Skip to main content

Home/ Groups/ WPPS C-Suite News
Rss Feed
Sort By: Most Recent | Popular Filter: All | Bookmarks | Topics Simple Middle
sandy ingram

Innovations in software, engineering, pharmaceuticals and other fields are being stolen... - 0 views

www.whitehouse.gov/...homeland_security

homeland Obama cybersecurity

shared by sandy ingram on 20 Mar 09 - Cached
  • The first responsibility of any president is to protect the American people. President Barack Obama will provide the leadership and strategies to strengthen our security at home.
  • Barack Obama and Joe Biden's strategy for securing the homeland against 21st century threats is focused on preventing terrorist attacks on our homeland, preparing and planning for emergencies and investing in strong response and recovery capabilities. Obama and Biden will strengthen our homeland against all hazards
  • Protect Our Information Networks
  • ...9 more annotations...
  • Barack Obama and Joe Biden -- working with private industry, the research community and our citizens -- will lead an effort to build a trustworthy and accountable cyber infrastructure that is resilient, protects America's competitive advantage, and advances our national and homeland security.
  • Strengthen Federal Leadership on Cyber Security
  • ensure that the federal government works with states, localities, and the private sector as a true partner in prevention, mitigation, and response.
  • Work with the private sector to establish tough new standards for cyber security and physical resilience.
  • Work with industry to develop the systems necessary to protect our nation's trade secrets and our research and development
  • Mandate Standards for Securing Personal Data and Require Companies to Disclose Personal Information Data Breaches:
  • Prepare Effective Emergency Response Plans:
  • Working with State and Local Governments and the Private Sector:
  • Create a National Infrastructure Protection Plan:
  • sandy ingram on 20 Mar 09
     
    The first responsibility of any president is to protect the American people. President Barack Obama will provide the leadership and strategies to strengthen our security at home.
sandy ingram

Online Social Networking The Employer's Dilemma - 0 views

downloads.messagelabs.com/...alnetwoking_legal_A4_final.PDF

Whitepapers privacy security Social Networking employees employers wss_whitepaper_socialnetwoking_legal_a4_final

shared by sandy ingram on 28 Jan 09 - No Cached
  • sandy ingram on 28 Jan 09
     
    notifying employees of clear rules on what is acceptable and what is not, balancing the need to monitor with the employees' reasonable expectations of privacy and weighing the overall benefits of allowing personal usage against the risks of doing so, are all issues with which managers will be familiar.
  • ...2 more comments...
  • sandy ingram on 28 Jan 09
     
    Social networking sites can be both addictive and time-consuming, damaging employee productivity
  • sandy ingram on 28 Jan 09
     
    A more troublesome concern is the potential for damage to an employer's reputation or brand, if an employee makes derogatory comments about an employer, client or customer. Such comments then become easy to find via an online search and may be available for an unlimited time. Employers are also concerned about the potential loss of confidential information by an unguarded (or malicious) comment by an employee, then causing the company embarrassment, financial damage or possibly leaving them open to security risks such as identity fraud.
  • sandy ingram on 28 Jan 09
     
    For employers, the temptation to utilise sites such as Facebook and MySpace may also lead them into trouble. Some employers view the scanning of such sites for information on prospective employees as legitimate; others view it as distasteful and intrusive (the equivalent of rummaging through a candidate's personal items). Whatever the view, employers adopting this approach would do well to heed the warning of the TUC's guidance on online social networking. This guidance reminds employers that only a minority of potential staff will have a public profile on a social network, so using information from this source can give either an unfair advantage or disadvantage to certain candidates, as well as leaving the employer open to the accusation of discrimination.
  • sandy ingram on 28 Jan 09
     
    Employers have had to grapple with the issues raised by employee use of the Internet for some years and the rise of online social networking presents another challenge. There is no obvious conclusion here; employers will have to do what they consider to be correct in the light of their business concerns, their employee relations and their business culture. The dilemma posed by the heightened risks surrounding online social networking, whether to trust or restrict employees, does not lead to one "right" answer, but there is certainly a "wrong" answer. Given the ever-growing popularity of such sites and the potential consequences for employers of employee misuse, simply ignoring the issue can only lead to problems for the unwary employer.
sandy ingram

