Skip to main content

Home/ WPPS C-Suite News/ Group items tagged Privacy

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
sandy ingram

Online Social Networking The Employer's Dilemma - 0 views

downloads.messagelabs.com/...alnetwoking_legal_A4_final.PDF

Whitepapers privacy security Social Networking employees employers wss_whitepaper_socialnetwoking_legal_a4_final

shared by sandy ingram on 28 Jan 09 - No Cached
  • sandy ingram on 28 Jan 09
     
    notifying employees of clear rules on what is acceptable and what is not, balancing the need to monitor with the employees' reasonable expectations of privacy and weighing the overall benefits of allowing personal usage against the risks of doing so, are all issues with which managers will be familiar.
  • ...2 more comments...
  • sandy ingram on 28 Jan 09
     
    Social networking sites can be both addictive and time-consuming, damaging employee productivity
  • sandy ingram on 28 Jan 09
     
    A more troublesome concern is the potential for damage to an employer's reputation or brand, if an employee makes derogatory comments about an employer, client or customer. Such comments then become easy to find via an online search and may be available for an unlimited time. Employers are also concerned about the potential loss of confidential information by an unguarded (or malicious) comment by an employee, then causing the company embarrassment, financial damage or possibly leaving them open to security risks such as identity fraud.
  • sandy ingram on 28 Jan 09
     
    For employers, the temptation to utilise sites such as Facebook and MySpace may also lead them into trouble. Some employers view the scanning of such sites for information on prospective employees as legitimate; others view it as distasteful and intrusive (the equivalent of rummaging through a candidate's personal items). Whatever the view, employers adopting this approach would do well to heed the warning of the TUC's guidance on online social networking. This guidance reminds employers that only a minority of potential staff will have a public profile on a social network, so using information from this source can give either an unfair advantage or disadvantage to certain candidates, as well as leaving the employer open to the accusation of discrimination.
  • sandy ingram on 28 Jan 09
     
    Employers have had to grapple with the issues raised by employee use of the Internet for some years and the rise of online social networking presents another challenge. There is no obvious conclusion here; employers will have to do what they consider to be correct in the light of their business concerns, their employee relations and their business culture. The dilemma posed by the heightened risks surrounding online social networking, whether to trust or restrict employees, does not lead to one "right" answer, but there is certainly a "wrong" answer. Given the ever-growing popularity of such sites and the potential consequences for employers of employee misuse, simply ignoring the issue can only lead to problems for the unwary employer.
sandy ingram

One Place Where Windows 8 Tablets Will Beat The iPad - 0 views

www.businessinsider.com/lets-will-beat-the-ipad-2012-2

windows tablets ipad workplace Privacy security

shared by sandy ingram on 21 Feb 12 - No Cached
  • sandy ingram on 21 Feb 12
     
    That's because they will help meet rising demand from employees to use a tablet at work, while still pleasing IT directors worried about security and management, and purchasing directors worried about cost.
sandy ingram

How long can CISO's avoid Cloud Computing? | CISO - 0 views

ciso.in/...567

security Privacy compliance Best Practice cloud computing workplace ipad tablets windows

