WPPS C-Suite News

The three-month extension, coupled with this new guidance, should enable
businesses to gain a better understanding of the Rule and any obligations that
they may have under it. These steps are consistent with the House Appropriations
Committee's recent request that the Commission defer enforcement in conjunction
with additional efforts to minimize the burdens of the Rule on health care
providers and small businesses with a low risk of identity theft problems.
Today's announcement that the Commission will delay enforcement of the Rule
until November 1, 2009, does not affect other federal agencies' enforcement of
the original November 1, 2008, compliance deadline for institutions subject to
their oversight.

"Small business owners' cybersecurity policies and actions are not adequate enough to ensure the safety of their employees, intellectual property and customer data, according to the 2009 National Small Business Cybersecurity Study. The study, co-sponsored by the National Cyber Security Alliance (NCSA) and Symantec [Nasdaq: SYMC], as part of this year's National Cyber Security Awareness Month, surveyed nearly 1,500 small business owners across the United States
about their cybersecurity awareness policies and practices."

"Commonwealth Equity Services LLP of Waltham, Mass., agreed to pay the penalty
for failing to have anti-malware software on its reps computers or written
security policies to deal with security breaches. Securities brokers and
registered investment advisors are required by SEC regulations to have written
procedures to protect customer information."

The responsibility to oversee information security among federal agencies would shift to DHS from the White House Office of Management and Budget under revisions of the measure, nicknamed U.S. ICE, that updates IT security guidance detailed in the seven-year-old Federal Information Security Management Act (FISMA), according to a senior cybersecurity staff member on the Senate Committee of Homeland Security and Government Affairs.

In a presentation titled "Computing (strike that - Litigation) in the Cloud," Steven Teppler, senior counsel at KamberEdelson in New York, said cloud computing and services are a corporate counsel's nightmare.

According to The Wilson Organisation, insurers and underwriters are predicting a rise in white collar extortion as the recession continues to bite and unemployment figures increase. Worryingly many businesses do not have insurance
cover for data or business loss.

"According to a DTI Information Security Breaches Survey, a third of UK businesses think general business insurance
provides full cover for damage to the business arising from data loss," comments Wilsons' Simon Hoare, "but the reality is quite different, with very few businesses likely to be insured against the result of cyber attacks on its most
crucial management and business tool - corporate and customer information, most of which is today held on corporate IT systems.

"For public company directors, this is in fact in breach of their duties under the Turnbull Report, which requires them to identify, manage and take an informed opinion on the
transfer of risks for the business."

Complying with the Red Flags Rule:
A Do-It-Yourself Prevention Program for Businesses and
Organizations at Low Risk for Identity Theft

Computerworld - Compared to other key corporate
executives, CEOs appear to underestimate the
IT
security risks
faced by their own organizations, according to a survey of
C-level executives released today by the Ponemon Institute.

The topic of Cyber Terrorism has been a subject of many debates as to the reality of a significant event-taking place at the click of the button.

In recent media coverage we've seen the London & Spain train bombings being triggered remotely using one of the most world's most adopted technologies, a cell phone. Who would ever think that someone would use a cell phone as a trigger point for detonating a bomb? Additionally, who would ever think that a terrorist organization would realize that all cell phones on the same cellular network receives their time/date from the same network timeserver so everyone has the correct time. This has allowed them to conduct simultaneous attacks via sms or speed dial on their phone.

The ID Theft Center found that of the roughly 250 data breaches publicly reported in the United States between Jan. 1 and Jun. 12, victims blamed the largest share of incidents on theft by employees (18.4 percent) and hacking (18 percent). Taken together, breaches attributed to these two types of malicious attacks have increased about 10 percent over the same period in 2008.

specifically how they are required to prove audit compliance with respect to their use of electronic protected health information.

In 2008, 44% of breach incidents were due to third-party handling of data. With HITECH, organizations will now be held responsible for a third party's handling of your data

Heartland Payment Systems chief executive Robert Carr
remembers what it felt like when he first heard about the
massive data breach at his company earlier this year.

"I wanted to throw up. It was devastating," says Carr, recalling how he felt upon realizing that one of his worst fears had come true. "People had asked me for years 'what keeps you awake at night' and I would keep telling them it was the fear of a data breach,"

More enforcement coming

SOX 404(b) will matter

FCPA compliance

Focus on risk management

the creation of Cyber Command will not militarize overall U.S. government efforts to protect American government and private computer systems. That effort will be led by a Cyber Security Coordinator - a new position President Barack Obama says he will soon create at the White House.

The civilian effort will involve several agencies, including the Department of Homeland Security, the National Security Agency and the intelligence services, with help from the Defense Department. Lynn pledged it will not infringe on Americans' civil liberties - a concern some experts have expressed.

Over the last few years, both consumers and corporate clients have rushed to move their data to .the cloud,.1 adopting web-based applications and storage solutions provided by companies that include Google, Microsoft and Yahoo. Over 69% of Americans use webmail services, store data online, or otherwise use software programs such as word processing applications whose functionality is in the cloud. This trend is only going to continue.

The shift to cloud computing exposes end-users to privacy invasion and fraud by hackers. Cloud computing also leaves users vulnerable to significant invasions of privacy by the government, resulting in the evisceration of traditional Fourth Amendment protections of a person's private files and documents. These very real risks associated with the cloud computing model are not communicated to consumers, who are thus unable to make an informed decision when evaluating cloud based services.

Special interest groups and lawyers claim they are defenders of individual privacy. But all that red tape is causing more harm to consumers than good.

Google's cloud computing services. On its website, Google repeatedly assures customers that their data is secure and private, while published vulnerabilities demonstrate that it is not.

"The White House must lead the way forward with leadership that draws upon the strength, advice and ideas of the entire nation,"

Melissa Hathaway, acting senior director for cyberspace for the National Security and Homeland Security Councils.

Obama administration cybersecurity advisor

Does a bad economy increase crime? Analysts have debated that question for years, according to Mike McKee, senior special agent for the National Insurance Crime Bureau. While it's too soon for statistics to confirm whether recent events like the mortgage meltdown and an increase in unemployment truly lead consumers to commit more crimes, McKee said at least anecdotally the economic recession is affecting insurance fraud.