Skip to main content

Home/ Groups/ WPPS NEWS
sandy ingram

Six Ways to Stay Safe Online During National Cyber Security Awareness Month | ProtectMyID - 0 views

  • 1. Keep a Clean Machine. • Keep security software current: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. • Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option. • Protect all devices that connect to the Internet: Along with computers, smart phones, gaming systems, and other web-enabled devices also need protection from viruses and malware. • Plug & scan: “USBs” and other external devices can be infected by viruses and malware. Use your security software to scan them.
  • 2. Protect Your Personal Information.
  • 3. Connect with Care.
  • ...16 more annotations...
  • Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.
  • Secure your accounts: Ask for protection beyond passwords. Many account providers now offer additional ways for you to verify who you are before you conduct business on that site.
  • Own your online presence: When available, set the privacy and security settings on websites to your comfort level for information sharing. It’s ok to limit who you share information with.
  • • Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals. • Write it down and keep it safe: Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer.
  • When in doubt, throw it out: Links in email, tweets, posts, and online advertising are methods cybercriminals use to compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or if appropriate, mark as junk email.
  • Get savvy about Wi-Fi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.
  • Protect your $$: When banking and shopping, check to be sure the site is security enabled. Look for web addresses with “https://” or “shttp://”, which means the site takes extra measures to help secure your information. “Http://” is not secure.
  • Be Web Wise.
  • Stay current. Keep pace with new ways to stay safe online. Check trusted websites for the latest information, and share with friends, family, and colleagues and encourage them to be web wise.
  • Think before you act: Be wary of communication that implores you to act immediately, offers something that sounds too good to be true, or asks for personal information.
  • Back it up: Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely.
  • Help the authorities fight cybercrime: Report stolen finances or identities and other cybercrime to the Internet Crime Complaint Center (www.ic3.gov) and to your local law enforcement or state attorney general as appropriate.
  • Safer for me more secure for all: What you do online has the potential to affect everyone – at home, at work and around the world. Practicing good online habits benefits the global digital community. • Post only about others as you have them post about you.
  • 6. Be a Part of Our Shared Responsibility
  • 5. Be a Good Online Citizen.
  • Let others know: Tell your family, friends, and colleagues about National Cyber Security Awareness Month and encourage them to get involved in cybersecurity education. If we are to maximize the potential of a digital society, we must protect the resource that makes it possible. The Internet is a shared resource and securing it is Our Shared Responsibility.
  •  
    National Cyber Security Awareness Month is here and we want you to get involved! You don't have to be a technology expert to do your part in securing cyberspace - it's as simple as STOP. THINK. CONNECT. (www.stopthinkconnect.org) The Internet is a shared resource and securing it is Our Shared Responsibility. Here are some tips and advice to get you started:
sandy ingram

Apple's iPhones and Google's Androids Send Cellphone Location - 1 views

  •  
    Apple Inc.'s iPhones and Google Inc.'s Android smartphones regularly transmit their locations back to Apple and Google, respectively, according to data and documents analyzed by The Wall Street Journal-intensifying concerns over privacy and the widening trade in personal data. Google and Apple are gathering location information as part of their race to build massive databases capable of pinpointing people's locations via their cellphones. These databases could help them tap the $2.9 billion market for location-based services-expected to rise to $8.3 billion in 2014, according to research firm Gartner Inc.
sandy ingram

Health Net Criticized For Data Loss Notification Delay - 0 views

  •  
    Health Net, one of the nation's largest managed care providers, has come under fire for failing to quickly disclose that nine computer drives are missing, drives that contain health and other personal data on nearly 2 million customers, employees, and healthcare providers. It appears that Health Net was told on Jan. 21 that the drives went missing from its data center in Rancho Cordova, Calif., but didn't reveal the loss until March 14.
sandy ingram

NIST Issues Cloud Security Guidelines - 0 views

  • Security has always been a worry, especially for the federal government, when it comes to cloud computing, and the NIST guidelines should give the government the advice it's been waiting for to move full steam ahead. One of the new documents, NIST Special Publication (SP) 800-145, defines cloud computing, while the other, SP 800-144, sets guidelines for security and privacy.
  • In addition to thinking of security first, organizations also should ensure, if using a public cloud from a service provider, that it meets designated security and privacy requirements. They also should see to it that their client-side computing environment can meet the same standards as well, according to NIST.
  •  
    "Organizations implementing cloud computing should think about security first before deploying a production environment, according to the National Institute of Standards and Technology (NIST)."
sandy ingram