SURVEY: Data-breach costs rising, 84% repeat offenders - 0 views

voices.washingtonpost.com/...breaches_more_costly_than.html

Survey breach

shared by sandy ingram on 03 Feb 09 - Cached
  • The study measured the direct costs of a data breach, such as hiring forensic experts; notifying consumers; setting up telephone hotlines to field queries from concerned or affected customers; offering free credit monitoring subscriptions; and discounts for future products and services.
    • sandy ingram
      sandy ingram on 03 Feb 09
       
      THE COST OF A DATA BREACH The study measured the direct costs of a data breach, such as hiring forensic experts; notifying consumers; setting up telephone hotlines to field queries from concerned or affected customers; offering free credit monitoring subscriptions; and discounts for future products and services. Company's stock price, which in some cases can be substantial. CASE STUDY when the nation's sixth largest credit and debit card processor -- Heartland Payment Systems -- disclosed a breach that could affect millions of customers, the company's stock price took a nosedive. Shares of Heartland's stock lost 42 percent of their value the day after that disclosure, closing at a 52-week low of $8.18. INTELLECTUAL PROPERTY A breach often exposes proprietary data that can jeopardize millions of dollars invested in research and development.
    • sandy ingram
      sandy ingram on 03 Feb 09
       
      COST TO YOUR BRAND "The first thing companies say when they have a breach is 'Well, we'll implement encryption and data leak prevention technologies, and maybe do more training'," Dunkelberger said. "That's great, but what amount of brand damage has to occur in these public disclosures before we see changes made to the way companies handle not just consumers' personal information, but also the intellectual property that drives their businesses?"
  • "The first thing companies say when they have a breach is 'Well, we'll implement encryption and data leak prevention technologies, and maybe do more training'," Dunkelberger said. "That's great, but what amount of brand damage has to occur in these public disclosures before we see changes made to the way companies handle not just consumers' personal information, but also the intellectual property that drives their businesses?"
  • Microsoft patched for the worm affecting Heartland 4 months ago.
  • sandy ingram on 03 Feb 09
     
    the Ponemon Institute, a Tucson, Ariz., based independent research company, found that companies spent roughly $202 per consumer record compromised. The same study put the total cost of a breach in 2007 at $6.3 million, and roughly $4.7 million in 2006.
sandy ingram

Obama hints at cybersecurity shake-up with review: NSA "James L. Jones, a former Marine... - 0 views

news.cnet.com/8301-13578_3-10159975-38.html

Cyber Security Governnent Obama DHS

shared by sandy ingram on 11 Feb 09 - Cached
  • "Our cybersecurity approach to date has not kept up with the threats we've seen."
  • James L. Jones, a former Marine Corps commandant who warned at a speech in Munich over the weekend that terrorists could use "cyber-technologies" to cause catastrophic damage.
sandy ingram

Malicious insider attacks to rise: "This is one of the most significant threats compani... - 0 views

news.bbc.co.uk/...7875904.stm

employee layoffs

shared by sandy ingram on 12 Feb 09 - Cached
  • Microsoft said so-called "malicious insider" breaches are on the rise and will worsen in the present downturn.
  • "This is one of the most significant threats companies face,"
  • "The malicious insider is classed as the greatest security concern because they have access, and relatively easy access, to corporate assets," said Mr Leland.
  • ...5 more annotations...
  • The problem is not just a serious one for business.
  • "The national security and economic health of the United States depend on the security, stability and integrity of our nation's cyberspace, both in the public and private sectors,"
  • A report last week by the Ponemon Institute, a privacy and data-protection research group, found that 88% of data breaches were caused by simple negligence on the part of staff.
  • While insider attacks are lower in number, Mr Rowney said they can be more devastating because the employee knows where "the crown jewels" are kept
  • Verizon indicates these protections are a critical form of risk management that no enterprise can no longer afford to ignore.
  • sandy ingram on 12 Feb 09
     
    "This is one of the most significant threats companies face,"
  • sandy ingram on 12 Feb 09
     
