Skip to main content

Home/ WPPS C-Suite News/ Group items tagged group

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
sandy ingram

Futureofprivacy.org - Group hopes to shape nation's privacy policy - 0 views

www.sfgate.com/...article.cgi

att privacy experts

shared by sandy ingram on 17 Nov 08 - Cached
  • Businesses, regulators and consumers are all confused about online privacy, yet technology keeps advancing, said the group's other co-founder, Christopher Wolf, who chairs the Privacy and Data Security Practice Group for Washington law firm Proskauer Rose LLP.
  • sandy ingram on 17 Nov 08
     
    Group hopes to shape nation's privacy policy
sandy ingram

Facebook Timeline Violates FTC Settlement, Says One Privacy Group | WebProNews - 0 views

www.webpronews.com/says-one-privacy-group-2012-01

facebook timeline settlement ftc privacy group

shared by sandy ingram on 06 Jan 12 - No Cached
  • Having just reached a settlement with the Commission in which the company is required “to take several steps to make sure it lives up to its promise in the future, including giving consumers clear and prominent notice and obtaining consumers’ express consent before their information is shared beyond the privacy settings they have established,” Facebook is changing the privacy setting of its users in a way that gives the company far greater ability to disclose their personal information than in the past. With Timeline, Facebook has once again taken control over the user’s data from the user and has now made information that was essentially archived and inaccessible widely available without the consent of the user.
  • The impetus is on the user to edit their privacy settings in order to tweak their Timeline to only show stuff that they want it to show.
  • EPIC goes on to argue that since Timeline contains new categories like “Health and Wellness,” it is ripe to be used by companies mining for medical data
  • ...1 more annotation...
  • They argue that the Timeline makes it “a heck of a lot easier for computer criminals to unearth personal details that can be used to craft attacks.”
  • sandy ingram on 06 Jan 12
     
    The settlement said that Facebook must be more forthright with its members and make sure that any changes that they make concerning privacy must be clearly and prominently spelled out.
sandy ingram

forbes: The Hidden Cost of Privacy - 0 views

www.forbes.com/...ch-hidden-cost-of-privacy.html

Privacy Security Cost Forbes

shared by sandy ingram on 30 May 09 - No Cached
  • Special interest groups and lawyers claim they are defenders of individual privacy. But all that red tape is causing more harm to consumers than good.
  • In a world of tight budgets and sacrificed programs, one sector has continued to grow with the speed and choking effectiveness of kudzu: regulations around privacy.More than 300 privacy-related laws are on the books, in both Washington, D.C. and state capitals. Privacy-related consulting services provided by law and accounting firms are a $500-million-a-year business and have been growing at double digits.
  • In other instances, the American approach to privacy occasionally produces too much of it, notably when it comes to medical research. Federal privacy laws involving health records are often so stringently interpreted by bureaucrats that studies involving life-threatening diseases have had to be scaled back or canceled. A pioneering, decades-long study of strokes and heart attacks shut down this year when researchers weren't able to get the necessary patient-consent forms signed.
  • ...2 more annotations...
  • A recent report from the Institute of Medicine says privacy laws have created a crisis for U.S. researchers. Lawrence O. Gostin, the Georgetown University law professor who presided over the study, complains that the consent forms that are a centerpiece of many laws don't even do a good job in protecting medical privacy. "Patients don't understand what they are signing," he says.
  • Lawyers who spend their workdays preparing privacy-related notices freely admit that scarcely anyone reads them. The yearly privacy updates from banks required by the 1999 Gramm-Leach-Bliley Act are commonly cited as especially useless; no less an authority than Ralph Nader says the mailings are among the biggest wastes of paper in human history."Whenever I am speaking, I ask the audience if anyone has ever made use of one of those forms," says Kirk J. Nahra, an attorney with Wiley Rein in Washington, D.C. "If even one person raises their hand, I am amazed."
  • sandy ingram on 30 May 09
     
    Special interest groups and lawyers claim they are defenders of individual privacy. But all that red tape is causing more harm to consumers than good.
sandy ingram