Security Versus Compliance - 0 views

  • The goal of security and compliance are the same.  They both attempt to prevent theft and fraud.  However, the methodologies to achieve this differ between a security-centric vs. compliance-centric approach.  And with compliance-centric approaches providing the currency, we will achieve limited security improvements.
  • By definition, Information Security teams need to fully identify the vulnerabilities and threats that exist in the IT infrastructure, advise its business leaders, and protect it.  Security teams should be brutally honest and expose the true technical risks.  This will allow business leaders to make informed decisions—should they fight the risk, or should they willingly accept that the risks exist and fight it another day. 
  • The goal for a Compliance team is to ensure that the business complies with a set of regulations (which includes a security subtext).  Whether the regulations are government imposed or industry imposed, the reason they exist is to make certain that a minimum security baseline is met. 
  • ...4 more annotations...
  • This is certainly a good thing.  However, if a corporation’s security culture primarily focuses on just being compliant, then it will leave itself exposed. I’m sure you’ve heard of Albert Gonzalez and the companies that he and his associates victimized?  Some of those organizations were PCI-compliant, weren’t they?
  • A security culture that relies on just complying with regulations will always lag behind the threats.  Waiting to make changes based on independent security audits is not the formula for good data protection.  Changes to the PCI Data Security Standard occur every 2 years.
  • Security practitioners need to step up and fight the right battle and make database security a priority in compliance projects.
  • Remember, good security = compliance, but compliance ≠ good security.
  •  
    "I have been witnessing an overall maturation in Information Security and Information Assurance teams as they develop greater skill sets in the database security arena where traditionally, their skill sets have leaned more to perimeter and network security. However, projects that lead to better protection of databases do not start organically within the security organization; instead, they are fostered by compliance initiatives. This is where security and compliance are sometimes opposing."
sandy ingram

Top five ways to become id theft victim on Facebook - 0 views

  • That narcissistic rant about your boss is not the only stupid post you can make on Facebook.
  • Seemingly innocuous information like your birthday, where you went to elementary school or your pet’s name can be a gold mine for identity thieves. “Facebook is being used to gather intelligence to crack the code of a password reset,” said Robert Siciliano, a Boston-based identity theft expert and McAfee consultant. For example, when you open an online banking account, you’ll give answers to security questions the bank will ask should you forget your password. Queries like where you met your wife, your high school, your place of birth. “The answer to those questions are in your Facebook account,” Siciliano said. Ironically, picking off that information on Facebook is legal, and certainly not as exhaustive or dirty as rifling through somebody’s trash can. In a sense, the computer has become the virtual trash can for identity thieves.
  • “Even listing daily activities can let strangers know your routine and put you at risk,” National Foundation for Credit Counseling spokeswoman Gail Cunningham said. “In other words, if you’re too revealing, you’re asking for trouble, as predators often cruise these sites hoping to steal your personal information for their gain.”
  • ...11 more annotations...
  • And all somebody needs is your name, birthday and a few other pieces of information and they’re ready to open that new credit card account in your name.
  • Jeremy Miller, director of operations for Kroll Fraud Solutions in Nashville, Tenn., said a person’s birthday is one-third of what thieves consider the holy trinity of personal information, which can make it easy for a crook to open accounts, rent homes and gain employment under your name.
  • Even that tweet can be a thief’s friend. You’re at the bank one day. As such, you feel compelled to tweet that you’re making a deposit. The message also mentions the bank and branch. The next day there is an e-mail purporting to be from your bank. There was a problem with your deposit. The e-mail includes the specific branch you were at and the time you made the deposit. It also asks for account information.
  • Compromise your Facebook user name and password: Once a thief can access your account, he can exploit the trust that exists between you and your friends for financial gain. Use a different user name and password for each of your key online accounts, including Facebook.
  • “My Facebook page is all business — no kids’ names, pet names,” identity theft expert Siciliano said. “It’s not just friends that look at your Facebook page, but maybe a potential employer, in some cases your current employer. Your Facebook page is only as secure as your next friend or family member you are connected to. So security in social media is an illusion.”
  • “Friend” people you don’t know: Treat your friends online like your friends offline — get to know them before you share your life.
  • Ignore privacy settings: When your privacy settings are configured to share with everyone, the information you give to Facebook is publicly available, in some cases even to search engines
  • Overshare information: Understand that broadcasting pieces of information that are often the answers to “secret questions” asked by banks or other account holders.
  • Top five ways to become id theft victim on Facebook
  • Click on a weird link sent by a friend: Thieves, who take over Facebook accounts, often post links to offers or deals intended to trick friends into providing information that they can then use to commit more financial crimes.
  • SOURCE: TrustedID
  •  
    "Palin's Yahoo! e-mail account was breached in 2008 after the hacker reset her password by getting answers to personal questions via Wikipedia and a Google search. The National Foundation for Credit Counseling warns that social media accounts can be ground zero for identity thieves. Sure, social media can be a great way to connect with friends and family, but users need to be aware of the risks of sharing too much information."
sandy ingram

