Group items matching

in title, tags, annotations or url

Government Information Security Podcasts As a GovInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info Insights on the Insider Threat: Randy Trzeciak of Carnegie Mellon's CERT February 25, 2009 We all know the risk of the insider threat is high, but what are the specific vulnerabilities for which organizations should be particularly vigilant? In an exclusive interview, Randy Trzeciak of Carnegie Mellon's CERT program discusses recent insider threat research, including: Patterns and trends of insider crimes; Motives and means displayed in real insider cases; What employers and staffs can do to prevent and detect crimes. Trzeciak is currently a Senior Member of the Technical Staff for the Threat and Incident Management Team in the CERT Program at Carnegie Mellon University's Software Engineering Institute. He is a member of a team in CERT focusing on insider threat research, including insider threat studies being conducted with the US Secret Service National Threat Assessment Center, DOD's Personnel Security Research Center (PERSEREC), and Carnegie Mellon's CyLab.

Identity thieves are getting more clever and are increasingly using stolen information to get driver's licenses, employment and government assistance, according to a new report. The survey by the Identity Theft Resource Center also found that the greater awareness of this problem by the public has led to more people discovering they are victims themselves, through monitoring of their bank accounts and credit card statements. Typically, victims learned of their identity theft when they were denied a job or credit or were informed by law enforcement. "Most of our information is beyond our control," said Linda Foley, co-founder of the Identity Theft Resource Center, which surveys victims each year to see how identity theft is changing. "If a thief wants to get it, he will find a way to get it." The report covers the experiences of around 100 of the 1,500 people who were victimized in 2008 and contacted the center, a nonprofit that helps people recover from identity theft. Stolen personal information is now cheap - identities may sell on the black market for as little as 60 cents each - and thieves churn through them quickly to lower their chances of getting caught, Foley said. Rather than opening 10 or 20 credit card accounts in a victim's name, they now open two or three, charge as much as they can and move on to the next person. This raises the cost of identity theft to businesses, whose average loss to fraud nearly doubled last year to $90,107, up from $48,941 the year before.

Everywhere you look (even here at Ars), there are articles about people making poor decisions about what kinds of info and how much to share on sites like Facebook. The Internet is no longer a place where you can hide out easily-friends, family, and employers are all lurking, reading your embarrassing status updates and checking up on those drunken pictures from last week. And that's just the beginning-the world of social networking is a feeding ground for identity thieves and stalkers, too. But it doesn't have to be that way. Many users are aware that Facebook has numerous privacy controls, for example, but even the most experienced Facebook users often don't know just how much they can control who sees what. For instance, did you know that you can specify...

Identity theft concerns are focused on the security and necessity of the collection process. Collecting personal information just because you can is unsafe. Organizations can reduce privacy risks by not collecting unnecessary personal info. Once the data gets into the data life cycle pipeline, the cost of managing and destroying it escalates. The Federal Trade Commission estimates that as many as 9 million people have their identities stolen every year. According to the Privacy Rights Clearinghouse, more than 200 million instances of data breaches have occurred since the beginning of 2005, and they show no signs of letting up. In the first quarter of 2008 alone, more than 85 million incidents were reported. The causes of data breaches run the gamut: Hackers get unencrypted, transmitted data and data at rest; laptops are stolen or lost; storage Relevant Products/Services devices are lost by third-party shipping companies; flash drives or PDAs are left lying around; Social Security numbers are accidentally printed on envelopes; or data is found on discarded computers. This article examines the organizational risks to CPAs and their clients or corporate employers of improperly managed data throughout the data life cycle. It also discusses best data management practices and proper procedures for responding to a data breach. Data breaches, whatever the cause, are costly. According to a study by the Ponemon Institute, the average cost of a data breach in 2007 was $6.3 million. The average cost to an organization per record compromised is about $197, which is typically spent on phone calls for customer notification, providing free credit monitoring, discounts on membership fees, or discounts on merchandise to make up for the security Relevant Products/Services breach. Some organizations also experience an increase in customer turnover. The organization typically spends additional money in data protection Relevant Products/Services enhancements. Companies sanctioned by