Are you ready for a data breach? | Healthcare IT News - 0 views

www.healthcareitnews.com/...are-you-ready-data-breach

data breach HITECH DHS Risk Assessment Compliance

shared by sandy ingram on 23 Jun 10 - Cached
  • sandy ingram on 23 Jun 10
     
    The handling of data breach incidents has become a way of life for healthcare providers and with other HIPAA covered entities. With the passage of the HITECH Act last year, there are now substantial penalties that can be levied, up to $1.5 million. This fact, combined with a requirement to notify the Department of Health and Human Services as well as the media for data breach incidents that affect over 500 individuals has, for the first time, resulted in public records being kept for such incidents. If you oversee privacy, compliance, or IT for a hospital system, a group practice, a health insurance company, other covered entities, or even one of their business associates, the HITECH Act and its privacy and data breach provisions require your close attention. While many people know that HITECH generally creates requirements for data breach notification, there are at least four things you may not know about HITECH that you really should: The requirement for a mandatory incident-specific risk assessment for every incident The fact that HITECH notification provisions do not pre-empt state notification laws Encryption of data does not necessarily alleviate the risk of data breach If your business associate exposes your protected health information (PHI), you are responsible
sandy ingram

Employee fined $1.1 million for erasing computer files - 0 views

www.chicagotribune.com/...-law-20101019,0,2539720.column

Security Privacy Fraud employees

shared by sandy ingram on 21 Oct 10 - No Cached
  • sandy ingram on 21 Oct 10
     
    "A former executive of hedge fund manager Citadel Investment Group LLC recently gave about $1.1 million to two Chicago charities, but the payments were not an act of good will. The money was actually a fine that a Cook County judge ordered Mikhail "Misha" Malyshev to pay for violating a previous court ruling to preserve documents in a lawsuit. In July 2009, Citadel had sued him for breaking a contractual promise not to compete with the hedge fund."
sandy ingram

Study: Cloud Cuts Carbon Emissions: Companies running applications in the cloud can red... - 0 views

www.microsoft.com/...11-04cloudcutscarbon.mspx

cloud study carbon emissons

shared by sandy ingram on 09 Nov 10 - No Cached
  • “The IT industry had this nagging question – as more and more services move to the cloud, do they consume more or less energy?” Bernard said. “This study found that you can migrate existing infrastructure to the cloud and see not only growth in productivity but a reduction in energy consumption for those services.”
  • The study was aimed at understanding how the cloud performs differently from an on-premises environment, said Josh Whitney, corporate sustainability strategy lead with WSP. Using a methodology aligned to the Global eSustainability Initiative (GeSI) standards, Accenture and WSP compared the energy use and carbon emissions per user for Exchange Server 2007, SharePoint Server 2007, and Microsoft Dynamics CRM with their cloud-based equivalents: Exchange Online, SharePoint Online and Microsoft Dynamics CRM Online. The results suggest that for widely deployed and commonly used applications such as e-mail, content sharing and customer relationship management, the cloud can enable significant reduction in carbon emissions.
  • “The findings are actually pretty impressive,” Whitney said. “I think this study provides further reinforcement of the benefits of the cloud beyond the bottom line. It provides one of the first quantitative and measurable analyses of the impact that cloud computing can have directly compared to a traditional deployment of IT within a company.”
  • ...2 more annotations...
  • The study pointed to several other factors that drove down emissions and consumption, including the fact that datacenters operate servers at much higher utilization rates and are physically constructed to reduce power loss.
  • Mike Ehrenberg, a technical fellow and chief architect for Microsoft Dynamics, said the study’s findings should reinforce for customers the benefits of moving to the cloud.
  • sandy ingram on 09 Nov 10
     
    "A new study released today found that companies running applications in the cloud can reduce their carbon emissions by 30 percent or more compared with running those same applications in their own infrastructure. The study, "Cloud Computing and Sustainability: The Environmental Benefits of Moving to the Cloud," was commissioned by Microsoft and conducted by Accenture, a global management consulting, technology consulting and technology outsourcing company, and WSP Environment & Energy, an environmental consulting group. "
sandy ingram

