Skip to main content

Home/ WPPS C-Suite News/ Group items tagged attack

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
sandy ingram

Infosecurity (USA) - Passwords becoming risky form of enterprise authentication - 0 views

www.infosecurity-us.com/...m-of-enterprise-authentication

compliance security infosecurity passwords Best Practice

shared by sandy ingram on 04 Feb 11 - No Cached
  • “The fact that passwords remain the cornerstone of enterprise authentication represents a significant and increasing risk. The vulnerability of password-based authentication is widely recognized: From the earliest phishing attacks to the most sophisticated spyware, passwords still represent one of the most common methods hackers target and use to access corporate systems and sensitive data”, the study observed.The way to reduce the costs of lost passwords and the increased vulnerability of similar user passwords is through the use of strong multi-factor authentication, explained Chatterjee. For example, two-factor authentication involves the use of something the user remembers, such as a password, and something the user has, like a token.
  • This approach increases security because a hacker needs both to gain access to a system or account; figuring out the password is not enough. It also reduces the need for users to have multiple, complex passwords. The system's two factors provide the complexity from a security point of view, he explained. Chatterjee used the example of a bank ATM card, which requires the use of the card along with the password for the user to gain access to his or her account.
  • With the two-factor authentication, users do not need to have complex passwords that change frequently. This reduces the burden on the employees as well as on the help desk, he noted.
  • sandy ingram on 04 Feb 11
     
    "30% to 50% of help desk calls relate to forgotten passwords"
sandy ingram

Infosecurity (USA) - White House cybersecurity proposal shifts FISMA responsibility to DHS - 0 views

www.infosecurity-us.com/...ts-fisma-responsibility-to-dhs

security Privacy compliance FISMA DHS Best Practice

shared by sandy ingram on 07 Jun 11 - No Cached
  • This would in effect shift FISMA implementation responsibility away from the Office of Management and Budget (OMB) and the National Institute for Standards and Technology (NIST) to DHS, “where the knowledge of attacks informs the defense”, Paller said.
  • “DHS has already demonstrated that they are focusing on the critical controls....They are focusing on effectiveness measures, rather than make work”
  • The proposal would also expand the DHS authority over cybersecurity of private networks, particularly critical infrastructure. DHS would have the authority to develop and conduct risk assessments of private sector critical infrastructure systems and share information with the private sector about threats and best practices.
  • ...5 more annotations...
  • “This brings the same rationality to offense informing defense. Instead of telling people that they have to have a good security plan, what DHS’s role will be is to demonstrate what best practices are and make sure people are measuring against those best practices”, Paller said.
  • The White House proposal would also create a national data breach notification requirement standardizing various state laws
  • “The administration's proposal would protect individuals by requiring businesses to notify consumers if personal information is compromised, and clarifies penalties for computer crimes including mandatory minimums for critical infrastructure intrusions.
  • The proposal would improve critical infrastructure protection by bolstering public-private partnerships with improved authority for the federal government to provide voluntary assistance to companies and increase information sharing.
  • It also would protect federal government networks by formalizing management roles, improving recruitment of cybersecurity professionals, and safeguarding the nation's access to cost-effective data storage solutions.”
  • sandy ingram on 07 Jun 11
     
    The White House proposal, which is a comprehensive cybersecurity plan, includes a provision directing the Department of Homeland Security (DHS) "to exercise primary responsibility within the executive branch for information security. This includes implementation of information security policies and directives and compliance" with FISMA, except for national security systems.
sandy ingram

Heartland CEO says data breach was 'devastating' - 0 views

www.computerworld.com/...article.do

shared by sandy ingram on 18 Jun 09 - No Cached
  • Heartland handed out a USB drive containing the malicious code that it had discovered on its networks as a sign of its willingness to share details of the attack with others in the industry
  • The efforts have been noticed. Though Heartland still faces a flurry of lawsuits, and potentially big fines from card companies, customer attrition has been minimal, and so too has the damage to the company's reputation within the industry.
  • sandy ingram on 18 Jun 09
     
    Heartland Payment Systems chief executive Robert Carr remembers what it felt like when he first heard about the massive data breach at his company earlier this year. "I wanted to throw up. It was devastating," says Carr, recalling how he felt upon realizing that one of his worst fears had come true. "People had asked me for years 'what keeps you awake at night' and I would keep telling them it was the fear of a data breach,"
sandy ingram

