Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] OMB to agencies: Review personal data protections

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] OMB to agencies: Review personal data protections
Date: Tue, 23 May 2006 00:23:10 -0500 (CDT) 
http://www.gcn.com/online/vol1_no1/40842-1.html

By Mary Mosquera
GCN Staff
05/22/06

The Office of Management and Budget has directed agencies' senior
privacy officials to review and correct any policies and processes to
ensure that they protect against misuse of or unauthorized access to
personally identifiable information.

The memo, dated today from OMB acting director Clay Johnson, comes on
the same day the Veterans Affairs Department announced that electronic
data containing the personal information of up to 26.5 million
veterans was stolen from the home of a VA employee.

"Because federal agencies maintain significant amounts of information
concerning individuals, we have a special duty to protect that
information from loss and misuse," he said in the memo.

The memo re-emphasizes agencies' responsibility to safeguard sensitive
personally identifiable information and to train employees on their
responsibilities, especially related to provisions of the Privacy Act.

The Privacy Act requires each agency to set the rules of conduct
related to any system of records, to instruct each employee as to what
is required to comply with them and the penalties for not adhering to
them. Under the statute, agencies are required to establish
administrative, technical and physical safeguards to insure the
security and confidentiality of records.

Agencies are to evaluate all means used to control personally
identifiable information, including procedures and restrictions on its
use or removal beyond agency premises or control, OMB said. Agencies
will include the results in their next report in the fall detailing
compliance with the Federal Information Security Management Act.

Within the next 30 days, agencies are to remind their employees of
their specific responsibilities for safeguarding personally
identifiable information, the rules for acquiring and using such
information, and the penalties for violating these rules.

Under FISMA and related policy, agencies are to "promptly and
completely" report security incidents to proper authorities, including
the inspector general, law enforcement authorities and, under some
circumstances, the Homeland Security Department.



_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] OMB to agencies: Review personal data protections, InfoSec News <=
Previous by Date:  [ISN] IM worm installs 'safe' Web browser, InfoSec News
Next by Date:  [ISN] eBay security chief slams online crime 'hype', InfoSec News
Previous by Thread:  [ISN] IM worm installs 'safe' Web browser, InfoSec News
Next by Thread:  [ISN] eBay security chief slams online crime 'hype', InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]