shared by sandy ingram on 23 Feb 12 - No Cached
  • Network & Systems delivering the cloud service How does the authentication to access the network devices and operating system implemented? Does it use any two factor authentication? About the availability of the network and security infrastructure? does it implement load balancing or high availability solutions for the critical infrastructure components like firewalls, IPS, reverse proxies etc… Is the underlying cloud systems are secured? Do they have a baseline configuration implemented? How does the configuration managed? Does the cloud computing provider got a plan and/or policy to perform configuration management, patch management, anti-malware etc. Does the network undergoes periodic penetration testing? Does it undergo internal vulnerability assessment periodically? How is it ensuring that a compromised client with privileged access to the operating system is separated internally? Does it undergo periodic audits against standards like ISO27001, SAS70 etc? How is the customer data separated from one another? What are the security controls implemented to ensure this separation? What are the protection and response controls against the Denial of Service attacks?
  • Cloud Applications & Data Protection What are the security controls in the application development process? Does it include security code reviews of the code being developed or used? Is there a documented change and configuration management process? How does the application servers patched and what frequency? What are the mechanisms for managing the access control? How is the database protected from unauthorized access? How are they identifying the access reset requests are from the actual user. How do they create and delete/disable user accounts? what are the procedures for these activities. IS the data encrypted? If encrypted, how is the encryption keys are protected? What is key management process being followed? How is the data loss prevention ensured? Details of the DLP controls implemented? Is there a backup mechanism established? How is the data protected in the backups? Does the cloud service provider meets the regulatory requirements? For example, if the service is a ecommerce service then the cloud service could become part of the card holder environment and thus the PCI DSS regulation as there are potential card data being processed. Similarly, if the health information is processed, it can be HIPAA and similar other regulations. Is the cloud computing service provider meets the compliance requirements? Where is your data being hosted? Is it within your country or its jurisdiction? Is your organization comfortable with the legal system in the country where your data resides? How about cloud computing service provider who has a network of data centres across the globe and your data is scattered across these data centres? Can it limit the countries where the data is stored?
  • What are the conditions / scenarios where the data is revealed without the consent / approval of the organization? Does the application provide enough audit trials to review the incidents? Does it corporate with local legal system? Often the local law authorities require access to the processing computers, how is it support those requests?
  • ...1 more annotation...
  • Security Management What are the information security management policies and procedures implemented and documented? Are all employees required to undergo the security awareness training and acknowledge their acceptance to the policies and procedures at least annually? Is the cloud computing service provider has a dedicated information security professional? What are the network security capabilities established by the service provider? Are these personal technical qualified and certified? How is the insider threats within the cloud service provider being addressed? What is the background verification process being followed by the cloud service provider? Is there a privileged activity monitoring of systems and databases? How is the security incidents and violations are handled? Does it have a documented policy? How is the log integrity ensured? What are the mechanisms implemented to ensure that the logs cannot be altered and / or stopped. How long the logs are kept online and on the backup? What are the business continuity and disaster recovery capabilities of the cloud service provider? Many organization look at cloud as a BCM solution. Does the underlying cloud service provider is capable of delivering a BCM aware cloud service?
sandy ingram

McAfee Security Insights Blog » Blog Archive » Advanced Persistent Threat (APT) - 0 views

siblog.mcafee.com/...advanced-persistent-threat-apt

security privacy cybersecurity breach Fraud Best Practice mcafee Risk

shared by sandy ingram on 01 Jul 10 - Cached
  • APT is the new way attackers are breaking into systems.
  • APT is a sophisticated, mercurial way that advanced attackers can break into systems, not get caught, keeping long-term access to exfiltrate data at will. 
  • APT focuses on any organization, both government and non-government organizations.
  • ...11 more annotations...
  • While the threat is advanced once it gets into a network, the entry point with many attacks is focused on convincing a user to click on a link.
  • Advanced attacks are always changing, recompiling on the fly and utilizing encryption to avoid detection.
  • Advanced attacks are always changing, recompiling on the fly and utilizing encryption to avoid detection.
  • Today attacks are nonstop. The attackers are persistent and if an organization lets its guard down for any period of time, the chance of a compromise is very high.
  • Attackers want to take advantage of economy of scale and break into as many places as possible, as quickly as possible. 
  • Therefore the tool of choice of an attacker is automation. Automation is not only what causes the persistent nature of the threat, but it is also what allows attackers to break in very quickly.
  • Old school attacks were about giving the victim some visible indication of a compromise. Today it is all about not getting caught.
  • the problem with the APT is that it enters a network and looks just like legitimate traffic and users.
  • Based on the new threat vectors of the APT, the following are key things organizations can do to prevent against the threat:
  • APT is only going to increase in intensity over the next year, not go away.  Ignoring this problem just means there will be harm caused to your organization.
  • The ultimate way to make sure an organization is properly protected is to run simulated attacks (i.e. penetration testing, red teaming, ethical hacking) and see how vulnerable an organization is and, most importantly. how quickly you detected it.
  • sandy ingram on 01 Jul 10
     
    One of the main reasons organizations are broken into today is because they are fixing the wrong vulnerabilities. If you fix the threats of three years ago, you will lose. APT allows organizations to focus on the real threats that exist today. While APT is important, we need to clear the smoke and hype, focusing on why it is important and what it means to you. Instead of just using it as a buzz word, if we understand the core components of APT, we can use it to improve our security. In APT, threat drives the risk calculation. Only by understanding the offensive threat will an organization be able to fix the appropriate vulnerabilities.  What is APT?
sandy ingram