It's not a privacy 'breach' when information about you is out there already - 0 views

  • If your WiFi is open, anybody can read your traffic at will. That's why Google itself began encrypting the logins of Gmail users years ago, a measure that ensures that an eavesdropper will pick up gibberish instead of usernames and passwords.
  • But if you think that your unsecured WiFi's privacy issues ended with Google's surrender, you are a fool. The people you need to worry about don't drive around neighborhoods in cars equipped with bulky camera rigs, and they won't apologize for eavesdropping because they'll be too busy logging into your accounts.
  • Don't get mad at Google in that scenario - save your anger for WiFi vendors who can't be bothered to make it easy and obvious to encrypt your network. Then direct it toward Web operators who don't automatically encrypt your login - or, in the case of sensitive financial sites, your entire session.
  • ...2 more annotations...
  • A real privacy breach doesn't involve a remix or collection of data that's already out there for anybody to see - even if using the words "hack" or "breach" in a headline makes the story that much juicier.
  • A real breach exposes private information you tried to keep confidential, in ways that risk the loss of money or security or otherwise fairly earn the adjective "Orwellian."
  •  
    "For example, this summer, Wired noted that Jane Harman (D.-Calif.), chairman of a House subcommittee on intelligence, information sharing and terrorism risk assessment, had left her District residence's wireless networks open."
sandy ingram

An open and shut case for group legal plans - Sales Strategies - Benefits Selling - 0 views

  • Employers continue to seek the best business and benefit strategies to ensure benefit dollars go as far as possible and provide coverage that employees want and need. Not surprisingly, the insurance marketplace has responded. Leading insurers have a laser-like focus on delivering the right products, services and technology to their customers.
  • Producers are working to keep clients close and the competition at arm’s length by providing clients with high quality products and solutions.
  • Growth in Legal Plans A 2009 Society of Human Resource Management study identified legal services as one of the fastest growing among voluntary benefits. Legal services have enjoyed sales growth of more than 20 percent annual sales growth in recent years. Still, about three out of four Americans don’t have legal coverage
  • ...4 more annotations...
  • An ARAG-Russell Research national study last year reported that eight out of 10 Americans were concerned about financial-related legal matters (e.g., estate planning, contractor issues, identity theft), and that seven out of 10 Americans experienced legal needs (e.g., credit trouble, contracts, caring for family members) in a 12-month period.
  • While the study noted that legal issues happen to anyone at any time, most people said they didn’t have a plan to pay for legal expenses that could occur.
  • Various studies have shown personal issues affect employee engagement, work-life balance, absenteeism and job performance – often creating difficulties and relationship problems in the workplace and on the home front. Legal plans can provide employees with accessible, affordable and responsive professional services and resources to help prevent or resolve legal-related issues that distract and disturb them.
  • Given the frequency and severity of legal needs and the scarcity of protection, there’s clearly a large, underserved market for group legal plans. Group legal plans are obviously relevant and timely in today’s benefits market since they provide protection, security and peace of mind and contribute to a sense of legal wellness
  •  
    "Uncertainty reigns in the new benefits world for employers, insurers and producers. That's completely understandable given all they've been through. National health care reform, the regulatory environment and the one of the biggest economic downturns since the Great Depression have made benefits executives wary about adding benefits or costs to current programs."
sandy ingram

Retail sector hit hardest by targetted cyber attacks in October up 77% since 2005 #cybe... - 0 views