The federal government would subsidize up to 65% of COBRA health insurance payments for many individuals who have lost their jobs since Sept. 1, 2008, under an $825 billion stimulus package unveiled by House Democrats. COBRA provisions are supported by health insurance groups, including America''s Health Insurance Plans and the National Business Group on Health. However, AHIP said other parts of the plan tying increased investment in health information technology to stricter scrutiny of how health IT records are handled would make it more difficult for plans to coordinate care and streamline administrative costs. Dubbed the American Recovery and Reinvestment Act, the House bill allocates $39 billion to aid individuals attempting to continue paying health insurance premiums through the 23-year-old Consolidated Omnibus Budget Reconciliation Act program. COBRA allows employees who are terminated or leave their jobs voluntarily to remain in their former employer''s group health plan for up to 18 months, which can be extended to 36 months for those with extenuating life circumstances. However, because COBRA enrollees can be charged up to 102% of the full cost of coverage, many find the plans prohibitively expensive and, according to Hewitt Associates Inc., only about 20% enroll. A recent report by the consumer group Families USA found monthly COBRA premiums for family coverage were $1,069, or 83.6% of the average monthly unemployment insurance benefit of $1,278. In nine states, average COBRA payments exceeded unemployment benefits, the group found. Health groups have been largely supportive of the proposal, with AHIP President Karen Ignagni writing in a letter to House Speaker Nancy Pelosi that the group believes the move would "help ensure continuity of coverage and serve as an important lifeline for many workers who do not qualify for Medicaid, but still need help paying their health insurance premiums."

The offshoring of business processes has become increasingly popular. Fueled by advancements in technology, the benefits of offshoring are primarily attributable to the savings from lower personnel costs at foreign locations. According to the Global Financial Services Offshoring Report 2007 by Deloitte & Touche U.SA LLP, over 75% of major financial institutions report offshoring a portion of their operations. Some economists estimate that up to one-third of total U.S. employment in services may ultimately be offshored (Steve Lohr, "At IBM, a Smarter Way to Outsource," The New York Times, July 5, 2007). Offshore entities often operate in developing countries such as India, China, Pakistan, the Philippines, and Vietnam. The offshoring of business processes generally takes two forms: outsourcing to an unaffiliated offshore entity (offshore outsourcing), or ownership and operation of an affiliated offshore entity (AOE). Many multinational companies have AOEs. For example, Accenture has more employees in India than in the United States; IBM is projected to have more than one-quarter of its workforce in India by 2010; and companies like General Electric, Eli Lilly, Google, and Microsoft are expanding their R&D centers in India and China (House Committee on Science and Technology, June 12, 2002). Offshoring and the Auditing Profession The potential benefits of offshoring have not been ignored by the accounting profession. In past years, several large public accounting firms began using AOEs to perform certain nonaudit procedures for their U.S.-based clients. For example, Ernst & Young uses AOE employees to prepare client tax returns (Vanessa Houlder, "E &Y Sends Compliance Work Offshore," Financial Times, July 11, 2007), and a number of accounting firms use AOEs to print documents for delivery to clients. The largest international public accounting firms have recendy begun testing the offshoring of certain auditing procedures on very large U.S. audit engagements to thei

Imagine this nightmare scenario: You've contracted with a vendor to enter personnel data into a new computer system. You give the vendor confidential data regarding your employees, including their Social Security numbers, addresses, names of dependents, health records and bank account routing numbers. Then the vendor notifies you that employee data was somehow stolen or lost. What do you do? It happens more often than anyone would like to admit. The Federal Trade Commission estimates that 9 million Americans have their identities stolen each year. More than 262 million records have been breached since January 2005

California regulators have fined Kaiser Permanente Bellflower (Calif.) Medical Center $250,000 for failing to keep workers from peeking at the electronic health records of Nadya Suleman, who gave birth to octuplets at the hospital in January. The fine is the first under a new state law, which took effect in January, aimed at protecting patient medical records at hospitals and carries the maximum penalty allowable. Twenty-three unauthorized staff and physicians accessed the medical records, including some at other Kaiser facilities. Seven people viewed the records more than once, according to the California Public Health Department, which licenses hospitals in the state. Kaiser fired one person who peeked at Suleman's records, 14 others resigned and eight were disciplined.

Why employers should actually perform background checks.

A former Texas lottery worker was arrested while training for a new job Tuesday - his fourth with the state - and charged with illegally "possessing" personal information on 140 lottery winners and employees, including their names and Social Security numbers. Joseph Mueggenborg was still working for the Lottery Commission in 2007 when he allegedly took the information, which was discovered last year on a state computer at the Comptroller of Public Accounts where he later was employed. He was fired and the information was turned over to criminal investigators. When arrested Tuesday, however, the computer analyst was training for yet another job, at the Texas Department of Licensing and Regulation. Travis County prosecutor Jason English said it was "concerning" that the man was still working for the state after being fired by the comptroller. Susan Stanford, a spokeswoman for the Texas Department of Licensing and Regulation, said the department was unaware Mueggenborg had been fired and was under investigation when he was hired as a systems analyst three weeks ago. He was receiving job-related training at the time of his arrest, she said. The department has secured Mueggenborg's computer and begun a forensic study.

If you think the biggest threat to your sensitive information lies in network security, think again. Once a criminal is inside a building, there are limitless possibilities to what that person can access or damage. Take a look at your building's security. How easy is it to get inside?

Good awareness video to make employees & employers think about physical security ramifications