Complex Global Risks, Boardroom Demands to Challenge Risk Managers in 2010: Marsh | EON... - 0 views

eon.businesswire.com/...permalink

risks security privacy Compliance

shared by sandy ingram on 02 Jun 10 - Cached
  • “With the ever-increasing complexity of global exposures, successful risk management today depends on timely information, regulatory awareness, and thoughtful anticipation of the range of local and global scenarios,”
  • sandy ingram on 02 Jun 10
     
    Global risk managers are challenged by new boardroom demands of insurer security, balance sheet transparency, and heightened accountability.
sandy ingram

How Many Strikes Before a Risky Employee is Out? - 0 views

blogs.bankinfosecurity.com/posts.php

security privacy cybersecurity employees breach Fraud

shared by sandy ingram on 24 Jun 10 - No Cached
  • So what amount of grit does your institution have when it comes to backing up its security policies?
  • Think about your answer. It's not just jobs at stake here; it's the integrity and security of entire organizations.
  • sandy ingram on 24 Jun 10
     
    only 26 percent. This means another 74 percent of employees at those companies did something bad and didn't get fired.
sandy ingram

First HIPAA Settlement - Whose next? - 0 views

blog.absolute.com/first-hipaa-settlement

breach Privacy Security settlement hipaa

shared by sandy ingram on 29 Jul 10 - Cached
  • sandy ingram on 29 Jul 10
     
    As we previously mentioned, Connecticut Attorney General Richard Blumenthal filed the first HIPAA-related lawsuit. That lawsuit has now been settled, also a first. The settlement agreement [PDF] between the State of Connecticut and the defendants (Health Net) is the result of the loss of a computer disk drive that had unencrypted health information for 1.5 million health plans. Health Net, under the terms of the settlement, has agreed to pay $250,000 to the state of Connecticut, offer 2 years of credit monitoring to those affected, obtain identity theft insurance and reimburse those affected for security freezes. They will also be required to greatly improve their security measures.
sandy ingram

Extending Your Enterprise Risk Management Program #grc #smb - 0 views

www.brighttalk.com/21953

Best Practice security privacy grc Compliance risk goverance

shared by sandy ingram on 27 Jul 10 - Cached
  • sandy ingram on 27 Jul 10
     
    In today's economic climate, many organizations outsource parts of their business to take advantage of cost savings and solution-expertise. However, as vendor relationships increase, it becomes more difficult to manage them. The risks assumed by outsourcing can be significant without a vendor management program. According to the Ponemon Institute Study - 2009 Security Mega Trends, an average of 50.5% of organizations who outsourced sensitive and confidential data to third parties experienced a security incident or data breach as a result of outsourcing. In this 1-hour live webcast, Michael Rasmussen, President at Corporate Integrity, will share his insights on the importance of vendor management, as well as his recommendations of best practices for defining and executing an effective strategy. Chris Noell, EVP of Product management of TruArx, will then provide a brief overview of how GRC tools such as TruComply can automate key vendor management activities and enable these best practices. In this session, you will learn about: *The importance of vendor management and how it applies to your business *Best practices for defining and executing an effective vendor management strategy *How you can quickly and cost-effectively establish a mature vendor management program
sandy ingram

http://www.corporatecomplianceinsights.com/2009/risk-based-fcpa-compliance-assessments/ - 0 views

www.corporatecomplianceinsights.com/...ed-fcpa-compliance-assessments

Best Practice Privacy Security corporatecomplianceinsights cybersecurity Compliance Fraud

shared by sandy ingram on 01 Aug 10 - Cached
  • Companies lacking an anti-corruption compliance program face great legal, financial, and reputational risks. Government investigators will have no sympathy for those who fail to devote sufficient resources to compliance.
  • sandy ingram on 01 Aug 10
     
    "The Need for Risk-Based FCPA Compliance Assessments How To Deal With Increasing FCPA Risks In a Time of Shrinking Budgets In a time of dwindling funds, growing risks, and increased government targeting of companies that cut compliance budgets, a proper anti-corruption assessment is a vital first step in creating a cost-effective compliance program When a warning comes straight from the mouth of the U.S. Government's lead prosecutor in a field directly affecting their bottom line, it is wise for businesses to pay heed. In an interview earlier this year with PBS's investigative journal, "Frontline," Mark Mendelsohn, the Deputy Chief of the U.S. Department of Justice's Fraud Section, which is charged with enforcing the Foreign Corrupt Practices Act ("FCPA"), offered advice to all American businesses dealing with the current global recession. "I think that companies need to be especially vigilant in this economic climate to not cut back [on FCPA compliance]," Mendelsohn said. "Our law enforcement efforts are not going to be scaled back, and so it would be, I think, a grave mistake for a company to take that path.""
sandy ingram