forbes: The Hidden Cost of Privacy - 0 views

www.forbes.com/...ch-hidden-cost-of-privacy.html

Privacy Security Cost Forbes

shared by sandy ingram on 30 May 09 - No Cached
  • Special interest groups and lawyers claim they are defenders of individual privacy. But all that red tape is causing more harm to consumers than good.
  • In a world of tight budgets and sacrificed programs, one sector has continued to grow with the speed and choking effectiveness of kudzu: regulations around privacy.More than 300 privacy-related laws are on the books, in both Washington, D.C. and state capitals. Privacy-related consulting services provided by law and accounting firms are a $500-million-a-year business and have been growing at double digits.
  • In other instances, the American approach to privacy occasionally produces too much of it, notably when it comes to medical research. Federal privacy laws involving health records are often so stringently interpreted by bureaucrats that studies involving life-threatening diseases have had to be scaled back or canceled. A pioneering, decades-long study of strokes and heart attacks shut down this year when researchers weren't able to get the necessary patient-consent forms signed.
  • ...2 more annotations...
  • A recent report from the Institute of Medicine says privacy laws have created a crisis for U.S. researchers. Lawrence O. Gostin, the Georgetown University law professor who presided over the study, complains that the consent forms that are a centerpiece of many laws don't even do a good job in protecting medical privacy. "Patients don't understand what they are signing," he says.
  • Lawyers who spend their workdays preparing privacy-related notices freely admit that scarcely anyone reads them. The yearly privacy updates from banks required by the 1999 Gramm-Leach-Bliley Act are commonly cited as especially useless; no less an authority than Ralph Nader says the mailings are among the biggest wastes of paper in human history."Whenever I am speaking, I ask the audience if anyone has ever made use of one of those forms," says Kirk J. Nahra, an attorney with Wiley Rein in Washington, D.C. "If even one person raises their hand, I am amazed."
  • sandy ingram on 30 May 09
     
    Special interest groups and lawyers claim they are defenders of individual privacy. But all that red tape is causing more harm to consumers than good.
sandy ingram

CEOs underestimate security risks, survey finds - 0 views

www.computerworld.com/...te_security_risks_survey_finds

Best Practice privacy security CEO Ponemon suvey

shared by sandy ingram on 18 Jul 09 - No Cached
  • Computerworld - Compared to other key corporate executives, CEOs appear to underestimate the IT security risks faced by their own organizations, according to a survey of C-level executives released today by the Ponemon Institute.
  • of 213 CEOs, CIOs, COOs and other senior executives reveals what appears to be a perception gap between CEOs and other senior managers concerning information security issues.
  • 48% of CEOs surveyed said they believe hackers rarely try to access corporate data
  • ...5 more annotations...
  • On the other hand, some 53% of other C-level executives believe that their company's data is under attack on a daily or even hourly basis.
  • The survey also found that the top executives were less aware of specific security incidents at their companies than other C-level executives and are more confident that data breaches can be easily avoided.
  • CEOs and other top managers differed in their opinion of who is responsible for protecting corporate data.
  • While eight out of 10 respondents said they believe there is one person responsible for data protection in their organization, there was a sharp difference of opinion on just who that person was.
  • More than half of the CEOs said that CIOs are responsible for protecting data at their companies; only 24% of other senior managers felt the same way
  • sandy ingram on 18 Jul 09
     
    Computerworld - Compared to other key corporate executives, CEOs appear to underestimate the IT security risks faced by their own organizations, according to a survey of C-level executives released today by the Ponemon Institute.
sandy ingram

Study Finds U.S. Small Businesses Lack Cybersecurity Awareness and Policies | Reuters - 0 views

www.reuters.com/...144244+27-Oct-2009+PRN20091027

privacy security Fraud employees Cybersecurity

shared by sandy ingram on 29 Oct 09 - Cached
  • Small business owners' cybersecurity policies and actions are not adequate enough to ensure the safety of their employees, intellectual property and customer data, according to the 2009 National Small Business Cybersecurity Study. The study, co-sponsored by the National Cyber Security Alliance (NCSA) and Symantec [Nasdaq: SYMC], as part of this year's National Cyber Security Awareness Month, surveyed nearly 1,500 small business owners across the United States about their cybersecurity awareness policies and practices.
  • The survey shows discrepancies between needs and actions regarding security policies and employee education on security best practices.
  • The study found that while more than 9 in 10 small businesses said they believe they are safe from malware and viruses based on the security practices they have in place, only 53 percent of firms check their computers on a weekly basis to ensure that anti-virus, anti-spyware, firewalls and operating systems are up-to-date and 11 percent never check them.
  • ...7 more annotations...
  • "The 20 million small businesses in the U.S. are a critical part of the nation's economy. While small business owners may understandably be focused on growing their business and the bottom line, it is imperative to understand that a cybersecurity incident can be disruptive and expensive,"
  • small businesses seem out of sync with some Internet security risks. 75 percent of small businesses said that they use the Internet to communicate with customers yet only 6 percent fear the loss of customer data and only 42 percent believe that their customers are concerned about the IT security of their business.
  • Laptops, PDAs and wireless networks are great conveniences to businesses, yet they carry with them an added responsibility to ensure the data is secure. Today, more than 66 percent of employees take computers or PDAs containing sensitive information off-site.
  • Wireless networks are gateways for hackers and cyber criminals and must be secured by complex passwords
  • "Security threats are becoming more complex and employees of small businesses are increasingly the target of attacks that expose their organizations to data loss,"
  • "Security awareness and education, combined with a comprehensive security solution, can empower small businesses and their employees to protect themselves and their information."
  • The demographic makeup of the small business polled
  • sandy ingram on 29 Oct 09
     
    "Small business owners' cybersecurity policies and actions are not adequate enough to ensure the safety of their employees, intellectual property and customer data, according to the 2009 National Small Business Cybersecurity Study. The study, co-sponsored by the National Cyber Security Alliance (NCSA) and Symantec [Nasdaq: SYMC], as part of this year's National Cyber Security Awareness Month, surveyed nearly 1,500 small business owners across the United States about their cybersecurity awareness policies and practices."
‹ Previous 21 - 26 of 26
Showing 20 items per page