tagged w/ Infofiduciary
-
A recent benchmarking survey of Third Party Codes of Conduct was conducted by the Society of Corporate Compliance and Ethics (SCCE) and reported on by Rebecca Walker. The findings indicated that a majority of companies with an otherwise robust compliance program do not extend this to third parties with which they conduct business. For those companies who now desire to evaluate their third party business partners for Foreign Corrupt Practices Act (FCPA) compliance, how and where do they begin?
http://information-security-resources.com/2010/03/04/risk-based-enterprise-compliance-programs/A recent benchmarking survey of Third Party Codes of Conduct was conducted by the... more
-
-
-
-
Has someone been putting strange substances in the drinking water at Gartner’s Greenwich, CT headquarters? Some of their analysts are beginning to sound like New Age gurus on a mission to bring peace, love and harmony to the corporate world. Consider these words of wisdom recently imparted by Gartner analysts to clients at an Orlando conference…
http://information-security-resources.com/2010/03/01/gartner-tells-cios-to-embrace-social-media/Has someone been putting strange substances in the drinking water at Gartner’s... more
-
-
Once an agency crosses over into social media interactions with other agencies and non-governmental organizations, the guidance gets diluted. The guidelines point to five government agencies, none of which are the definitive resource for social media implementations. These guidelines are a must read for any organization that is considering a foray into the Web 2.0 sphere…
http://information-security-resources.com/2010/02/25/federal-guides-for-social-media-security-pii/Once an agency crosses over into social media interactions with other agencies and... more
-
-
-
The sheer volume of potential targets coupled with the vast amounts of money to be made has captured the attention of the global criminal hacking community. Enterprise networks are becoming hardened and they are still vulnerable. We are fragmented and all over the place with an incredible array of interdependent technologies that are set up with convenience in mind and security second…
http://information-security-resources.com/2010/02/18/the-dismal-state-of-information-security/The sheer volume of potential targets coupled with the vast amounts of money to be... more
-
-
The landscape of the Foreign Corrupt Practices Act (FCPA) is littered with cases involving both agents and resellers are they are the most clearly acting as representatives of the companies whose goods or services they sell for in foreign countries. However many US businesses believe that the legal differences between agents/resellers and distributors insulate them from FCPA liability should the conduct of the distributor violate the Act. If you have a distributor, it must be subjected to the same FCPA scrutiny and management as an agent, reseller or joint venture partner…
http://information-security-resources.com/2010/02/18/resellers-and-distributors-under-the-fcpa/The landscape of the Foreign Corrupt Practices Act (FCPA) is littered with cases... more
-
-
MicroSolved, Inc. (MSI) has developed the 80/20 Rule of Information Security that proposes the concept that 80% of an organizations’ real information security comes from only 20% of the assets and effort put into the program. These 13 security projects will give your organization the most effective information security coverage for the least expenditure of time and resources. These projects, once completed, should allow CIO’s to create an effective, efficient, and standards-based approach to information security…
http://information-security-resources.com/2010/02/17/the-8020-rule-for-information-security/MicroSolved, Inc. (MSI) has developed the 80/20 Rule of Information Security that... more
-
-
Infosec Island, the new community for IT and information security professionals, today announced that its new enhanced authentication service based on the SyferLock™ GridGuard™ solution, is now live. Deploying this technology provides Infosec Island members with the option to login with a very high level of security for confidential business, personal or security-related communications. SyferLock’s GridOne authentication is available on Infosec Island to all registered members, and membership is free.
http://information-security-resources.com/2010/02/16/syferlock-gridguard-live-on-infosec-island/Infosec Island, the new community for IT and information security professionals, today... more
-
-
Similar to security assessments, network architecture designs and other projects, a development project, such as this one involves the exchange of confidential data, including in this case, intellectual property designs, requirements documents, test plans, code fragments and road maps. We could have chose to exchange these documents over email, or printed them out and sent them next day parcel post. Instead, we ate our own dogfood and utilized IslandPKI encrypted document and message transfer…
http://information-security-resources.com/2010/02/16/how-a-security-company-applies-security/Similar to security assessments, network architecture designs and other projects, a... more
-
-
Over a billion people visited social networking sites such as Facebook and Twitter last month so it’s not surprising that hackers have these sites in their cross-hairs. In fact, according to recent research from Breach Security Labs, social networks were the most targeted category in 2009, accounting for 19% of all malicious attacks last year. By using simple data encryption and password protection tools, you can ensure that your personal information and online identities remain secure and private…
http://information-security-resources.com/2010/02/14/how-to-protect-your-social-network-identity/Over a billion people visited social networking sites such as Facebook and Twitter... more
-
-
So, if my PC is compromised because I don’t have adequate security and $800,000 goes missing from my account, whose fault is it? At first glance some may say the victims, others may say the banks. The fact that there are so many ways passwords can be compromised and accounts can be taken over, and banks know this, it should motivate banks to have redundant security in place. Hacks like this undermine people’s confidence in the system.