17 Steps to Cloud Migration -- Federal Computer Week - 0 views

fcw.com/...17-steps-to-the-cloud.aspx

Best Practice cloud CEO Privacy Security compliance cybersecurity

shared by sandy ingram on 17 Aug 10 - Cached
  • “The trick is to determine which services, information, and processes are good candidates to reside in the Clouds, as well as which Cloud services should be abstracted within the existing or emerging SOA,” Linthicum said.
  • Do Your Homework Linthicum says to start with your Architecture and make sure you understand your organization’s business drivers, information already under management, existing services under management and your core business processes.
  • In that way you can begin to look where Cloud Computing is a fit according to Linthicum. You can look to migrate to the Cloud when:*The processes, applications, and data are largely independent.*The points of integration are well defined.*A lower level of security will work just fine. *The core internal enterprise architecture is healthy.*The Web is the desired platform.*Cost is an issue.*The applications are new.
  • ...6 more annotations...
  • not all computing resources should exist in the Clouds and that Cloud is not always cost effective. It shows you need to do your homework before making any move. So, Cloud may not be a fit when the opposite conditions exist:*The processes, applications, and data are largely coupled.*The points of integration are not well defined.*A high level of security is required. *The core internal enterprise architecture needs work.*The application requires a native interface.*The cost is an issue.*The application is legacy.
  • external Cloud services should function like any other enterprise application or infrastructure resource and Cloud resources should appear native.
  • It goes without saying that as with any purchase, you should evaluate Cloud providers using similar validation patterns as you do with new and existing Data Center resources. You know there is going to be hype, but Cloud is not rocket science. If you feel you need to, hire a consultant as a trusted advisor.
  • CSC’s Yogesh Khanna told Summit attendees to embrace the business models that Clouds offer. Security barriers are all addressable not only through technology but also through policies. 
  • Be wary of the fact that there are a lot of Clouds out there. Some of the Public Clouds (e.g. Google’s or SalesForce.com) are proprietary in nature. Because this landscape is changing so fast, it is very important to maintain a level of flexibility and don’t fall prey to “vendor lock-in”.
  • “Look for some level of transparency that allows you to be certain exactly where your data is and who is seeing it,” said Khanna. “Have the flexibility to see where your data is at any given point and be able to monitor the health of the Cloud that’s delivering those services to you.”
  • sandy ingram on 17 Aug 10
     
    What the government IT manager needs when getting ready to embark on their migration to the Cloud is a good template; one that defines a proven roadmap to follow.What Cloud Computing Summit attendees learned (and now you) is that help is on the way. Cloud and SOA expert Dave Linthicum has developed a step-by-step plan to help you scale the heights. He goes through them meticulously in his new book Cloud Computing and SOA Convergence In Your Enterprise: A Step-by-Step Guide. At the Summit, Linthicum outlined the plan. Afterwards he told 1105 Custom Media you can consider Cloud Computing the extension of SOA out to Cloud-delivered resources, such as storage-as-a-service, data-as-a-service, and platform-as-a-service.
sandy ingram

Survey Finds Gap in Attitudes Between the Cloud "Haves" and "Have-Nots" - ReadWriteCloud - 0 views

