Banks faced unique challenges during Hurricane Katrina. This report highlights the lessons they learned.

Read the entire interview of Matthew R. Bettenhausen, director, California Office of Homeland Security.

A comprehensive guide from NIST tells how to set up an information security program.

The annual Web@Work survey finds that employees launch hacking tool software on their network when clicking on nefarious links.

Specific measures aimed at preventing data breaches are delineated in this GAO report.

For a list of educational resources that can help deter identity theft, follow this link to the FTC Web site.

Looking for a way to get a heads-up on dangerous weather conditions? Check out the Smart Notification Weather Service for businesses.

New EEOC guidelines clarify how rules against discrimination in employment on the bases of race and color apply to everyday situations.

The FDA has announced new steps to strengthen existing protections against the growing problem of counterfeit drugs.

Why aren’t more airports opting out of using federal screeners? Read about the issue in a report from the Government Accountability Office.

A federal appeals court has ruled that an employee violated federal law when he destroyed information on his employer’s laptop.

An appellate court has ruled that singling out an employee and monitoring his work is not harassment unless the monitoring results in an adverse employment action.

This report released by COPS provides a framework for understanding student gatherings, specifically the problem of student party riots.

Companies have seen unexpected benefits from SOX compliance, according to this Harvard Business Review article.

The European Court of Justice has ruled that an information-sharing agreement between the United States and the European Union (EU) is invalid because it violates EU laws.

Not long after a data breach involving the Department of Veterans Affairs, David M. Walker, Comptroller General of the United States and head of the Government Accountability Office, gave testimony to a House committee on steps that can be taken to reduce the likelihood of personal data being stolen. The first is to conduct a privacy-impact assessment before deploying new systems; Walker noted that agencies do not always do this. He also recommended limiting the collection of personal information, and limiting the time that such information is retained. @ Privacy: Preventing and Responding to Improper Disclosures of Personal Information is available at SM Online.

There are so many threats in Iraq that it’s hard to know where to start: foreign jihadists, Shiite radicals, Baath party loyalists, and garden-variety criminals, to name a few. Add one unexpected threat to that list: private security providers. The U.S. Government Accountability Office has warned that the lack of criminal-background data on prospective private security personnel puts U.S. military forces and Iraqi civilians at risk. The threat is mainly from Iraqi and third-country personnel, testified William Solis, GAO’s director of defense capabilities and management, before the House Committee on Government Reform’s Subcommittee on National Security, Emerging Threats, and International Relations. @ The testimony is at SM Online.

Every U.S. state has an agency that handles public health, but how the public health apparatus functions from state to state diverges widely. Some agencies are freestanding, others are part of a larger health and human services department. The way they deal with local health agencies varies as well: some states centralize control over local health agencies, others grant local agencies wide latitude in operations, and still other states fall somewhere in between. The services provided by these agencies are also all over the map. Does the structure matter? Not really, say researchers at the RAND Corporation who recently examined “whether there is a link between how state and local public health departments are organized and the level of their emergency preparedness.” Read the report.

In a study conducted by Pratkanis for the Consumer Fraud Research Group, he writes that investment-fraud victims seemed to be actually more knowledgeable about investing than were nonvictims, supporting the adage that a little knowledge is a dangerous thing. He also describes the phenomenon of “mass customization,” in which con artists find out all they can about a customer and tailor their tactics to the person. One fraud artist who learned that a victim was religious managed to gain the woman’s trust by praying with her at the beginning of every conversation.@ The study is available via SM Online.

A bill (S. 2803) designed to improve mine safety and protect the health of mine workers has been approved by both houses of Congress and is awaiting the President’s signature. The bill would require mine operators to adopt and maintain an accident response plan for when miners are trapped. Under the bill, the plan would include redundant local communications systems, emergency air supplies, escapeways, emergency training, and wireless communication systems to allow contact between trapped miners and officials on the surface. To encourage new technology, the bill would provide grants for those developing new mine safety equipment. S. 2803 would also establish an interagency working group to share technology, research, and developments in mine safety and emergency response.

Two cargo security bills (S. 2459 and H.R. 4954) are pending in Congress. The two are companion bills. Lawmakers are expected to merge the two into a single bill. S. 2459, the GreenLane Maritime Cargo Security Act, has been approved by the Senate Homeland Security and Governmental Affairs Committee and has been taken up by the Senate. The bill would establish a program to certify all supply chain participants to increase security. The bill would also set minimum security standards for all cargo containers entering the United States and create a joint operations center to coordinate maritime commerce at a federal level. H.R. 4954, also referred to as the Security and Accountability for Every Port Act, or the SAFE Port Act, has been approved by the House and has now been taken up by the Senate. The bill would establish security standards for cargo containers and require nuclear and radiological detection screening at all U.S. seaports. The bill would also provide an extra $400 million annually in port security grants.

A bill (H.R. 4127) that would require that companies protect the personal information of customers has been approved by the House Energy and Commerce Committee, the House Judiciary Committee, and the House Financial Services Committee. The bill has now been taken up by the full House. H.R. 4127 would require that any company that holds or transmits individuals’ personal information establish security to protect that information. The bill would also require that information brokers set up reasonable procedures to verify the accuracy of information they collect, assemble, or maintain. H.R. 4127 prohibits information brokers from obtaining or attempting to obtain personal information through false pretenses. The bill defines false pretenses as making false statements or representations or providing counterfeit, lost, stolen, or fraudulently obtained documents.

A bill (S. 2668) introduced by Sen. David Vitter (R-LA) would require that companies incorporate RFID tagging technology, tamper-indicating technologies, and security packaging into all prescription drugs. These technologies would be used only to authenticate the integrity of the drugs and would not be used to transmit any identifying information about healthcare practitioners, consumers, or advertisers. S. 2668 has no cosponsors and has been referred to the Senate Health, Education, Labor, and Pensions Committee.

A new Oklahoma law (formerly S.B. 1709) requires that cities and towns in the state develop evacuation plans. The plans must give instructions on how to evacuate all citizens in the case of a disaster and must be reviewed annually. The plans must also include risk assessments, training of personnel, and annual exercises. Each town will be required to maintain an office of emergency management, which will be responsible for communications, warnings, and damage assessments. Town citizens will be given a copies of the plan.

A bill (A.B. 2809) pending before the California Assembly would require the state superintendent of schools to provide funds to school districts to promote school safety and reduce school violence. The bill would also require that the state department of education develop policies to prevent bullying and promote conflict resolution. The department would then make these policies available to individual schools.

If you are an IT security professional or are interested in becoming one, you’ll find a new career guide issued by (ISC)2 to be a helpful resource. The guide describes the types of jobs available (including typical job titles) and explores the various areas of expertise within information security, as well as educational requirements, technical skills needed, salary ranges, and the certifications that can help you advance your career. The guide also includes a list of schools offering IT security curricula and relevant professional associations. @ Career Guide: Decoding the Information Security Profession is at SM Online.

WeatherBug operates some 8,000 weather stations around the country, providing live local weather data to end users. “We’ve married this with detailed weather intelligence from the National Weather Service, radar information, [and] lightning information, and we can get down to a five-kilometer-grid resolution providing truly neighborhood-level weather information,” Jim Anderson, WeatherBug’s director of business development, explained in a recent Webinar.