Skip to main content

Home/ Groups/ WPPS C-Suite News
13More

Layoffs could lead to theft of interllectual property, placement of code - 0 views

  • Since we are witnessing one of the most greatest surges in layoffs, how has your information security processes been coping with the increase?
  • I hear that many employees, in anticipation of a layoff, are stealing intellectual property. Thus, some damage to the company may be done prior to the lay off taking place.
  • have direct experience of employees who planted code that would disable key functions in the corporate IT system
  • ...9 more annotations...
  • I have met others who have bought their way into competitors using confidential information.
  • To be completely brutal and honest, if you are in a position to be worried about these things then your organisation has not taken its' security (in the broadest terms) seriously.
  • Security considerations are starting to move higher up the value chain away from its roots of network centricity towards applications and business concerns.
  • I have been monitoring the IT security industry and what I have noticed is not only the number of layoffs but also that there is so few high level IT Security jobs been advertised. Too many organisations see IT Security as an expense, and they have problem seeing the ROI form IT Security project.
  • how vulnerable is the Global economy to the next big attack.
  • corporations rapidly lose the ability to stop serious security breaches within the company as many in this forum have stated many examples.
  • I have seen many people go to extremes and sell this inside information, corporate espionage to name one example, in order to survive.
  • To understand the seriousness of this economic turmoil affecting corporation globally, a Director of Information Security from one of the largest and most admired global corporations was let go in a downsizing restructuring.
  • Understand that every company large and small is going through profound economic issues trying to do more with less staff.
  •  
    In one case, it was used for extortion, i.e. to demand a better severance package. The other used it for revenge.
1More

Data Leakage Worldwide White Paper: The High Cost of Insider Threats  [Data L... - 0 views

shared by sandy ingram on 13 Nov 08 - Cached
  •  
    "common examples of employee behaviors that demonstrate a lack of diligence with respect to safeguarding sensitive information include speaking loudly about confidential information in public places, failing to log off laptops, leaving passwords in sight or unprotected, and accessing unauthorized websites.Common examples of employee behaviors that demonstrate a lack of diligence with respect to safeguarding sensitive information include speaking loudly about confidential information in public places, failing to log off laptops, leaving passwords in sight or unprotected, and accessing unauthorized websites."
1More

Data Leakage Worldwide White Paper: The High Cost of Insider Threats  [Data L... - 0 views

  •  
    Apathy and overwhelming amounts of data are key points why employees lose information
3More

80% of Australian companies suffered data breach. What protections are in your consult... - 0 views

  • A whopping 34% of respondents report an average breach cost them $5000,
  •  
    What protections are written in your international consultant agreements?
  •  
    A new survey reveals almost 80% of local companies have experienced data breaches in the past five years, with 40% recording between six and 20 breaches
5More

"The Neb" implemented by IBM - 0 views

  • The basic idea here was that you can’t trust your PC, so you should have a separate trusted device (The Neb) which is used only for final authorisation of transactions - all the work of getting the transaction set up is done on the untrusted PC.
  • only the data relating to the final transaction is sent to The Neb,
  • explicitly, by the server,
  • ...1 more annotation...
  • which then displays it and, if the user agrees, signs it.
  •  
    only the data relating to the final transaction is sent to The Neb,
2More

CTO of the USA - 0 views

  • Obama will appoint the nation's first Chief Technology Officer (CTO)
  •  
    Obama will appoint the nation's first Chief Technology Officer (CTO)
16More

Amended SB1386 - Health care data security breach explained - 0 views

  • Health care data security breaches in the U.S.
  • New laws and regulations regarding data security breaches and disclosure laws affect the way in which health care organizations do business
  • Notifications can be delayed if law enforcement determines it could hinder a criminal investigation
  • ...11 more annotations...
  • he disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subdivision (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
  • Any agency that maintains computerized data that includes personal information that the agency does not own shall notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person.
  • They need to implement proper security measures, like encryption,” Booz says. In addition, the law will require a new level of investment in training for customer service, sales, and other externally facing operations.
  • Individuals affected by data breaches that meet the personal information definition and notification requirements must be notified by using one of three methods: written notice, electronic notice with customer's consent, or substitute notice
  • A new California law requiring that customers be notified of a breach involving their medical information is likely to influence legislation in other states.
  • The new law requires all state agencies and companies that conduct business in California to notify residents when a breach of their medical information occurs.
  • The purpose of this rule is to secure personally identifiable information (PII) as it travels through the healthcare system. Healthcare organizations, including providers, payers, and clearinghouses, must comply with the Privacy Rule.
  • Between 2000 and 2007, nearly half of all health care security incidents that occurred in the U.S. were associated with hospitals.
  • Between 2000 and 2007, 40 percent of publicly known security incidents at health care organizations are classified as data breaches
  • Although data breaches (hackers, malicious employees, social engineering, etc.) only constitute 40 percent of incidents, they account for 57 percent of all records compromised, nearly two and a half times the next closest category.
  • This again speaks to the need for strong policies and procedures. If organizations did not allow sensitive data to leave their facility without being encrypted (for electronic data) or disposed of properly (for physical data), it could eliminate nearly a quarter of the incidents they would face.
  •  
    Notifications can be delayed if law enforcement determines it could hinder a criminal investigation
  •  
    A new California law requiring that customers be notified of a breach involving their medical information is likely to influence legislation in other states.
5More

How the Human Brain Buys Security - 0 views

  • It's much easier to sell greed than fear.
  • But all things being equal, buyers would rather take the chance than buy the security.
  • The better solution is not to sell security directly, but to include it as part of a more general product or service.
  • ...1 more annotation...
  • Vendors need to build security into the products and services that customers actually want.
  •  
    The better solution is not to sell security directly, but to include it as part of a more general product or service. Your car comes with safety and security features built in; they're not sold separately. And it should be the same with computers and networks. Vendors need to build security into the products and services that customers actually want. Security is inherently about avoiding a negative, so you can never ignore the cognitive bias embedded so deeply in the human brain. But if you understand it, you have a better chance of overcoming it.

Schneier on Security - 0 views

shared by sandy ingram on 31 Oct 08 - Cached
1More

Socialtext | Solutions - 0 views

  •  
    Solutions Delivered on the Business Social Software Platform
2More

HONcode: Principles - Quality and trustworthy health information - 0 views

shared by sandy ingram on 29 Oct 08 - Cached
  • HON Code of Conduct (HONcode) for medical and health Web sites
  •  
    null
« First ‹ Previous 141 - 152 of 152
Showing 20 items per page