www.readwriteweb.com/...vey-finds-gap-in-attitudes.php

Security Privacy cybersecurity compliance cloud marketing

shared by sandy ingram on 24 Aug 10 - Cached
  • This post is part of our ReadWriteCloud channel, which is dedicated to covering virtualization and cloud computing. The channel is sponsored by Intel and VMware.
  • London-based communications SaaS provider Mimecast has announced the results of its second annual Cloud Adoption Survey. The survey, conducted by independent research firm Loudhouse, assessed the attitudes of IT decision-makers in the U.S. and UK about cloud computing
  • The majority of organizations now use some cloud-based services. The report found 51% are now using at least one cloud-based application. Adoption rates for U.S. businesses are slightly ahead of the UK with 56% of respondents using at least one cloud-based application, compared to 50% in the UK
  • ...7 more annotations...
  • Two thirds of businesses are considering adopting cloud computing. 66% of businesses say they are considering adopting cloud-based services in the future, with once again, U.S. businesses leaning more towards adoption than their UK peers (70% of U.S. businesses, and 50% of UK ones).
  • Email, security, and storage are the most popular cloud services. 62% of the organizations that use cloud computing are using a cloud-based email application. Email services are most popular with mid-size businesses (250-1000 employees) with 70% of organizations this size using the cloud for email. Smaller businesses (under 250 employees) are most likely to use the cloud for security services, and larger enterprises (over 1000 employees) most likely to opt for cloud storage services.
  • Existing cloud users are satisfied. Security is not considered to be an issue by existing cloud users: 57% say that moving data to the cloud has resulted in better security, with 58% saying it has given them better control of their data. 73% say it has reduced the cost of their IT infrastructure and 74% believe the cloud has alleviated the internal resource pressures.
  • Security fears are still a barrier. 62% of respondents believe that storing data on servers outside of the business is a significant security risk. Interestingly, this number was higher for users of cloud applications than it was for non-users (only 59% of non-users thought it was risky, while 67% of users did.)
  • Some think the benefits of the cloud may be overstated.54% of respondents said the potential benefits of the cloud are overstated by the IT industry, and 58% indicated they believed that replacing legacy IT solutions will almost always cost more than the benefits of new IT.
  • "The research shows that there is a clear divide within the IT industry on the issue of cloud computing," says Mimecast CEO and co-founder Peter Bauer. "While those organisations that have embraced cloud services are clearly reaping the rewards, there are still a number who are put off by the 'cloud myths' around data security and the cost of replacing legacy IT
  • It is now up to cloud vendors to educate businesses and end users to ensure that these concerns do not overshadow the huge potential cost, security and performance benefits that cloud computing can bring."
  • sandy ingram on 24 Aug 10
     
    Existing cloud users are satisfied. Security is not considered to be an issue
sandy ingram

United States, Litigation, Mediation & Arbitration, Didn't See That Coming? Why Many Em... - 0 views

www.mondaq.com/...article.asp

Privacy Security CEO employees Fraud

shared by sandy ingram on 04 Aug 10 - Cached
  • Daniels Midland employee who embezzled millions, to the bookkeeper in Maine who took thousands from the church's coffers. The current rough economy and easy access to sophisticated technology are potent ingredients for creating the perfect storm for organizational fraud.
  • Enabling technologies like sophisticated color printers, remote access to linked computers, and data-capturing viruses have played a significant role in how employees can commit and conceal fraud. Even without accessible technology, the lack of segregation of duties and "less paper" (making for fewer paper trails) in the working environment make it easier for employees to commit fraud.
  • While technology and the economy may facilitate fraud, it is an employee's motivation and opportunity that are the most important elements in understanding fraud risk. Motivation (also known as incentives or pressures), opportunity, and rationalization of the fraudulent behavior are the three critical elements necessary for fraud to occur
  • ...9 more annotations...
  • UNDERSTANDING THE ELEMENTS OF FRAUD
  • Incentives/pressures
  • Opportunity
  • Rationalization
  • Opportunity
  • Using the Fraud Triangle Theory gives us a means to understanding and deterring fraud by identifying and mitigating the elements necessary to enable fraud. Removing weak internal control systems and replacing them with stronger systems, observing employee behavior, and modeling behavior from the top down, can reduce a company's fraud risk tremendously.
  • Opportunity
  • Rationalization is the final component of the 3
  • Opportunity is the one area that an employer can best control
  • sandy ingram on 04 Aug 10
     
    "Didn't See That Coming? Why Many Employers are Vulnerable to Employee Fraud"
sandy ingram

SurveyHigh storage costs, long backup windows, litigation risk and inefficient eDiscove... - 0 views

www.symantec.com/...article.jsp

Best Practice e-discovery Privacy Security

shared by sandy ingram on 13 Sep 10 - No Cached
  • Enterprises are retaining far too much information. Seventy-five percent of backup storage consists of infinite retention or legal hold backup sets. Respondents also stated that 25 percent of the data they back up is not needed for business or should not be kept in a backup.
  • Enterprises are misusing backup, recovery and archiving practices. Seventy percent of enterprises use their backup software to implement legal holds and 25 percent preserve the entire backup set indefinitely. Respondents said 45 percent of backup storage comes from legal holds alone
  • Differences in how IT and legal respondents cited top issues for lack of an information retention plan Forty-one percent of IT administrators don’t see a need for a plan, 30 percent said no one is chartered with that responsibility, and 29 percent cited cost.
  • ...5 more annotations...
  • Storage costs are skyrocketing as over retention has created an environment where it is now 1,500 times more expensive to review data than it is to store it,
  • Backup is not an archive, and it is not recommended to use backup for archiving and legal holds
  • Enterprises should also develop and enforce information retention policies (what can and cannot be deleted, and when) automatically. Automated, policy-driven deletion creates less risk than ad-hoc, manual deletion.
  • Paper policies that are not executed can be a litigation risk.
  • Enterprises should deploy data loss prevention technologies to measurably reduce their risk of data breaches, demonstrate regulatory compliance and safeguard their customers, brand and intellectual property.
  • sandy ingram on 13 Sep 10
     
