rudis dot net

The Employee Who Never Leaves was co-authored by Phil Kostenbader and myself (why they used phil’s picture in the article I’ll never know :-) and should scare the pants off of any manager, especially those with savvy IT employees.

Those with an in-print subscription will learn the basics of Windows patch management.

Technorati Tags: 2008 federal federal government security Array

The House introduced H.R. 4791 this week (these things have a way of cascading into the private sector, so it’s good to watch what they’re up to). Some “highlights” include:

• expands the definition of PII
• formalizes data breach/loss reporting requirements
• mandates encryption and/or obfuscation of records containing PII data
• requires keeping an accurate & current list of systems with PII data at rest or in transit
• outlines notification requirements
• forces protection on mobile devices
• ensures remediation plans are followed when gaps are identified
• *requires a yearly PII audit*
• extends the requirements to contractors that host or process PII data for the govt
• establishes many, many rules with data brokers

If made into a law and applied to private companies, this could generate a slew of additional work for anyone who isn’t already doing all they can to protect our personal information.

Technorati Tags: 2007 compliance data breach data loss federal government PII privacy security