    People to Google: Doug Leland, Microsoft John Brennan, the President's top adviser for counterterrorism and homeland security. Kevin Rowney, Symantec, founder of the firm's Data Loss Prevention Unit
sandy ingram

THE INSIDE THREAT: Financial firms focus on internal threats, employee errors - 0 views

searchfinancialsecurity.techtarget.com/...9142,sid185_gci1347604,00.html

Security Internal Threat Human Error Employees

shared by sandy ingram on 12 Feb 09 - Cached
  • Mark Steinhoff, head of Deloitte's financial services security and privacy practices, said an organization's biggest mistake would be to let its guard down
  • "The number of breaches that are occurring are really at the hands of insiders and organizations are understanding that there is a real threat of malicious attacks and exposure of personal information by insiders," Steinhoff said.
    • sandy ingram
      sandy ingram on 12 Feb 09
       
      The failing economy may be driving the increased concern over insider threats
    • sandy ingram
      sandy ingram on 12 Feb 09
       
      "We are seeing the layoffs and other forms of downsizing. Frankly with limited budget and less than satisfied employees, it really raises the parameter on that threat."
    • sandy ingram
      sandy ingram on 12 Feb 09
       
      Human error is the leading cause of information systems failure, and is likely to be the main cause of security attacks in the near future, according to 86% of those surveyed
  • sandy ingram on 12 Feb 09
     
    Banks and financial firms are placing more emphasis on internal threats to cut the flow of data leakage as a result of employee mistakes or workers disgruntled with layoffs and downsizing during the economic crisis, according to a recent survey.
sandy ingram

How the Human Brain Buys Security - 0 views

www.schneier.com/essay-232.html

shared by sandy ingram on 31 Oct 08 - Cached
  • It's much easier to sell greed than fear.
  • But all things being equal, buyers would rather take the chance than buy the security.
  • The better solution is not to sell security directly, but to include it as part of a more general product or service.
  • ...1 more annotation...
  • Vendors need to build security into the products and services that customers actually want.
  • sandy ingram on 31 Oct 08
     
    The better solution is not to sell security directly, but to include it as part of a more general product or service. Your car comes with safety and security features built in; they're not sold separately. And it should be the same with computers and networks. Vendors need to build security into the products and services that customers actually want. Security is inherently about avoiding a negative, so you can never ignore the cognitive bias embedded so deeply in the human brain. But if you understand it, you have a better chance of overcoming it.
sandy ingram

How long can CISO's avoid Cloud Computing? | CISO - 0 views

ciso.in/...567

security Privacy compliance Best Practice cloud computing workplace ipad tablets windows

