WPPS NEWS

National Cyber Security Awareness Month is here and we want you to get involved! You don't have to be a technology expert to do your part in securing cyberspace - it's as simple as STOP. THINK. CONNECT. (www.stopthinkconnect.org) The Internet is a shared resource and securing it is Our Shared Responsibility. Here are some tips and advice to get you started:

Apple Inc.'s iPhones and Google Inc.'s Android smartphones regularly transmit their locations back to Apple and Google, respectively, according to data and documents analyzed by The Wall Street Journal-intensifying concerns over privacy and the widening trade in personal data. Google and Apple are gathering location information as part of their race to build massive databases capable of pinpointing people's locations via their cellphones. These databases could help them tap the $2.9 billion market for location-based services-expected to rise to $8.3 billion in 2014, according to research firm Gartner Inc.

Health Net, one of the nation's largest managed care providers, has come under fire for failing to quickly disclose that nine computer drives are missing, drives that contain health and other personal data on nearly 2 million customers, employees, and healthcare providers. It appears that Health Net was told on Jan. 21 that the drives went missing from its data center in Rancho Cordova, Calif., but didn't reveal the loss until March 14.

"Organizations implementing cloud computing should think about security first before deploying a production environment, according to the National Institute of Standards and Technology (NIST)."

"I have been witnessing an overall maturation in Information Security and Information Assurance teams as they develop greater skill sets in the database security arena where traditionally, their skill sets have leaned more to perimeter and network security. However, projects that lead to better protection of databases do not start organically within the security organization; instead, they are fostered by compliance initiatives. This is where security and compliance are sometimes opposing."

"Palin's Yahoo! e-mail account was breached in 2008 after the hacker reset her password by getting answers to personal questions via Wikipedia and a Google search. The National Foundation for Credit Counseling warns that social media accounts can be ground zero for identity thieves. Sure, social media can be a great way to connect with friends and family, but users need to be aware of the risks of sharing too much information."

"For example, this summer, Wired noted that Jane Harman (D.-Calif.), chairman of a House subcommittee on intelligence, information sharing and terrorism risk assessment, had left her District residence's wireless networks open."

"Uncertainty reigns in the new benefits world for employers, insurers and producers. That's completely understandable given all they've been through. National health care reform, the regulatory environment and the one of the biggest economic downturns since the Great Depression have made benefits executives wary about adding benefits or costs to current programs."

For the first time, targeted attacks hit the retail sector hardest, increasing from a steady monthly average of 0.5% of all attacks over the past two years, to 25% in October, when one in 1.26 million emails was linked to a targeted attack. While targeted e-mails are typically in low volume, they are one of the most damaging types of malicious attacks, said Paul Wood, senior analyst at MessageLabs Intelligence. "We have seen a constant influx of targeted attacks over the past six months with the type of organization targeted changing on a monthly basis and the number of targeted users increasing each month", he said.

While the White House's Office of Management and Budget has set a deadline of November 15 for federal agencies to begin submitting their cybersecurity compliance reports via a new application called CyberScope, rather than with voluminous stacks of paper, 85% of federal cybersecurity managers have yet to use the new software, according to a recent survey.

Explorer 9 beta release, which became available for download Wednesday, integrates several new features that improve security and privacy and give PC users greater control over the browser's

"The Stuxnet worm is a "groundbreaking" piece of malware so devious in its use of unpatched vulnerabilities, so sophisticated in its multipronged approach, that the security researchers who tore it apart believe it may be the work of state-backed professionals"

MOUNTAIN VIEW, Calif. - August 4, 2010 - Symantec Corp. (Nasdaq: SYMC) today released the findings of its 2010 Information Management Health Check Survey, which highlights that a majority of enterprises are not following their own advice when it comes to information management. Eighty-seven percent of respondents believe in the value of a formal information retention plan, but only 46 percent actually have one. Survey results also found that too many enterprises save information indefinitely instead of implementing policies that allow them to confidently delete unimportant data or records, and therefore suffer from rampant storage growth, unsustainable backup windows, increased litigation risk and expensive and inefficient discovery processes.

As e-mail spam filters have become more sophisticated, fraudsters have turned to other socially engineered methods that prey on consumers' trust. The common use of mobile devices makes smishing an easy scheme. SMS/text-based banking, which is quickly growing to become a mainstream mobile banking service, is helping to set the stage for smishing, says Ray Spreier, chief information officer for Mid Oregon Federal Credit Union. The Bend-based credit union, with $140 million in assets, was one of the institutions targeted in August.

NDAA contains provisions that would reform the Federal Information Security Management Act of 2002. Hathaway said it would move the current security review standard from compliance to continuous monitoring. The proposed FISMA reform would also have an impact on the role of chief information officers or chief information security officers.

IBM has today launched compliance management software, helping businesses identify when PCs, laptops, servers, point-of-sale or virtualised devices are not in compliance with corporate policies. The launch resulted from the company's acquisition of BigFix, a systems and security management company, and has arrived just over a month from IBM first announcing its intent to acquire the technology. The BigFix Unified Management Software Platform can monitor up to 500,000 machines centrally. Organisations can see, change, enforce and report on security policies and system configurations in real time, even for devices not continuously connected to the network.

Visa's top 10 1. Perform background checks on new employees and contractors prior to hire. 2. Maintain an internal and external software security training and certification curriculum. 3. Follow a common software development lifecycle across payment applications. 4. Ensure newly released payment application versions are PA-DSS compliant. 5. Conduct application vulnerability detection tests and code reviews against common vulnerabilities and weaknesses prior to sale or distribution. 6. Actively identify payment application versions that store sensitive authentication data and/or retain critical security vulnerabilities, and notify all affected customers. 7. Maintain customer service level agreements stating that only PA-DSS compliant payment application versions will be sold and supported. 8. Implement an installer, integrator and reseller training and certification programme that enforces adequate data security processes when supporting customers. 9. Adhere to industry guidelines for data field encryption and tokenisation across payment applications that use these technologies. 10. Support capability of dynamic data solutions across payment applications.

Ahead of new security requirements, set to be applied in the next few weeks, Visa has released 10 commandments for vendors to follow to ensure their security best practices exceed basic compliance. The Payment Card Industry Security Standards Council (PCI-SSC) outlined proposed changes to payment card industry regulations two weeks ago. Visa has teamed up with the SANS Institute to develop a list of pointers for acquirers, merchants and agents.

WASHINGTON, D.D.-U.S. Senators Mark Pryor (D-AR) and John D. (Jay) Rockefeller IV (D-WV) today introduced legislation to require businesses and nonprofit organizations that store consumers' personal information to put in place strong security features to safeguard sensitive data, alert consumers when this data has been breached, and provide affected individuals with the tools they need to protect their credit and finances. Currently, there is no single federal standard for guarding many types of consumer information.

S.B. 1166 marks the third attempt by Senator Joe Simitian to amend the law in this manner. Both prior attempts were vetoed by the Governor Schwarzenegger. In addition to requiring notice to the State's Attorney General for certain breaches, his current effort would require notices stating: *a general description of the breach incident; *the type of information breached; *the date and time of the breach; *whether the notification was delayed because of a law enforcement investigation; and *a toll-free number of major credit reporting agencies if the breach exposed Social Security numbers, driver's license numbers, or state identification card numbers.