Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: GLBA

New Massachusetts Regulation Has Significant Implications for Information Security Professionals

– This year, the Commonwealth of Massachusetts enacted a regulation that prescribes information security policies and practices quite unlike those required in any previous state or federal mandate.  This regulation, 201.CMR 17.00 (Read the full text here), states that “all persons that own,…

The New Identity Theft Red Flags Rule: Does it Raise “Red Flags” for Information Security?

– On May 10, 2006, President Bush signed an Executive Order creating the nation’s “first ever” Identity Theft Task Force.  The purpose of this ad hoc committee, chaired jointly by the Attorney General and by the Chair of the Federal Trade Commission (FTC), was “to help law…

Data Classification: Begin With Your Personally Identifiable Information

– Let’s face it: Data classification—despite being an information security “best practice”— is an expensive, time-consuming, labor-intensive task. For those organizations supporting thousands (or even hundreds) of applications and databases, the job of identifying all data elements and…

Proposed SEC Rules Broaden Scope of InfoSec Compliance Responsibilities

– On March 11, 2008, the United States Securities and Exchange Commission (SEC) published proposed rules intended to “set forth more specific requirements for safeguarding information and responding to information security breaches, and broaden the scope of the information covered by Regulation…