    MOUNTAIN VIEW, Calif. - August 4, 2010 - Symantec Corp. (Nasdaq: SYMC) today released the findings of its 2010 Information Management Health Check Survey, which highlights that a majority of enterprises are not following their own advice when it comes to information management. Eighty-seven percent of respondents believe in the value of a formal information retention plan, but only 46 percent actually have one. Survey results also found that too many enterprises save information indefinitely instead of implementing policies that allow them to confidently delete unimportant data or records, and therefore suffer from rampant storage growth, unsustainable backup windows, increased litigation risk and expensive and inefficient discovery processes.
sandy ingram

Employee fined $1.1 million for erasing computer files - 0 views

www.chicagotribune.com/...-law-20101019,0,2539720.column

Security Privacy Fraud employees

shared by sandy ingram on 21 Oct 10 - No Cached
  • sandy ingram on 21 Oct 10
     
    "A former executive of hedge fund manager Citadel Investment Group LLC recently gave about $1.1 million to two Chicago charities, but the payments were not an act of good will. The money was actually a fine that a Cook County judge ordered Mikhail "Misha" Malyshev to pay for violating a previous court ruling to preserve documents in a lawsuit. In July 2009, Citadel had sued him for breaking a contractual promise not to compete with the hedge fund."
sandy ingram

Spreadsheets are inadequate for risk and compliance assessment questionaires | OCEG - 0 views

oceg.org/...iance-assessment-questionaires

Security Privacy grc compliance audit assessment

shared by sandy ingram on 07 Oct 10 - No Cached
  • It gets worse . . . auditors and legal can step in and cry 'foul.' It is difficult to provide non-repudiation within spreadsheets in a scalable context. Basically, one can not go back and truly state that "this person answered this compliance (a legal process) on this date and time, and we know this is the original answer and it has not been modified." Spreadsheets do not have this level of authentication, access control and audit trail. GRC processes require a robust audit trail so that you know who answered a question and if that answer was modified - spreadsheets do not provide the functionality to cover this.
  • To replace spreadsheets I would look towards governance, risk, and compliance (GRC) management platforms. Vendors in this space include Archer Technologies, Axentis, BWise, MEGA, MetricStream, OpenPages, Paisley, and QUMAS. These vendors, and many more, have integrated content and workflow technologies to manage GRC assessment processes. They are a much better choice over the use of spreadsheets for GRC processes.
  • sandy ingram on 07 Oct 10
     
    Spreadsheets are a thorn in the flesh of risk and compliance. I have seen organizations with upwards of 40,000 spreadsheets collected for different risk and compliance issues (e.g., SOX, Basel II, Ethics), as control questionnaires are sent to nearly everyone in the organization. The questionnaires come back and the compliance team scratches their heads and says Now what? How do we manage and report on this data?
sandy ingram

DoD, DHS to align cybersecurity capabilities - 0 views

www.scmagazineus.com/...180992

dod dhs cybersecurity Security Privacy compliance

shared by sandy ingram on 14 Oct 10 - No Cached
  • The new partnership appears to be part of an effort to move past previous agency turf wars. Last March, for example, Rod Beckstrom resigned from his position as director of the DHS' National Cyber Security Center, citing insufficient funding and support. In his letter of resignation to Napolitano, Beckstrom said the DHS's cybersecurity efforts are "controlled" by the NSA. Meanwhile, it is not uncommon for government departments and agencies to enter into formal agreements to work together on certain issues and to “swap” employees to improve synchronization, Marcus Sachs, director of the SANS Internet Storm Center, told SCMagazineUS.com on Thursday. This agreement is particularly important because the DoD and DHS have a joint mission to protect the United States in cyberspace, he said.
  • sandy ingram on 14 Oct 10
     
