Lura.net Blog » professional http://lura.net/blog Peek inside Lura's mind Thu, 02 Feb 2012 04:22:13 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 A Recent Clinton Admin PII Breach Affects Me! http://lura.net/blog/2009/07/a-recent-clinton-admin-pii-breach-affects-me.asp http://lura.net/blog/2009/07/a-recent-clinton-admin-pii-breach-affects-me.asp#comments Tue, 21 Jul 2009 21:39:00 +0000 Lura http://67.219.46.103/wordpress/?p=33 I received notice that “The National Archives Records Administration (NARA) learned in late March 2009 that an external hard drive containing a copy of Clinton Administration Executive Office of the President data is missing from a NARA processing room… The hard drive includes files that contain personally identifying information (PII.)” Specifically, this hard drive includes HR information… and I used to work at the White House… so my information was compromised.

The brochure also says what NARA is doing about the situation:

  • “NARA’s Office of Inspector General, with the assistance of the US Secret Service, has launched a full-scale criminal investigation into this incident. NARA is offering a reward of up to $50,000 for information leading to the recovery of the missing hard drive.
  • NARA informed the US Computer Emergency Readiness Team of the Department of Homeland Security, the White House Counsel’s Office, staff of our House and Senate Oversight Committees, and a representative of former President Clinton.
  • NARA is sending notification letters to affected individuals and offering free credit monitoring services to help protect individuals from identity theft.
  • NARA is revising its internal policies and procedures to ensure maximum protection of electronic and textual records containing PII. NARA is also implementing stringent physical and technical safeguards in place to protect protect personal information and prevent this type of incident from occurring in the future. Other initiatives include annual and refresher training for our employees and contractors to ensure they are familiar with privacy rules, regulations and standard operating procedures aimed at reducing the risk of breaches of PII.”

This is all pretty interesting stuff for me. My thoughts:

  1. I currently specialize in IT Compliance, which includes designing, implementing, and testing controls for protecting PII. I now have a new anecdote for sales meetings!
  2. I am annoyed that it took so long to inform me. Four months?!?! There’s time for some serious Identity damage in that amount of time!
  3. I am not particularly concerned, since I took Identity Theft protection measures after my computer was stolen… so much of the work is done… I’ll take up NARA on the extra protections, but it is duplicative at this point.
]]> http://lura.net/blog/2009/07/a-recent-clinton-admin-pii-breach-affects-me.asp/feed 0 Grandfathering In? http://lura.net/blog/2008/05/grandfathering-in.asp http://lura.net/blog/2008/05/grandfathering-in.asp#comments Tue, 13 May 2008 15:41:00 +0000 Lura http://67.219.46.103/wordpress/?p=171 Getting grandfathered into a new certification program seems so civilized and professional, but to date I haven’t been eligible. Now, however I think that I am actually eligible for the new “CGEIT” certification backed by ISACA. It stands for “Certified in the Governance of Enterprise IT.”

Filling out the required paperwork will be no picnic, but it should be easier than sitting for another one of ISACA’s mind-bending exams (this is the certification body behind the CISA.) The bigger problem with getting grandfathered into the program is that it costs a pretty penny. So I’ll see if my work wants to pay for it, since I sure don’t.

]]> http://lura.net/blog/2008/05/grandfathering-in.asp/feed 0