I’m retired, I’ll get…
Posted in Compliance and Laws | Tagged , , , , , , , , , , | Comments (2)

An Analysis of the Privacy Rights Clearinghouse “Chronology of Data Breaches” and Implications for Information Security Professionals (pt. 2)

July 2, 2008 – 6:00 am – A few weeks ago, I presented the results of an analysis of data breaches occurring in 2007, the last full year for which information is available; the “Chronology of Data Breaches” database, available at the Privacy Rights Clearinghouse website (privacyrights.org) provided source data…
Posted in Compliance and Laws | Tagged , , , , , , , , | Comments (0)

An Analysis of the Privacy Rights Clearinghouse “Chronology of Data Breaches” and Implications for Information Security Professionls (pt. 1)

June 23, 2008 – 6:00 am – Within the next few weeks—if not earlier—you should visit the “Chronology of Data Breaches” database available at the Privacy Rights Clearinghouse website (privacyrights.org). The database provides a listing of privacy-related security breaches that have been reported in the United…
Posted in Compliance and Laws | Tagged , , , , , | Comments (1)

Data Classification: Begin With Your Personally Identifiable Information

June 3, 2008 – 6:00 am – Let’s face it: Data classification—despite being an information security “best practice”— is an expensive, time-consuming, labor-intensive task. For those organizations supporting thousands (or even hundreds) of applications and databases, the job of identifying all data elements and…
Posted in Compliance and Laws | Tagged , , , , , , , , , , | Comments (0)