Smaller companies challenged to comply with Massachusetts' data privacy rules - Mass Hi... - 0 views

www.masshightech.com/...usetts-data-privacy-rules.html

compliance Privacy Security Massachusetts proofpoint

shared by sandy ingram on 10 Nov 10 - No Cached
  • The regulations, which went into force in March, are intended to protect a consumer’s personal information from identity theft and other privacy breaches and to spell out steps that businesses must take to ensure data is secured. Some large companies — particularly those in the finance and health care industries that are already subject to data security laws like the Health Insurance Portability and Accountability Act (HIPAA) — had privacy measures in place, which helped get them ready for Massachusetts’ regulations. However, for many smaller and midsize companies that have not been subject to data security laws before, complying with the rules is a longer and often more painful process.
  • some businesses that are complying with privacy regulations for the first time and have limited in-house technology expertise “are running around with their hair on fire, trying to figure out what to do first,”
  • “We’ve seen a substantial uptick in activity in clients seeking guidance in how to comply,” said Carlos Perez-Albuerne, a partner at Choate Hall & Stewart LLP. “There’s a whole swath of businesses that never had to deal with anything like this before.”
  • ...4 more annotations...
  • Under the regulations, organizations — no matter where they are based — that store personal information about Massachusetts residents have to write security policies detailing how the data will be protected, encrypt the data when it is stored on laptops or other portable devices or transmitted over public networks, and monitor their systems for breaches.
  • Believed to be among the most stringent data privacy regulations in the U.S., the rules have lawmakers and businesses taking note. The regulations are now driving computer security policy agendas across the country, said Mark Schreiber, a partner at Edwards Angell Palmer & Dodge who chairs the firm’s privacy and data protection group. “The impact is much broader than we ever imagined. Who would have thought it would have catalyzed so much activity?” he said. “This will be with us for decades or longer.”
  • Since March, Cutugno Court Reporting and Sten-Tel Inc., a Springfield-based firm that provides document management and transcription systems, has spent “easily into the six-figure realm” on technology and consulting services to comply with the privacy regulations, said Blake Martin, the company’s CIO.
  • To date, state regulators have not yet taken any public enforcement actions against organizations that have failed to comply with the rules. The state attorney general’s office, which is charged with enforcing the regulations, and the Office of Consumer Affairs and Business Regulation, which developed the regulations, have been focusing on compliance efforts, reaching out to trade groups, bar associations and others to spread the word.
  • sandy ingram on 10 Nov 10
     
    "Eight months after the state's tough, new data privacy regulations went into effect, many businesses are still sorting through the rules and working to bring their firms into compliance. "
sandy ingram

California Department of Public Health Breach Fines and Legally Defensible Security : I... - 0 views

www.infolawgroup.com/...nd-legally-defensible-security

california health breach

shared by sandy ingram on 28 Jun 10 - Cached
  • sandy ingram on 28 Jun 10
     
    The California Department of Public Health ("CDPH") recently announced its imposition of $675,000 in fines to six hospitals that had reported security breaches involving medical records (since January 1, 2009, the CDPH has issued fines totaling $1.1 million). The story has been extensively reported on in the media . You can listen to the CDPH's press conference here. The total number of records exposed was only 244, for an average fine of around $2,766 per record. To put that in perspective, if a California hospital suffered a breach involving 100,000 medical records, using the average stated here, their potential fines could be $276 million (assuming no cap for fines and penalties -- the relevant laws do have a cap of $250,000 per incident).
sandy ingram

Medical-data breach said to be major; involves nearly two-thirds of the insurers' subsc... - 0 views