  •  
    For the first time, targeted attacks hit the retail sector hardest, increasing from a steady monthly average of 0.5% of all attacks over the past two years, to 25% in October, when one in 1.26 million emails was linked to a targeted attack. While targeted e-mails are typically in low volume, they are one of the most damaging types of malicious attacks, said Paul Wood, senior analyst at MessageLabs Intelligence. "We have seen a constant influx of targeted attacks over the past six months with the type of organization targeted changing on a monthly basis and the number of targeted users increasing each month", he said.
sandy ingram

Agencies Unlikely To Meet Cybersecurity Compliance Deadline -- Government Cybersecurity - 0 views

  • In all, only 15% of the high-ranking government IT officials who were surveyed as part of the study in July said they had used CyberScope. While those who had used the tool rated it with an "A" or "B" grade, the rest largely say they don't understand CyberScope's goals and submission requirements.
  • Assess the present threat environment; discover the limitations in existing approaches
  • These findings come despite the fact that CyberScope was introduced in October 2009, that the Department of Homeland Security has been offering CyberScope training, and that top officials like federal CIO Vivek Kundra have repeatedly discussed CyberScope's value in addressing concerns about FISMA.
  • ...1 more annotation...
  • "November is right around the corner and Feds should realize the value in embracing this new FISMA reporting tool," Tom Conway, director of federal business development at McAfee, said in a statement. "We are working diligently with our federal customers to help leverage their current large investments in security solutions to meet this new compliance mandate."
  •  
    While the White House's Office of Management and Budget has set a deadline of November 15 for federal agencies to begin submitting their cybersecurity compliance reports via a new application called CyberScope, rather than with voluminous stacks of paper, 85% of federal cybersecurity managers have yet to use the new software, according to a recent survey.
sandy ingram

IE9 Beta Warns of Malware - 0 views

  • With IE9, appropriately signed executable files that are frequently downloaded from the web will run without a warning prompt. However, if the selected executable file is not a commonly downloaded program, IE9 will notify the user that it could be harmful, noted Internet Explorer General Manager Dean Hachamovitch.
  • "IE9's download manager is like an early warning system against malware that is based on application reputation," Hachamovitch said Wednesday. "That's a nice way to say stranger danger for downloads."
  • Empowering Browser Users Like other web browsers, the IE9 beta features a combined address bar where users can type web addresses as well as start searches -- but with one notable difference, Hachamovitch observed. "IE9 respects your privacy and doesn't send your keystrokes to search services by default," he said.
  • ...3 more annotations...
  • IE9 beta notifies PC users when add-ons are slowing their browsing sessions. "Add-ons cause 75 percent of all crashes in Internet Explorer,"
  • IE9 makes it very clear what's going on so that the user can decide whether to disable add-ons that are less useful or too slow, he added.
  • By pinning favorite web sites to the PC task bar, users will be able to speed up web interactions by accessing frequently visited pages directly from the desktop without first opening the browser. Moreover, the web site's branding is visually evident on the desktop with distinctive icons and color schemes.
  •  
    Explorer 9 beta release, which became available for download Wednesday, integrates several new features that improve security and privacy and give PC users greater control over the browser's
sandy ingram

Is Stuxnet the 'best' malware ever? - Expert calling it "Groundbreaking" - 0 views

  • "It's amazing, really, the resources that went into this worm," said Liam O Murchu, manager of operations with Symantec's security response team. "I'd call it groundbreaking," said Roel Schouwenberg, a senior antivirus researcher at Kaspersky Lab. In comparison, other notable attacks, like the one dubbed Aurora that hacked Google's network and those of dozens of other major companies, were child's play.
  • Schouwenberg should know: They work for the two security companies that discovered that Stuxnet exploited not just one zero-day Windows bug but four -- an unprecedented number for a single piece of malware.
  • Microsoft confirmed that the worm was actively targeting Windows PCs that managed large-scale industrial-control systems in manufacturing and utility firms.
  • ...4 more annotations...
  • Those control systems are often referred to using the acronym SCADA, for "supervisory control and data acquisition." They run everything from power plants and factory machinery to oil pipelines and military installations.
  • At the time it was first publicly identified in June, researchers believed that Stuxnet -- whose roots were later traced as far back as June 2009 -- exploited just one unpatched, or "zero-day," vulnerability in Windows and spread through infected USB flash drives.
  • On Aug. 2, Microsoft issued an emergency update to patch the bug that Stuxnet was then known to exploit in Windows shortcuts. But unbeknownst to Microsoft, Stuxnet could actually use four zero-day vulnerabilities to gain access to corporate networks. Once it had access to a network, it would seek out and infect the specific machines that managed SCADA systems controlled by software from German electronics giant Siemens.
  • Iran was hardest hit by Stuxnet, according to Symantec researchers, who said in July that nearly 60% of all infected PCs were located in that country.
  •  
    "The Stuxnet worm is a "groundbreaking" piece of malware so devious in its use of unpatched vulnerabilities, so sophisticated in its multipronged approach, that the security researchers who tore it apart believe it may be the work of state-backed professionals"
sandy ingram