shared by sandy ingram on 23 Feb 12 - No Cached
  • Network & Systems delivering the cloud service How does the authentication to access the network devices and operating system implemented? Does it use any two factor authentication? About the availability of the network and security infrastructure? does it implement load balancing or high availability solutions for the critical infrastructure components like firewalls, IPS, reverse proxies etc… Is the underlying cloud systems are secured? Do they have a baseline configuration implemented? How does the configuration managed? Does the cloud computing provider got a plan and/or policy to perform configuration management, patch management, anti-malware etc. Does the network undergoes periodic penetration testing? Does it undergo internal vulnerability assessment periodically? How is it ensuring that a compromised client with privileged access to the operating system is separated internally? Does it undergo periodic audits against standards like ISO27001, SAS70 etc? How is the customer data separated from one another? What are the security controls implemented to ensure this separation? What are the protection and response controls against the Denial of Service attacks?
  • Cloud Applications & Data Protection What are the security controls in the application development process? Does it include security code reviews of the code being developed or used? Is there a documented change and configuration management process? How does the application servers patched and what frequency? What are the mechanisms for managing the access control? How is the database protected from unauthorized access? How are they identifying the access reset requests are from the actual user. How do they create and delete/disable user accounts? what are the procedures for these activities. IS the data encrypted? If encrypted, how is the encryption keys are protected? What is key management process being followed? How is the data loss prevention ensured? Details of the DLP controls implemented? Is there a backup mechanism established? How is the data protected in the backups? Does the cloud service provider meets the regulatory requirements? For example, if the service is a ecommerce service then the cloud service could become part of the card holder environment and thus the PCI DSS regulation as there are potential card data being processed. Similarly, if the health information is processed, it can be HIPAA and similar other regulations. Is the cloud computing service provider meets the compliance requirements? Where is your data being hosted? Is it within your country or its jurisdiction? Is your organization comfortable with the legal system in the country where your data resides? How about cloud computing service provider who has a network of data centres across the globe and your data is scattered across these data centres? Can it limit the countries where the data is stored?
  • What are the conditions / scenarios where the data is revealed without the consent / approval of the organization? Does the application provide enough audit trials to review the incidents? Does it corporate with local legal system? Often the local law authorities require access to the processing computers, how is it support those requests?
  • ...1 more annotation...
  • Security Management What are the information security management policies and procedures implemented and documented? Are all employees required to undergo the security awareness training and acknowledge their acceptance to the policies and procedures at least annually? Is the cloud computing service provider has a dedicated information security professional? What are the network security capabilities established by the service provider? Are these personal technical qualified and certified? How is the insider threats within the cloud service provider being addressed? What is the background verification process being followed by the cloud service provider? Is there a privileged activity monitoring of systems and databases? How is the security incidents and violations are handled? Does it have a documented policy? How is the log integrity ensured? What are the mechanisms implemented to ensure that the logs cannot be altered and / or stopped. How long the logs are kept online and on the backup? What are the business continuity and disaster recovery capabilities of the cloud service provider? Many organization look at cloud as a BCM solution. Does the underlying cloud service provider is capable of delivering a BCM aware cloud service?
sandy ingram

Collaboration - the power of "us" far more important then the power of "you". - 0 views

www.ceoforum.com.au/article-detail.cfm

ceo collaboration

shared by sandy ingram on 20 Nov 08 - Cached
  • Societies and economies are rapidly changing; and the power of “us” has become far more important than the power of “you”
  • this wave of collaborative technologies and behaviors is now moving into business and government.
  • Business and government leaders will need to lead from a “collaboration and teamwork” mentality as opposed to the traditional “command and control” perspective.
  • ...1 more annotation...
  • reward them for reaching collective goals
    • sandy ingram
      sandy ingram on 20 Nov 08
       
      How to "reward" for collaboration?
  • sandy ingram on 20 Nov 08
     
    Societies and economies are rapidly changing; and the power of "us" has become far more important than the power of "you"
  • sandy ingram on 20 Nov 08
     
    "Our opportunity is to build a globally connected human network capable of working collectively to address the significant social, economic, and political issues of our time. As leaders, it is our responsibility to lead by collaborative example,"
sandy ingram

The collaborative web in action - CEO Forum Group - 0 views

www.ceoforum.com.au/article-detail.cfm

ceo collaborative web2.0 workplace

shared by sandy ingram on 20 Nov 08 - Cached
  • it is a sad fact that too few CEOs make the connection this current wave of the Internet and any change in the way business works. This I believe is a pity and it could cost businesses money.
  • For many CEOs, I would suggest, this trend is one which they understand only tangentially – perhaps when they see their home telecommunications bill if they have children – or when they meet one of their generation Y employees, who cheekily ‘demands’ instant messaging or an iPhone as part of their salary package.
  • it is the platform of networked based colllaboration tools, created on the public Internet but increasingly being adopted in the workplace, which will set apart the successful businesses of the first two decades of the 21st century.
  • ...1 more annotation...
  • When a business works out how to use collaboration tools properly, it can open up an entirely new way of improving resource allocation, driving innovation, getting closer to customers and partners, taking costs out of the business and reducing time-to-market. Collaboration, based on the network as the platform, is even able to help reduce the impact of business on the environment.
  • sandy ingram on 20 Nov 08
     
    "...it is the platform of networked based colllaboration tools, created on the public Internet but increasingly being adopted in the workplace, which will set apart the successful businesses of the first two decades of the 21st century."
sandy ingram