www.philly.com/...a_breach_said_to_be_major.html

Security Privacy compliance cybersecurity breach

shared by sandy ingram on 21 Oct 10 - No Cached
  • The security failure, one of the several largest in nearly two years, involves nearly two-thirds of the insurers' subscribers. It became known only after The Inquirer requested information Tuesday evening. The insurers said the drive was missing from the corporate offices on Stevens Drive in Southwest Philadelphia. It noted that the same flash drive was used at community health fairs. "That seems grossly irresponsible," said Dr. Deborah Peel, a Texas psychiatrist who heads Patient Privacy Rights, an advocacy group.
  • The news of the breach comes at a time when there is more emphasis - and billions of dollars in federal funding - to develop protocols for electronic medical records, with information being shared among providers, insurers, and consumers.
  • Paul Stephens, director of policy for the Privacy Rights Clearinghouse, said that data breaches in the finance and retail sectors tended to involve more people, but that health data are very sensitive and may also contain payment information.
  • ...3 more annotations...
  • Until The Inquirer asked for information, the company had not disclosed the data breach to affected members, most of whom live in Philadelphia and nearby counties
  • The federal website explaining the law says that breaches must be reported "without unreasonable delay and in no case later than 60 days."
  • They would not say how they know the computer drive was lost, not stolen. They would not comment on the riskiness of taking the drive to health fairs, nor would they say whether the data on the drive was encrypted.
  • sandy ingram on 21 Oct 10
     
    A computer flash drive containing the names, addresses, and personal health information of 280,000 people is missing - one of the largest recent security breaches of personal health data in the nation. "We deeply regret this unfortunate incident," said Jay Feldstein, the president of the two affiliated Philadelphia companies, Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan. The breach, which involves the records of Medicaid recipients, is the first such Medicaid data breach in Pennsylvania since at least 1997, according to the state's Department of Welfare, which has oversight. "We take compliance [with federal privacy laws] very seriously," department spokeswoman Elisabeth Myers said Wednesday.
sandy ingram

Integrating Ethics and Compliance Into the Entire Organization - 0 views

tfoxlaw.wordpress.com/...e-into-the-entire-organization

Privacy Security compliance ethics integrating SMB Best Practice

shared by sandy ingram on 28 Nov 10 - No Cached
  • There’s no point investing in and implementing an ethics and compliance program unless the time is spent integrating the program into every aspect of an organization. The need for companies to develop effective ethics and compliance programs has been acknowledged by several government agencies- examples are the SEC in the US and the government in the United Kingdom. Both groups have recently passed legislation or made amendments to existing guidelines, focusing heavily on the importance of ethics and compliance at all levels of an organization- especially at the top.
  • Employees at each level contribute to the success of a company’s ethics and compliance program. Integrating ethics and compliance at each level helps ensure the message from the top makes it all the way down to the lower levels of the organization. Training, messages and other ethics and compliance initiatives must be developed to evolve with employees as they move through the company. That being said, employees at various levels need to be prepared to address different ethical issues they may encounter based on the role they play in the organization.
  • Integrating Ethics in the Middle  In many companies, employees report that the middle level is where ethics and compliance commitments break down. Since many of the lower level employees report directly to those in the middle, a commitment to ethics and compliance from middle managers is equally as important as it is at the top.
  • ...4 more annotations...
  • Top level managers can use a number of techniques to assist mid-level managers in understanding the role they play in creating an ethical workplace.
  • Integrating Ethics at Lower Levels Lower level employees are usually the ones on the frontlines acting as ambassadors for a company/brand. Ensuring the commitment to ethics and compliance is as strong at the bottom as it is at the top is critical to the success of a fully integrated ethics and compliance program.
  • One of the easiest ways to begin implementing ethics and compliance within lower levels is to provide new hires with extensive training on company expectations and ethics and compliance. During the interview process, ask questions related to ethical situations and decision making. This can be used as a way to ensure new hires are a proper fit with the existing corporate culture.
  • It’s important to remember that ethics training and implementation doesn’t stop here- this is just the beginning.
  • sandy ingram on 28 Nov 10
     
    "One of the easiest ways to begin implementing ethics and compliance within lower levels is to provide new hires with extensive training on company expectations and ethics and compliance"
sandy ingram