    The U.S. Department of Defense (DoD) and the Department of Homeland Security (DHS) announced plans Tuesday to streamline their cybersecurity capabilities to better protect the nation's networks. Late last month, Secretary of Homeland Security Janet Napolitano and Secretary of Defense Robert Gates signed an agreement that formalizes processes for the two agencies to work together to protect U.S. networks and critical infrastructure. The agreement outlines a framework whereby the agencies will provide cybersecurity support to one another, and was intended to improve collaboration as the two departments carry out their respective cybersecurity missions.
sandy ingram

Outgunned: How Security Tech Is Failing Us -- InformationWeek - 0 views

www.informationweek.com/...showArticle.jhtml

Security Privacy compliance cybersecurity Best Practice

shared by sandy ingram on 11 Oct 10 - No Cached
  • Thing is, the pitch is less believable these days, and the atmosphere is becoming downright hostile. We face more and larger breaches, increased costs, more advanced adversaries, and a growing number of public control failures.
  • -U.S. businesses continue to hemorrhage credit card numbers and personally identifiable information. The tab for the Heartland Payment Systems breach, which compromised 130 million card numbers, is reportedly at $144 million and counting. The Stuxnet worm, a cunning and highly targeted piece of cyberweaponry, just left a trail of tens of thousands of infected PCs. Earlier this month, the FBI announced the arrest of individuals who used the Zeus Trojan to pilfer $70 million from U.S. banks. Zeus is in year three of its reign of terror, impervious to law enforcement, government agencies, and the sophisticated information security teams of the largest financial services firms on the planet.
  • sandy ingram on 11 Oct 10
     
    Information security professionals face mounting threats, hoping some mix of technology, education, and hard work will keep their companies and organizations safe. But lately, the specter of failure is looming larger. "Pay no attention to the exploit behind the curtain" is the message from product vendors as they roll out the next iteration of their all-powerful, dynamically updating, self-defending, threat-intelligent, risk-mitigating, compliance-ensuring, nth-generation security technologies. Just pony up the money and the manpower and you'll be safe from what goes bump in the night.
sandy ingram

IT worker gets prison after stealing data for online surveys - 0 views

www.computerworld.com/...ealing_data_for_online_surveys

Privacy Security Fraud employees identity theft medical

shared by sandy ingram on 02 Nov 10 - No Cached
  • Between January and April of this year, Giang filled out 382 surveys before the company that was paying for them, StayWell, figured out what was going on. StayWell had been offering UC employees the gift vouchers as incentives to fill out health surveys, but it grew wise to the scam.
  • Giang only used part of the Social Security numbers of his co-workers while filling out the survey, his lawyer states in a sentencing memorandum. "Mr Giang never intended to steal their identity, and other than losing the opportunity to participate in StayWell's marketing surveys, the victims did not lose anything," says the Oct. 20 memorandum asking the judge for probation instead of jail time.
  • sandy ingram on 02 Nov 10
     
    A former IT staffer has been sentenced to a year and a day in prison for stealing sensitive information belonging to his co-workers and using the data to make money filling out online health surveys. Cam Giang, 31, was fired from the University of California San Francisco Medical Center earlier this year after investigators discovered that he'd been using the names, birthdays and Social Security numbers of other UCSF employees to fill out hundreds of online surveys. The point was to collect online vouchers, worth US$100 each.
sandy ingram

"Anyone can EASILY get online and steal passwords" - 0 views

www.itpro.co.uk/...-proves-password-theft-is-easy

Privacy Security compliance cybersecurity breach

shared by sandy ingram on 02 Nov 10 - No Cached
  • During the hack, he set up his own wireless hotspot, which he simply called BT Openzone. As delegates used the wireless service, Hart was able to get hold of whatever usernames and passwords were being typed into web applications, just by using an easily downloadable password recovery tool called Cain & Abel.
  • When Hart and his team tested out the method across cafes in the UK, 100 per cent of web browsers in the various establishments used the fake BT Openzone service.
  • “That’s how easy it is, it is instant,” said Hart.
  • ...1 more annotation...
  • “People believe passwords are secure, but if someone has got your password you won’t know about it.”
  • sandy ingram on 02 Nov 10
     
    This was the message during a live hack coordinated this morning by Jason Hart, senior vice president in Europe for two-factor authenticaton provider CRYPTOCard.
‹ Previous 21 - 40 of 95 Next › Last »
Showing 20 items per page