HONcode: Principles - Quality and trustworthy health information - 0 views

www.hon.ch/Conduct.html

shared by sandy ingram on 29 Oct 08 - Cached
  • HON Code of Conduct (HONcode) for medical and health Web sites
  • sandy ingram on 29 Oct 08
     
    null
sandy ingram

CTO of the USA - 0 views

www.emergentchaos.com

OBAMA CTO information security

shared by sandy ingram on 09 Nov 08 - Cached
  • Obama will appoint the nation's first Chief Technology Officer (CTO)
  • sandy ingram on 09 Nov 08
     
    Obama will appoint the nation's first Chief Technology Officer (CTO)
sandy ingram

Amended SB1386 - Health care data security breach explained - 0 views

www.scmagazineus.com/...120069

hipppa SB1386 health training breaches

shared by sandy ingram on 01 Nov 08 - Cached
  • Health care data security breaches in the U.S.
  • New laws and regulations regarding data security breaches and disclosure laws affect the way in which health care organizations do business
  • Notifications can be delayed if law enforcement determines it could hinder a criminal investigation
  • ...11 more annotations...
  • he disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subdivision (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
  • Any agency that maintains computerized data that includes personal information that the agency does not own shall notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person.
  • They need to implement proper security measures, like encryption,” Booz says. In addition, the law will require a new level of investment in training for customer service, sales, and other externally facing operations.
  • Individuals affected by data breaches that meet the personal information definition and notification requirements must be notified by using one of three methods: written notice, electronic notice with customer's consent, or substitute notice
  • A new California law requiring that customers be notified of a breach involving their medical information is likely to influence legislation in other states.
  • The new law requires all state agencies and companies that conduct business in California to notify residents when a breach of their medical information occurs.
  • The purpose of this rule is to secure personally identifiable information (PII) as it travels through the healthcare system. Healthcare organizations, including providers, payers, and clearinghouses, must comply with the Privacy Rule.
  • Between 2000 and 2007, nearly half of all health care security incidents that occurred in the U.S. were associated with hospitals.
  • Between 2000 and 2007, 40 percent of publicly known security incidents at health care organizations are classified as data breaches
  • Although data breaches (hackers, malicious employees, social engineering, etc.) only constitute 40 percent of incidents, they account for 57 percent of all records compromised, nearly two and a half times the next closest category.
  • This again speaks to the need for strong policies and procedures. If organizations did not allow sensitive data to leave their facility without being encrypted (for electronic data) or disposed of properly (for physical data), it could eliminate nearly a quarter of the incidents they would face.
  • sandy ingram on 01 Nov 08
     
    Notifications can be delayed if law enforcement determines it could hinder a criminal investigation
  • sandy ingram on 01 Nov 08
     
    A new California law requiring that customers be notified of a breach involving their medical information is likely to influence legislation in other states.
sandy ingram

The Future of Enterprise 2.0 Technologies - ReadWriteWeb - 0 views

www.readwriteweb.com/..._enterprise20_grow_decline.php

enterprise2.0 readwriteweb web2.0 forrester research

shared by sandy ingram on 20 Nov 08 - Cached
  • Forrester predicts that social networking tools and internal wikis "will have the greatest impact on workplace collaboration"
sandy ingram

"The Neb" implemented by IBM - 0 views

www.links.org

Privacy security neb

shared by sandy ingram on 09 Nov 08 - Cached
  • The basic idea here was that you can’t trust your PC, so you should have a separate trusted device (The Neb) which is used only for final authorisation of transactions - all the work of getting the transaction set up is done on the untrusted PC.
  • only the data relating to the final transaction is sent to The Neb,
  • explicitly, by the server,
  • ...1 more annotation...
  • which then displays it and, if the user agrees, signs it.
  • sandy ingram on 09 Nov 08
     
    only the data relating to the final transaction is sent to The Neb,
sandy ingram

80% of Australian companies suffered data breach. What protections are in your consult... - 0 views

www.smartcompany.com.au/...breach-in-past-five-years.html

Austrailia data breach agreements international

shared by sandy ingram on 11 Nov 08 - Cached
  • A whopping 34% of respondents report an average breach cost them $5000,
  • sandy ingram on 11 Nov 08
     