Malicious insider attacks to rise: "This is one of the most significant threats compani... - 0 views

news.bbc.co.uk/...7875904.stm

employee layoffs

shared by sandy ingram on 12 Feb 09 - Cached
  • Microsoft said so-called "malicious insider" breaches are on the rise and will worsen in the present downturn.
  • "This is one of the most significant threats companies face,"
  • "The malicious insider is classed as the greatest security concern because they have access, and relatively easy access, to corporate assets," said Mr Leland.
  • ...5 more annotations...
  • The problem is not just a serious one for business.
  • "The national security and economic health of the United States depend on the security, stability and integrity of our nation's cyberspace, both in the public and private sectors,"
  • A report last week by the Ponemon Institute, a privacy and data-protection research group, found that 88% of data breaches were caused by simple negligence on the part of staff.
  • While insider attacks are lower in number, Mr Rowney said they can be more devastating because the employee knows where "the crown jewels" are kept
  • Verizon indicates these protections are a critical form of risk management that no enterprise can no longer afford to ignore.
  • sandy ingram on 12 Feb 09
     
    "This is one of the most significant threats companies face,"
  • sandy ingram on 12 Feb 09
     
    People to Google: Doug Leland, Microsoft John Brennan, the President's top adviser for counterterrorism and homeland security. Kevin Rowney, Symantec, founder of the firm's Data Loss Prevention Unit
sandy ingram

The collaborative web in action - CEO Forum Group - 0 views

www.ceoforum.com.au/article-detail.cfm

ceo collaborative web2.0 workplace

shared by sandy ingram on 20 Nov 08 - Cached
  • it is a sad fact that too few CEOs make the connection this current wave of the Internet and any change in the way business works. This I believe is a pity and it could cost businesses money.
  • For many CEOs, I would suggest, this trend is one which they understand only tangentially – perhaps when they see their home telecommunications bill if they have children – or when they meet one of their generation Y employees, who cheekily ‘demands’ instant messaging or an iPhone as part of their salary package.
  • it is the platform of networked based colllaboration tools, created on the public Internet but increasingly being adopted in the workplace, which will set apart the successful businesses of the first two decades of the 21st century.
  • ...1 more annotation...
  • When a business works out how to use collaboration tools properly, it can open up an entirely new way of improving resource allocation, driving innovation, getting closer to customers and partners, taking costs out of the business and reducing time-to-market. Collaboration, based on the network as the platform, is even able to help reduce the impact of business on the environment.
  • sandy ingram on 20 Nov 08
     
    "...it is the platform of networked based colllaboration tools, created on the public Internet but increasingly being adopted in the workplace, which will set apart the successful businesses of the first two decades of the 21st century."
sandy ingram

Privacy is good for business - CEO Forum Group - 0 views

www.ceoforum.com.au/article-detail.cfm

ceo cpo

shared by sandy ingram on 20 Nov 08 - Cached
  • "There are thousands of privacy professionals now, in the U.S. and Europe and Asia. Most of the Fortune 100 have a privacy officer or some sort of equivalent".
  • "Now imagine", Pearson says, "the first few times an insurance company or a university sends out a letter saying, 'excuse me, but we were hacked and we don't know what happened exactly, we don't know what happened to your data, but we are required by law to notify you that something might have happened'. That's not a pleasant situation to be in".
  • But privacy concerns impact more than just the bottom line; they affect multiple areas of an organisation, from legal liabilities to PR efforts to CRM and employee retention. A well-designed, well-implemented policy can help a company in all of these areas, on both the tactical and the strategic levels.
  • ...2 more annotations...
  • Security and privacy are not simply IT challenges—they need to be addressed as strategic issues, at the highest levels of the organisation.
  • Ultimately, however, it is organisational policies, not technology, that are most important to enforcing privacy.
sandy ingram

Information Security Clauses and Certifications - Part 1 : Info Law Group - 0 views

www.infolawgroup.com/...uses-and-certifications-part-1

Privacy Security Best Practice

shared by sandy ingram on 21 Jan 10 - Cached
  • What contractual information security provisions should you consider, as a customer or as a vendor or business partner, when the contract contemplates the exchange of protected information? What do security standards and audits entail for a vendor, and what do they offer for a customer?
  • With heightened liability and compliance risks associated with handling protected categories of data, it is becoming more common to see contractual requirements holding vendors accountable for information security or requiring them to conform to a specified information security standard
  • sandy ingram on 21 Jan 10
     