http://information-security-resources.com/2010/02/14/banks-fail-to-provide-effective-online-security/So, if my PC is compromised because I don’t have adequate security and $800,000... more
-
-
What if your vendor is acquired, are there assurances in your service agreement allowing you to opt out if you choose to – if so, will all your data be deleted? What if you vendor is acquired by a company based in a foreign country? Maybe the acquiring company ceo, also a peoples republic of china communist party official, will assure you your data has been deleted. All in all – right now, using SaaS simply comes down to a judgment call, what is in the best interest of your firms operations: ease of access, work flow and cost benefits vs. associated risks…
http://information-security-resources.com/2010/02/11/afraid-of-the-cloud-ask-the-right-questions/What if your vendor is acquired, are there assurances in your service agreement... more
-
-
These changes to the Sentencing Guidelines should be monitored closely by companies as they represent significant amendments to the Sentencing Guidelines. It appears that the Department of Justice is moving to force companies to place compliance and ethics in a higher profile within their organizations and not simply to pay lip service, along the lines of “we have a code of ethics and act responsibly”…
http://information-security-resources.com/2010/02/11/changes-in-law-for-fcpa-ethics-compliance/These changes to the Sentencing Guidelines should be monitored closely by companies as... more
-
-
Last year, 11.1 million U.S. adults were the victim of identity fraud — 4.8 percent of the population. That’s good for a 12 percent increase from 9.9 million the prior year, according to Javelin Strategy & Research, which released its annual identity fraud survey Feb. 9. Along with that increase, the total annual fraud amount in 2009 increased 12.5 percent, from $48 billion to $54 billion. At the same time, the average fraud resolution time fell from 30 hours in 2008 to 21 hours last year…
http://information-security-resources.com/2010/02/10/technology-is-helping-victims-and-fraudsters/Last year, 11.1 million U.S. adults were the victim of identity fraud — 4.8... more
-
-
SQL injections have evolved in their purpose and sophistication. Originally meant as a tool to attack a merchant’s database and steal data. The attack was reconfigured last summer to install viruses on users’ computers that contain a remote control component. The bad guys are going after high-profile, high-volume websites, instead of going after the smaller websites, which are easier to inject code into…
http://information-security-resources.com/2010/02/09/targeted-sequel-injection-attacks-on-the-rise/SQL injections have evolved in their purpose and sophistication. Originally meant as a... more
-
-
The Internet Security Alliance presented Melissa Hathaway with its annual award for vision in cyber security Tuesday during an event at the National Press Club. Hathaway, the Obama Administration’s former acting cyber security chief, received the McCurdy Award on the one-year anniversary of when she began her 60-day review of the government’s cyber security program. ISA believes that Hathaway’s work, if implemented, would result in the establishment of a modern partnership between the public and private sectors, which is necessary for an effective and sustainable system of cyber security.
http://information-security-resources.com/2010/02/09/isa-presents-melissa-hathaway-with-award/The Internet Security Alliance presented Melissa Hathaway with its annual award for... more
-
-
Police believe they may have uncovered an international ATM “skimming” ring responsible for stealing money from hundreds of local accounts. It was not too long ago that I bought an ATM north of Boston from a dude named Bob at a bar and rolled it through the streets of Boston nabbing unsuspecting users who entered their debit cards and PINS. I performed this crazy stunt to demonstrate how easy it is and how vulnerable we are.
http://information-security-resources.com/2010/02/07/police-make-arrests-in-atm-skimming-ring/Police believe they may have uncovered an international ATM “skimming”... more
-
-
