Monthly Archives: August 2009

Using Audio in Courses

Posted on August 28, 2009 by Steve Addison

OK – let’s start with a statement that should be obvious but clearly isn’t. Audio and video are NOT interactive (unless you count the student clicking on a “play” button). So, when you talk about interactive content, you need to … Continue reading →

Posted in Education | 2 Comments

IBM 2009 Mid-Year Trend and Risk Report

Posted on August 27, 2009 by Steve Addison

If you’re responsible for developing computer security training, the 2009 Mid-Year Trend and Risk Report from IBM should be required reading.

Posted in Information Security | Leave a comment

Social Engineering Attacks Still Alive and Well

Posted on August 27, 2009 by Steve Addison

CNET News recently reported that the AT&T account of convicted hacker turned security consultant Kevin Mitnick had been breached for the second time. Reportedly, the hacker(s) simply called a representative at an AT&T store in Idaho and asked them to … Continue reading →

Posted in Education, Information Security | Leave a comment

HIPAA /HITECH Breach Notification Applies to Deceased Individuals

Posted on August 26, 2009 by Steve Addison

In her Realtime IT Compliance blog, Rebecca Herold posted an article about the implications of the FTC’s Health Breach Notification Rule. As usual, it’s probably going to take a while for the dust to settle so that we can understand … Continue reading →

Posted in Compliance | Leave a comment

Reduce Your Carbon Footprint with Web-Based Training

Posted on August 25, 2009 by Steve Addison

I’m not sure if your CFO is going to accept this as a compelling reason to implement web-based training, but it’s interesting nevertheless. Learning Footprint has posted an online calculator which will help you to determine how much you could … Continue reading →

Posted in Education | Leave a comment

Fax Insecurity

Posted on August 24, 2009 by Steve Addison

Recently, I was working on a Cosaint end-user awareness course about fax security – when it’s safe to use a fax, how to protect faxed information … But, as I worked on it, I became increasing convinced that it’s never … Continue reading →

Posted in Information Security | 2 Comments

CMS Recommendations for Complying with the HIPAA Security Awareness Training Requirements

Posted on August 20, 2009 by Steve Addison

During 2008, the Centers for Medicare & Medicaid Services (CMS) Office of E-Health Standards and Services (OESS) reviewed ten HIPAA covered entities (CEs) for their compliance with the HIPAA Security Rule. They found that the CEs had problems in compliance … Continue reading →

Posted in Compliance, Education, Information Security | Leave a comment

Security Questions – Good, Bad and Just Plain Ugly

Posted on August 17, 2009 by Steve Addison

Most of us, at one time or another, have forgotten a password for a website. So we go to the ‘Forgot Your Password’ link, answer a simple question, and the password is reset or we get access to the account … Continue reading →

Posted in Information Security | Leave a comment

Create a Personal Connection

Posted on August 13, 2009 by Steve Addison

In a recent blog post, David Hopkins wrote about icebreaking activities for students that could be used to introduce them to a “Virtual Learning Environment” (VLE) at a college or university. This is really excellent stuff, albeit not directly relevant … Continue reading →

Posted in Education | Leave a comment

1 Course per Month Programs – Why I Don’t Like Them

Posted on August 11, 2009 by Steve Addison

Some organizations use a “1 course per month” approach to trickle security awareness training out to their staff – the intention being that they avoid overloading staff with a large amount of training upfront by dividing it up into more … Continue reading →

Posted in Compliance, Education | Leave a comment