    What protections are written in your international consultant agreements?
  • sandy ingram on 11 Nov 08
     
    A new survey reveals almost 80% of local companies have experienced data breaches in the past five years, with 40% recording between six and 20 breaches
sandy ingram

Data Leakage Worldwide White Paper: The High Cost of Insider Threats  [Data L... - 0 views

www.cisco.com/...white_paper_c11-506224.html

shared by sandy ingram on 12 Nov 08 - Cached
  • sandy ingram on 12 Nov 08
     
    Apathy and overwhelming amounts of data are key points why employees lose information
sandy ingram

Layoffs could lead to theft of interllectual property, placement of code - 0 views

www.linkedin.com/...366179-6510159

extortion layoffs employee workplace

shared by sandy ingram on 17 Nov 08 - No Cached
  • Since we are witnessing one of the most greatest surges in layoffs, how has your information security processes been coping with the increase?
  • I hear that many employees, in anticipation of a layoff, are stealing intellectual property. Thus, some damage to the company may be done prior to the lay off taking place.
  • have direct experience of employees who planted code that would disable key functions in the corporate IT system
  • ...9 more annotations...
  • I have met others who have bought their way into competitors using confidential information.
  • To be completely brutal and honest, if you are in a position to be worried about these things then your organisation has not taken its' security (in the broadest terms) seriously.
  • Security considerations are starting to move higher up the value chain away from its roots of network centricity towards applications and business concerns.
  • I have been monitoring the IT security industry and what I have noticed is not only the number of layoffs but also that there is so few high level IT Security jobs been advertised. Too many organisations see IT Security as an expense, and they have problem seeing the ROI form IT Security project.
  • how vulnerable is the Global economy to the next big attack.
  • corporations rapidly lose the ability to stop serious security breaches within the company as many in this forum have stated many examples.
  • I have seen many people go to extremes and sell this inside information, corporate espionage to name one example, in order to survive.
  • To understand the seriousness of this economic turmoil affecting corporation globally, a Director of Information Security from one of the largest and most admired global corporations was let go in a downsizing restructuring.
  • Understand that every company large and small is going through profound economic issues trying to do more with less staff.
  • sandy ingram on 17 Nov 08
     
    In one case, it was used for extortion, i.e. to demand a better severance package. The other used it for revenge.
sandy ingram

Futureofprivacy.org - Group hopes to shape nation's privacy policy - 0 views

www.sfgate.com/...article.cgi

att privacy experts

shared by sandy ingram on 17 Nov 08 - Cached
  • Businesses, regulators and consumers are all confused about online privacy, yet technology keeps advancing, said the group's other co-founder, Christopher Wolf, who chairs the Privacy and Data Security Practice Group for Washington law firm Proskauer Rose LLP.
  • sandy ingram on 17 Nov 08
     
    Group hopes to shape nation's privacy policy
sandy ingram

Privacy is good for business - CEO Forum Group - 0 views

www.ceoforum.com.au/article-detail.cfm

ceo cpo

shared by sandy ingram on 20 Nov 08 - Cached
  • "There are thousands of privacy professionals now, in the U.S. and Europe and Asia. Most of the Fortune 100 have a privacy officer or some sort of equivalent".
  • "Now imagine", Pearson says, "the first few times an insurance company or a university sends out a letter saying, 'excuse me, but we were hacked and we don't know what happened exactly, we don't know what happened to your data, but we are required by law to notify you that something might have happened'. That's not a pleasant situation to be in".
  • But privacy concerns impact more than just the bottom line; they affect multiple areas of an organisation, from legal liabilities to PR efforts to CRM and employee retention. A well-designed, well-implemented policy can help a company in all of these areas, on both the tactical and the strategic levels.
  • ...2 more annotations...
  • Security and privacy are not simply IT challenges—they need to be addressed as strategic issues, at the highest levels of the organisation.
  • Ultimately, however, it is organisational policies, not technology, that are most important to enforcing privacy.
« First ‹ Previous 81 - 100 Next › Last »
Showing 20 items per page