SurveyHigh storage costs, long backup windows, litigation risk and inefficient eDiscove... - 0 views

  • Enterprises are retaining far too much information. Seventy-five percent of backup storage consists of infinite retention or legal hold backup sets. Respondents also stated that 25 percent of the data they back up is not needed for business or should not be kept in a backup.
  • Enterprises are misusing backup, recovery and archiving practices. Seventy percent of enterprises use their backup software to implement legal holds and 25 percent preserve the entire backup set indefinitely. Respondents said 45 percent of backup storage comes from legal holds alone
  • Differences in how IT and legal respondents cited top issues for lack of an information retention plan Forty-one percent of IT administrators don’t see a need for a plan, 30 percent said no one is chartered with that responsibility, and 29 percent cited cost.
  • ...5 more annotations...
  • Storage costs are skyrocketing as over retention has created an environment where it is now 1,500 times more expensive to review data than it is to store it,
  • Backup is not an archive, and it is not recommended to use backup for archiving and legal holds
  • Enterprises should also develop and enforce information retention policies (what can and cannot be deleted, and when) automatically. Automated, policy-driven deletion creates less risk than ad-hoc, manual deletion.
  • Paper policies that are not executed can be a litigation risk.
  • Enterprises should deploy data loss prevention technologies to measurably reduce their risk of data breaches, demonstrate regulatory compliance and safeguard their customers, brand and intellectual property.
  •  
    MOUNTAIN VIEW, Calif. - August 4, 2010 - Symantec Corp. (Nasdaq: SYMC) today released the findings of its 2010 Information Management Health Check Survey, which highlights that a majority of enterprises are not following their own advice when it comes to information management. Eighty-seven percent of respondents believe in the value of a formal information retention plan, but only 46 percent actually have one. Survey results also found that too many enterprises save information indefinitely instead of implementing policies that allow them to confidently delete unimportant data or records, and therefore suffer from rampant storage growth, unsustainable backup windows, increased litigation risk and expensive and inefficient discovery processes.
sandy ingram

New Vishing Spree [mobile scam] Strikes U.S. - 0 views

  • Recently, we've seen them pop up in low-fraud, small places," hitting markets where consumers might not be so savvy or prepared for a socially engineered attack, says John Buzzard, who oversees client relations for FICO's Card Alert Service, which provides decision management and predictive analytics solutions for card issuers.
  • Vishing and smishing have replaced the traditional e-mail phishing attacks that were more prevalent three years ago, he says. Since January, the documented number of traditional e-mail or phishing attacks has significantly dropped. "What's replacing them are these new waves of text and person-to-person scams," Buzzard says, "and they're not being tracked."
  • As e-mail spam filters have become more sophisticated, fraudsters have turned to other socially engineered methods that prey on consumers' trust. The common use of mobile devices makes smishing an easy scheme. SMS/text-based banking, which is quickly growing to become a mainstream mobile banking service, is helping to set the stage for smishing, says Ray Spreier, chief information officer for Mid Oregon Federal Credit Union. The Bend-based credit union, with $140 million in assets, was one of the institutions targeted in August.
  • ...2 more annotations...
  • As more people sign on for text-based banking, Spreier says, fraudsters will be more likely to target it as a channel for fraud. "I think we can expect to see the look and the feel of these (text) attacks to get better, making it hard for the member to recognize the difference between what is coming from the credit union and what is not."
  • Vishing, because it hooks the consumer directly, through a landline or mobile phone, is hard for a financial institution to detect and control. "Vishing is a relatively low-tech crime," Siciliano says. But perpetrators of this type of crime are getting more organized than they've ever been before. In some cases, Siciliano says, fraudsters are getting actual phone lists of banking customers by means as simple as old-fashioned dumpster-diving. "To throw away a list of phone numbers in a dumpster can compromise your existing client base,
  •  
    As e-mail spam filters have become more sophisticated, fraudsters have turned to other socially engineered methods that prey on consumers' trust. The common use of mobile devices makes smishing an easy scheme. SMS/text-based banking, which is quickly growing to become a mainstream mobile banking service, is helping to set the stage for smishing, says Ray Spreier, chief information officer for Mid Oregon Federal Credit Union. The Bend-based credit union, with $140 million in assets, was one of the institutions targeted in August.
sandy ingram