    Outsourcing business and IT functions often means outsourcing compliance and liability risks as well. When a service contract involves protected categories of personal information, both parties need to understand the security requirements and risks. The contract should allocate responsibilities to prevent and respond to security breaches. The contract may also set expectations more precisely by incorporating a written security policy or referring to a widely accepted information security standard, sometimes accompanied by a requirement for a third-party security audit or assessment
sandy ingram

Most Large Enterprises Already Active in Cloud Computing: Survey - Cloud Computing - Ne... - 0 views

www.eweek.com/...-Cloud-Computing-Survey-476848

cloud compliance Privacy security enterprises

shared by sandy ingram on 21 Dec 10 - No Cached
  • The results indicate that "there are more cloud implementations within the enterprise than people were aware of," Jay Fry, vice president of marketing for the cloud computing division at CA Technologies, told eWEEK. The report indicates that IT administrators are starting to get some visibility on what the various groups within the organization are working on, he said. As more people begin to discuss the cloud within the enterprise, the visibility will continue to improve, said Fry.
  • In the past, there were "rogue deployments" that the company’s IT staff didn’t even know about, because the individual line of business was purchasing software-as-a-service offerings without involving IT.
  • Collaboration tools such as hosted e-mail, antivirus and spam filtering and Web conferencing software accounted for a bulk of cloud deployments, at 75 percent, according to the report
  • ...2 more annotations...
  • The primary incentive for initially going to the cloud is to trim costs, he said. While that result was expected, the report found that IT staff considered other benefits, such as agility and adaptability as soon as six months after deployment, said Fry.
  • Many large organizations are already active in cloud computing in some form and are planning more deployments, according to a CA Technologies study.
  • sandy ingram on 21 Dec 10
     
    "More than 80 percent of surveyed enterprises and 92 percent of the largest enterprises, have at least one cloud service, the report found. Additionally, more than half, or 52 percent, of organizations using the cloud claimed to have more than six cloud services."
sandy ingram

Ponemon Study: 73% Believe Cloud Providers Do Not Protect User's Confidential Informati... - 0 views

www.infolawgroup.com/...users-confidential-information

ponemon study Privacy security cloud cybersecurity

shared by sandy ingram on 14 May 11 - No Cached
  • Growing scrutiny of cloud computing security in the first half of this year is not surprising in light of the numerous data breaches, privacy issues and headline grabbing cloud outages that have occurred recently
  • The 26-page survey report returned a stunning conclusion – though one not surprising to those familiar with legal contracting for cloud computing; namely that a majority of cloud providers do not believe data security is their responsibility - but the customer’s. 
  • In addition, the survey revealed that a “majority of cloud computing providers surveyed do not believe their organization views the security of their cloud services as a competitive advantage.
  • ...7 more annotations...
  • Further, they do not consider cloud computing security as one of their most important responsibilities and do not believe their products or services substantially protect and secure the confidential or sensitive information of their customers.”
  • The study further reports that the majority of cloud providers surveyed “admit they do not have dedicated security personnel to oversee the security of cloud applications, infrastructure or platforms.”
  • One bit of somewhat good news the survey revealed is that “about one-third of the cloud providers in our study are considering such solutions [providing additional security] as a new source of revenue sometime in the next two years.”
  • Another of the report’s conclusion is that “the focus on cost and speed and not on security or data protection [in cloud offerings] creates a security hole.” This potential “security hole” is a prime reason we advise clients, in certain circumstances, to be prepared to walk away from cloud providers under consideration if adequate and legally defensible security measures cannot be adequately negotiated and contractually provided for.
  • The report also states that “cloud providers are least confident about the following security requirements: Identify and authenticate users before granting access Secure vendor relationships before sharing information assets Prevent or curtail external attacks Encrypt sensitive or confidential information assets whenever feasible Determine the root cause of cyber attacks
  • These are serious security concerns any way you slice it
  • The fundamental takeaway from the Ponemon study is that cloud security is very much a work in progress, and that any cloud initiative or plan for corporate cloud usage needs serious due diligence by representatives from business, IT and legal working in conjunction
  • sandy ingram on 14 May 11
     