Very small firms with fewer than 20 employees already spend 45% more per employee than ... - 0 views

  • And yet, right on cue, a study released by the pithily named Transactional Records Access Clearinghouse at Syracuse University shows the IRS has increased its audit hours of small businesses (those with less than $10 million in assets) by 30% over the last five years
  • Very small firms with fewer than 20 employees already spend 45% more per employee than larger firms to comply with federal regulations, according to the SBA.
  • At the same time, large corporations’ audit hours are down 33%. The average amount of “underreporting” found for each audit hour of a small- or midsized business was $1,025. For a large corporation, it was $9,354.
  • ...3 more annotations...
  • Individual sectors are also getting hit hard… The financial reform law is hitting small community banks with big regulatory hurdles. “We will no longer be able to evaluate loan applications based solely on the creditworthiness of the borrower,” complains Sarah Wallace, chairwoman of a small thrift in Ohio, in The Wall Street Journal. “We will be making regulation compliance decisions, instead of credit decisions
  • Individual sectors are also getting hit hard… The financial reform law is hitting small community banks with big regulatory hurdles. “We will no longer be able to evaluate loan applications based solely on the creditworthiness of the borrower,” complains Sarah Wallace, chairwoman of a small thrift in Ohio, in The Wall Street Journal. “We will be making regulation compliance decisions, instead of credit decisions ”
  • It’s not just the Feds looking for a piece of these guys. Small businesses are looking juicy to revenue-starved state governments
sandy ingram

Cyber Bill: Your agency's cybersecurity mandate could soon change from compliance to co... - 0 views

  • If you're a CIO or CISO, Hathaway said, expect to look at continuous performance monitoring. The House version of the bill also addresses minimum standards, and may mean a closer look at keeping your IT supply chain safe from infected or counterfeit hardware.
  • The last element could mean the biggest change of all. Hathaway says that CIOs and CISOs can expect to play a greater role in the agency's operations. She expects FISMA reform would give CIOs and CISOs more involvement in the IT and general acquisitions process, which could give them more of a voice within the front office of their agency
  • "I believe that the CIO and CISO will become one of the foundational offices" at agencies across government, Hathaway said. But CIOs and CISOs will need more training and resources to fulfill the new responsibilities FISMA II envisions for them.
  • ...3 more annotations...
  • In May, Hathaway released a report of all of the cybersecurity-related bills in Congress. What was a list of 52 bills, Hathaway said, is now down to two that could actually impact agencies' cybersecurity mandate: the National Defense Authorization Act and the Intelligence Authorization Act.
  • Hathaway said there are a few simple things that could change the cybersecurity strategy across the government. Among them is increasing the flow of information through broader monthly threat briefings and daily updates.
  • In the last 18 months, Hathaway said, cybersecurity threats have gotten far more stealthy and there is an understanding that it's not just an Internet-based threat. Those threats can come from a multi-media device internally or even a wifi device.
  •  
    NDAA contains provisions that would reform the Federal Information Security Management Act of 2002. Hathaway said it would move the current security review standard from compliance to continuous monitoring. The proposed FISMA reform would also have an impact on the role of chief information officers or chief information security officers.
sandy ingram