    Growing scrutiny of cloud computing security in the first half of this year is not surprising in light of the numerous data breaches, privacy issues and headline grabbing cloud outages that have occurred recently.
sandy ingram

Mobile malware, "whaling" top challenges of 2011, says IBM report - SC Magazine US - 0 views

www.scmagazineus.com/...213219

security mobile malware IBM report

shared by sandy ingram on 30 Sep 11 - No Cached
  • To address these new challenges, the report said, enterprises need to shape their risk exposure, communication, end-user education and technology in a delicate balance.
  • One of the newest vectors of attack – the so-called “bring your own device” approach – has sprung up from the burgeoning market for smartphones and tablets and their adaption into the enterprise network, the report said. Security issues seen on the mobile platform are rising with the market – with double the number of mobile exploit releases that were seen in 2010.
  • Third-party app markets, a Wild West of often unregulated offerings, are the primary bazaar for malicious software created to attack mobile phones.
  • ...4 more annotations...
  • Infected mobile applications can also come from peer-to-peer networks hosted on websites
  • This year's breaches have highlighted the emerging risk of “whaling,” a variant of spear phishing that targets "big fish,” or high-level personnel
  • Of further concern for IT security professionals is the rise of professional teams charged with collecting intellectual property and strategic intelligence, the report found.
  • In addition, so-called hacktivist groups, such as LulzSec and Anonymous, have used well-worn attack techniques, such as SQL injection, to successfully target websites and computer networks for political ends rather than financial gain.
  • sandy ingram on 30 Sep 11
     
    An unprecedented number of successful attacks on corporate networks in the first half of the year illustrates that "basic network security is not just a technical problem, but rather a complex business challenge,"
sandy ingram

What's a Company's Biggest Security Risk? You. - WSJ.com - 0 views

online.wsj.com/...4836104576556421692299218.html

Privacy security hack Insider Threat

shared by sandy ingram on 04 Oct 11 - No Cached
  • Consider what happened in March at EMC Corp.'s RSA security unit, the maker of computer login devices used by thousands of other companies. A hacker sent emails to two small groups of employees that looked innocent enough, including a spreadsheet titled "2011 Recruitment plan." The message was so convincing that one employee retrieved it from the "junk mail" folder and then opened the attachment. Doing so introduced a virus inside RSA's network that eventually gave the hacker access to sensitive company data and enabled later attacks against RSA's customers.
  • Employees have more opportunities than ever to compromise company information. We not only screw up by clicking on emails from hackers that download viruses, letting them bypass corporate firewalls. We also open a Pandora's Box of security problems by circumventing company tech-support rules and doing work with personal gadgets and consumer-grade online services like Web email and cloud storage services.
  • Here's a look at what employees are doing wrong and how companies are trying to fight our bad habits
  • ...3 more annotations...
  • Today, we make ourselves easy targets by posting troves of information about ourselves and our jobs online, say security experts. Blogs and professional networks such as LinkedIn are particularly useful sources for criminals, since many people share details about their roles at work, which can be used to help determine corporate hierarchies, among other things.
  • Hackers include dangerous traps in these targeted emails, such as links leading to malware or a Web page designed to dupe the employee into entering passwords. In the RSA attack, the emails included an attachment that took advantage of a previously unknown chink in Adobe Flash software to inject a virus into the company's systems.
  • As older systems that are focused on firewalls fail, corporate IT "needs a new defense doctrine," says RSA's head of identity protection, Uri Rivner. "You need to have security cover inside your organization, rather than your perimeter. You need to understand what your users are doing, and then spot any type of suspicious activity inside."
  • sandy ingram on 04 Oct 11
     
    Hacking attacks against companies are growing bigger and bolder-witness a string of high-profile breaches this year at Sony Corp., Citigroup Inc. and others. But gone are the days when hackers would simply find holes in corporate networks to steal valuable data. Large companies have grown wise to the threat of hacking, and have spent the past 30 years hardening the perimeters of their networks with upgraded technology.
1 - 18 of 18
Showing 20 items per page