IBM delivers Big Fix for compliance management - 0 views

  •  
    IBM has today launched compliance management software, helping businesses identify when PCs, laptops, servers, point-of-sale or virtualised devices are not in compliance with corporate policies. The launch resulted from the company's acquisition of BigFix, a systems and security management company, and has arrived just over a month from IBM first announcing its intent to acquire the technology. The BigFix Unified Management Software Platform can monitor up to 500,000 machines centrally. Organisations can see, change, enforce and report on security policies and system configurations in real time, even for devices not continuously connected to the network.
  •  
    Visa's top 10 1. Perform background checks on new employees and contractors prior to hire. 2. Maintain an internal and external software security training and certification curriculum. 3. Follow a common software development lifecycle across payment applications. 4. Ensure newly released payment application versions are PA-DSS compliant. 5. Conduct application vulnerability detection tests and code reviews against common vulnerabilities and weaknesses prior to sale or distribution. 6. Actively identify payment application versions that store sensitive authentication data and/or retain critical security vulnerabilities, and notify all affected customers. 7. Maintain customer service level agreements stating that only PA-DSS compliant payment application versions will be sold and supported. 8. Implement an installer, integrator and reseller training and certification programme that enforces adequate data security processes when supporting customers. 9. Adhere to industry guidelines for data field encryption and tokenisation across payment applications that use these technologies. 10. Support capability of dynamic data solutions across payment applications.
sandy ingram

Visa lays down the law of PCI compliance - 0 views

  •  
    Ahead of new security requirements, set to be applied in the next few weeks, Visa has released 10 commandments for vendors to follow to ensure their security best practices exceed basic compliance. The Payment Card Industry Security Standards Council (PCI-SSC) outlined proposed changes to payment card industry regulations two weeks ago. Visa has teamed up with the SANS Institute to develop a list of pointers for acquirers, merchants and agents.
sandy ingram

Pryor, Rockefeller Introduce Legislation to Protect Consumers' Personal Information and... - 0 views

  • “Data security breaches can wreak havoc on people’s lives, leading to identity theft and threatening families’ financial stability,” said Senator Pryor, Chairman of the U.S. Senate Subcommittee on Consumer Protection, Product Safety, and Insurance. “As more and more of our personal information is collected and stored online and on computers, we need to ensure that the businesses storing this information are keeping it safe and giving us quick warning if it falls into the wrong hands.
  • “An estimated 9 million Americans have their identities stolen each year, resulting in destroyed credit ratings and legal troubles,” said Senator Rockefe
  • ller, Chairman of the U.S. Senate Committee on Commerce, Science, and Transportation.
  • ...8 more annotations...
  • The Data Security and Breach Notification Act of 2010 would require entities that own or possess data containing personal information to establish reasonable security policies and procedures to protect that data.
  • The Data Security and Breach Notification Act of 2010 would require
  • The Data Security and Breach Notification Act of 2010 would require
  • The Data Security and Breach Notification Act of 2010 would require entities that own or possess data containing personal information to establish reasonable security policies and procedures to protect that data.
  • The Data Security and Breach Notification Act of 2010 would require  entities that own or possess data containing personal information to establish reasonable security policies and procedures to protect that data . If a security breach occurs, entities would have to notify each individual whose information was acquired or accessed as a result of the breach within 60 days. Affected consumers would be entitled to receive consumer credit reports or credit monitoring services for two years, as well as instructions on how to request these services.
  • Data security breaches and identity theft are a growing problem in the United States. In 2009, the business industry experienced the greatest number of data breaches (41.8%), followed by government/military (18.1%) and education sectors (15.7%).
  • Data Security and Breach Notification Act of 2010
  • would require
  •  
    WASHINGTON, D.D.-U.S. Senators Mark Pryor (D-AR) and John D. (Jay) Rockefeller IV (D-WV) today introduced legislation to require businesses and nonprofit organizations that store consumers' personal information to put in place strong security features to safeguard sensitive data, alert consumers when this data has been breached, and provide affected individuals with the tools they need to protect their credit and finances. Currently, there is no single federal standard for guarding many types of consumer information.
sandy ingram

California Bill Would Strengthen Existing Breach Notification Law #breach #grc #infosec - 0 views

  • Because many states have similar content requirements and there are a number of websites that report on data breaches, passage of S.B. 1166 should not impose a significant burden in breaches involving individuals in multiple states. Nonetheless, companies should be alert to developments in California and be prepared to update their California data breach notification policies should the measure pass.  
  •  
    S.B. 1166 marks the third attempt by Senator Joe Simitian to amend the law in this manner. Both prior attempts were vetoed by the Governor Schwarzenegger. In addition to requiring notice to the State's Attorney General for certain breaches, his current effort would require notices stating: *a general description of the breach incident; *the type of information breached; *the date and time of the breach; *whether the notification was delayed because of a law enforcement investigation; and *a toll-free number of major credit reporting agencies if the breach exposed Social Security numbers, driver's license numbers, or state identification card numbers.
1 - 20 of 493 Next › Last »
Showing 20 items per page